Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected wih Crypt ALQW


  • This topic is locked This topic is locked
20 replies to this topic

#1 bstarduk

bstarduk

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 29 March 2012 - 05:12 PM

This appears to be embedded into my registry and keeps infecting after each reboot.

DDS Log
DS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29
Run by Alistair at 14:41:44 on 2012-03-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1071 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com/mb117?a=6R8gwAA7pN&i=26
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi371a~1\datamngr\BROWSE~1.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [EPSON PX650 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifme.exe /fu "c:\windows\temp\E_S50.tmp" /EF "HKCU"
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [TBPanel] c:\program files\xpertvision\TBPanel.exe /A
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SAOB Monitor] c:\program files\acronis\trueimagehome\onlinebackupstandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: + &Mass Downloader: download this file - c:\program files\mass downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\mass downloader\Add_All.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - c:\program files\mass downloader\massdown.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F3245539-787F-4923-B590-CB29134402B7} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alistair\application data\mozilla\firefox\profiles\vu1pnllx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=179&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100581
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar_i.id - bcf333a5000000000000001fc671f54b
FF - user.js: extensions.BabylonToolbar_i.hardId - bcf333a5000000000000001fc671f54b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15350
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:16:34
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-11-2 752128]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-9-30 61824]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-9-30 141568]
S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2011-12-25 296592]
S1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2011-11-14 101360]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-11-2 3246040]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgio;Zfdwm;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
S2 iksyssec;Sermouse;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-28 652360]
S2 MpFilter;Snac;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-28 253600]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-11-2 167968]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
S3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2007-4-26 17792]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-28 20464]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-28 40776]
S3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2012-3-11 21520]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-10-11 215936]
.
=============== Created Last 30 ================
.
2012-03-29 13:32:13 -------- d-----w- c:\documents and settings\alistair\application data\wsInspector
2012-03-29 13:31:31 -------- d-----w- c:\program files\Startup Inspector for Windows
2012-03-29 06:42:25 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-03-29 06:41:22 -------- d-----w- c:\documents and settings\alistair\application data\SpeedyPC Software
2012-03-29 06:41:22 -------- d-----w- c:\documents and settings\alistair\application data\DriverCure
2012-03-29 06:41:18 -------- d-----w- c:\program files\SpeedyPC Software
2012-03-29 06:41:18 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-03-29 06:41:18 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-03-28 23:50:22 456320 ----a-w- c:\windows\system32\drivers\HFXB4.tmp
2012-03-28 21:13:04 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-28 21:13:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-28 13:55:07 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-28 13:35:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 07:17:25 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-25 02:05:25 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-25 02:05:25 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-14 22:45:25 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2012-03-14 22:39:54 -------- d-----w- C:\Netgear
2012-03-11 13:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-08 19:44:20 -------- d-----w- c:\program files\Ask.com
2012-03-08 19:44:16 -------- d-----w- c:\documents and settings\alistair\local settings\application data\AskToolbar
2012-03-06 19:03:26 -------- d-----w- c:\windows\system32\appmgmt
2012-03-06 18:04:06 -------- d-----w- c:\documents and settings\alistair\application data\ImTOO
2012-03-06 17:57:37 -------- d-----w- c:\documents and settings\alistair\application data\NCH Software
2012-03-03 13:06:42 87608 ----a-w- c:\documents and settings\alistair\application data\inst.exe
2012-03-03 13:06:41 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-03-03 13:06:41 47360 ----a-w- c:\documents and settings\alistair\application data\pcouffin.sys
2012-03-03 13:06:39 217127 ----a-w- c:\windows\system32\drv43260.dll
2012-03-03 13:06:39 208935 ----a-w- c:\windows\system32\drv33260.dll
2012-03-03 13:06:39 176165 ----a-w- c:\windows\system32\drv23260.dll
2012-03-03 13:06:38 -------- d-----w- c:\program files\VSO
.
==================== Find3M ====================
.
2012-03-28 13:45:19 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 07:08:08 577578 ----a-w- c:\windows\system32\dotnetfx_sp3.exe
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 14:41:32 35942 ----a-w- C:\silverlight.exe
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-06 06:07:36 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax
2006-05-03 12:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 13:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 15:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 00:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 14:42:30.59 ===============
GMER Log
MER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-29 22:54:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e SAMSUNG_HD502IJ rev.1AA01110
Running: jyqlcrqi.exe; Driver: C:\DOCUME~1\Alistair\LOCALS~1\Temp\pxpiqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Alistair\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1288] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10039DB0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1288] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10039BF0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1288] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10039B70 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1288] ntdll.dll!NtQueryInformationFile 7C90D7CE 5 Bytes JMP 10039E20 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1288] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10039C90 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1288] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 10039EA0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1288] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 10039D20 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 014F9720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1288] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0172E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1288] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0172E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1288] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0172E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1288] CRYPT32.dll!CryptMsgCountersignEncoded + 27A 77A92F52 7 Bytes JMP 03421780
.text C:\Program Files\Mozilla Firefox\firefox.exe[1288] CRYPT32.dll!CertComparePublicKeyInfo + 1E8 77A9B751 7 Bytes JMP 03421760
.text C:\WINDOWS\System32\ping.exe[2268] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A8000A
.text C:\WINDOWS\System32\ping.exe[2268] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A9000A
.text C:\WINDOWS\System32\ping.exe[2268] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00AF000A
.text C:\WINDOWS\System32\ping.exe[2268] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00B0000A
.text C:\WINDOWS\System32\ping.exe[2268] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00B1000A
.text C:\WINDOWS\System32\ping.exe[2268] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00B2000A
.text C:\WINDOWS\System32\ping.exe[2268] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00AE000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2368] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106775F7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2368] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 10677589 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2368] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1044FE0A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2368] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104503C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\System32\ping.exe[3444] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A8000A
.text C:\WINDOWS\System32\ping.exe[3444] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A9000A
.text C:\WINDOWS\System32\ping.exe[3444] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00AF000A
.text C:\WINDOWS\System32\ping.exe[3444] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00B0000A
.text C:\WINDOWS\System32\ping.exe[3444] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00B1000A
.text C:\WINDOWS\System32\ping.exe[3444] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00B2000A
.text C:\WINDOWS\System32\ping.exe[3444] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00AE000A
.text C:\WINDOWS\System32\ping.exe[3728] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A8000A
.text C:\WINDOWS\System32\ping.exe[3728] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A9000A
.text C:\WINDOWS\System32\ping.exe[3728] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00AF000A
.text C:\WINDOWS\System32\ping.exe[3728] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00B0000A
.text C:\WINDOWS\System32\ping.exe[3728] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00B1000A
.text C:\WINDOWS\System32\ping.exe[3728] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00B2000A
.text C:\WINDOWS\System32\ping.exe[3728] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00AE000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) B9EAF000-B9ECA000 (110592 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 2268
Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 3444
Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 3728

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{3f7cdb31-9eac-41a9-9f38-cca1a5d95152}@Model 73
Reg HKLM\SOFTWARE\Classes\CLSID\{3f7cdb31-9eac-41a9-9f38-cca1a5d95152}@Therad 8
Reg HKLM\SOFTWARE\Classes\CLSID\{3f7cdb31-9eac-41a9-9f38-cca1a5d95152}@MData 0x73 0xD5 0xCF 0xB8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xA2 0x2D 0x13 0xD4 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\TW1L1MY3.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\YQJNXR1W.txt 1596 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6N7RVSIK\like[4].htm 28647 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6N7RVSIK\like[5].htm 28672 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7Y3NKN29\info_48[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7Y3NKN29\errorPageStrings[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7Y3NKN29\count[2].json 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I1YC209K\crossdomain[11].xml 258 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I1YC209K\crossdomain[7].xml 288 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V3QPACSX\dnserrordiagoff_webOC[2] 6766 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V3QPACSX\ErrorPageTemplate[1] 2168 bytes
File C:\Vdub\auxsetup.exe 16384 bytes executable
File C:\Vdub\aviproxy 0 bytes
File C:\Vdub\aviproxy\proxyoff.reg 192 bytes
File C:\Vdub\aviproxy\proxyon.reg 192 bytes
File C:\Vdub\aviproxy\readme.txt 1076 bytes
File C:\Vdub\copying 18321 bytes
File C:\Vdub\license.txt 2385 bytes
File C:\Vdub\MSU_SubRem_FAQ.html 4139 bytes
File C:\Vdub\plugins 0 bytes
File C:\Vdub\vdicmdrv.dll 0 bytes
File C:\Vdub\vdremote.dll 0 bytes
File C:\Vdub\vdsvrlnk.dll 0 bytes
File C:\Vdub\vdub.exe 7738 bytes executable
File C:\Vdub\VirtualDub.chm 210421 bytes
File C:\Vdub\VirtualDub.exe 704000 bytes executable
File C:\Vdub\VirtualDub.vdi 0 bytes

---- EOF - GMER 1.0.15 ----


Thanks

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:09 AM

Posted 29 March 2012 - 11:25 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bstarduk

bstarduk
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 30 March 2012 - 07:31 AM

Hi Gringo,
Thanks for picking up my problem.
Just to update you, I have run Combo-fix as instructed and it has identified Zero Access Rootkit present and the last instruction that I had was to let the software reboot the pc, that was at 12.00 midday it is now 13.30 and the program seems to be hanging.
Would you advise a manual closedown or leave it be and let it sort itself out?

Thanks

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:09 AM

Posted 30 March 2012 - 07:49 AM

close it and restart the computer



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bstarduk

bstarduk
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 30 March 2012 - 12:28 PM

My computer is a whole lot better and a whole lot quicker thanks.
Please see attached Combo-fix print out but as far as I am aware it seems all ok now.


Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1782 [GMT 1:00]
Running from: c:\documents and settings\Alistair\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Alistair\Application Data\inst.exe
c:\documents and settings\Alistair\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB10597$\1269768746
c:\windows\$NtUninstallKB10597$\3208877606\@
c:\windows\$NtUninstallKB10597$\3208877606\cfg.ini
c:\windows\$NtUninstallKB10597$\3208877606\Desktop.ini
c:\windows\$NtUninstallKB10597$\3208877606\L\sjkmfado
c:\windows\$NtUninstallKB10597$\3208877606\oemid
c:\windows\$NtUninstallKB10597$\3208877606\U\00000001.@
c:\windows\$NtUninstallKB10597$\3208877606\U\00000002.@
c:\windows\$NtUninstallKB10597$\3208877606\U\00000004.@
c:\windows\$NtUninstallKB10597$\3208877606\U\80000000.@
c:\windows\$NtUninstallKB10597$\3208877606\U\80000004.@
c:\windows\$NtUninstallKB10597$\3208877606\U\80000032.@
c:\windows\$NtUninstallKB10597$\3208877606\version
c:\windows\system32\abnetmon.dll
c:\windows\system32\agpcpq.dll
c:\windows\system32\alertmanager.dll
c:\windows\system32\BrUsbSer.dll
c:\windows\system32\btaudio.dll
c:\windows\system32\cachemgr.dll
c:\windows\system32\cacheserver.dll
c:\windows\system32\CdaD10BA.dll
c:\windows\system32\ceepwrsvc.dll
c:\windows\system32\ctsfm2k.dll
c:\windows\system32\CVPNDRVA.dll
c:\windows\system32\cvsnt.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drvmcdb.dll
c:\windows\system32\DumaNT.dll
c:\windows\system32\EAWDMFD.dll
c:\windows\system32\fasttx2k.dll
c:\windows\system32\fdc.dll
c:\windows\system32\FireTDI.dll
c:\windows\system32\fsks.dll
c:\windows\system32\hpqwmiex.dll
c:\windows\system32\i8042prt.dll
c:\windows\system32\JavaQuickStarterService.dll
c:\windows\system32\lxcd_device.dll
c:\windows\system32\mcdetect.exe.dll
c:\windows\system32\mdvrmng.dll
c:\windows\system32\mgactrl.dll
c:\windows\system32\mssqlserver.dll
c:\windows\system32\msvsmon90.dll
c:\windows\system32\mwlsvc.dll
c:\windows\system32\mxssvr.dll
c:\windows\system32\openvpnservice.dll
c:\windows\system32\pelusblf.dll
c:\windows\system32\pinetmgr.dll
c:\windows\system32\ramaint.dll
c:\windows\system32\rt2500.dll
c:\windows\system32\rxmssync.dll
c:\windows\system32\s616mdm.dll
c:\windows\system32\se44bus.dll
c:\windows\system32\se44obex.dll
c:\windows\system32\SET33A.tmp
c:\windows\system32\SET33F.tmp
c:\windows\system32\SET346.tmp
c:\windows\system32\sfhlp02.dll
c:\windows\system32\SlWdmSup.dll
c:\windows\system32\SNC.dll
c:\windows\system32\SNP2UVC.dll
c:\windows\system32\TCtrlIO.dll
c:\windows\system32\transactional.dll
c:\windows\system32\vc5secs.dll
c:\windows\system32\vgasave.dll
c:\windows\system32\viaagp1.dll
c:\windows\system32\w800mdm.dll
c:\windows\system32\webrootspysweeperservice.dll
c:\windows\system32\YMIDUSB.dll
D:\Autorun.inf
c:\windows\$NtUninstallKB10597$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\drivers\mqac.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NdisFilt
-------\Service_NdisFilt
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 07:06 . 2012-03-30 07:07 -------- d-----w- c:\documents and settings\Administrator
2012-03-29 13:32 . 2012-03-29 13:32 -------- d-----w- c:\documents and settings\Alistair\Application Data\wsInspector
2012-03-29 13:31 . 2012-03-29 13:31 -------- d-----w- c:\program files\Startup Inspector for Windows
2012-03-29 06:42 . 2012-03-29 06:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-03-29 06:41 . 2012-03-29 06:41 -------- d-----w- c:\documents and settings\Alistair\Application Data\SpeedyPC Software
2012-03-29 06:41 . 2012-03-29 06:41 -------- d-----w- c:\documents and settings\Alistair\Application Data\DriverCure
2012-03-29 06:41 . 2012-03-29 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-03-29 06:41 . 2012-03-29 06:41 -------- d-----w- c:\program files\SpeedyPC Software
2012-03-28 23:50 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\HFXB4.tmp
2012-03-28 21:13 . 2012-03-28 21:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-28 21:13 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-28 13:55 . 2012-03-28 21:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-28 13:35 . 2012-03-28 13:45 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-25 02:05 . 2012-03-25 02:05 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-25 02:05 . 2012-03-25 02:05 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 22:45 . 2009-01-21 18:03 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2012-03-14 22:39 . 2012-03-14 23:47 -------- d-----w- C:\Netgear
2012-03-11 13:48 . 2012-03-11 13:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-08 19:44 . 2012-03-08 19:44 -------- d-----w- c:\program files\Ask.com
2012-03-08 19:44 . 2012-03-14 22:40 -------- d-----w- c:\documents and settings\Alistair\Local Settings\Application Data\AskToolbar
2012-03-06 18:04 . 2012-03-06 18:04 -------- d-----w- c:\documents and settings\Alistair\Application Data\ImTOO
2012-03-06 17:57 . 2012-03-06 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2012-03-06 17:57 . 2012-03-06 17:57 -------- d-----w- c:\documents and settings\Alistair\Application Data\NCH Software
2012-03-03 13:06 . 2012-03-16 19:23 -------- d-----w- c:\documents and settings\Alistair\Application Data\Vso
2012-03-03 13:06 . 2012-03-03 13:06 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-03-03 13:06 . 2012-03-03 13:06 47360 ----a-w- c:\documents and settings\Alistair\Application Data\pcouffin.sys
2012-03-03 13:06 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2012-03-03 13:06 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2012-03-03 13:06 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2012-03-03 13:06 . 2012-03-03 13:06 -------- d-----w- c:\program files\VSO
2012-03-02 11:34 . 2012-03-06 19:05 -------- d-----w- c:\program files\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-28 13:45 . 2011-10-11 17:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 07:08 . 2012-02-14 07:06 577578 ----a-w- c:\windows\system32\dotnetfx_sp3.exe
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 14:41 . 2012-02-02 14:41 35942 ----a-w- C:\silverlight.exe
2012-01-11 19:06 . 2012-02-16 03:14 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-10-11 06:28 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-06 06:07 . 2012-01-06 06:07 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax
2012-03-25 02:05 . 2011-10-11 10:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 12:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 13:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 15:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 16:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{93104DA7-58BF-4A46-820D-8407E89FF56B}"
[HKEY_CLASSES_ROOT\CLSID\{93104DA7-58BF-4A46-820D-8407E89FF56B}]
2011-11-04 20:33 158224 ----a-w- c:\windows\system32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-11-04 20:33 158224 ----a-w- c:\windows\system32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2012-02-22 650104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-11 3905920]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-06-23 3380632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-01-29 2157064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"nwiz"="nwiz.exe" [2008-01-08 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-01-14 29753344]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2536760]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-22 5550984]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-11-23 390728]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Alistair\\Application Data\\Wuala\\Roaming\\Wuala.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\ffmpeg.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\receiver.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sharefolder.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\tagtool.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sjcmdwiz.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
"49153:UDP"= 49153:UDP:UDP49153
"49154:UDP"= 49154:UDP:UDP49154
"49155:UDP"= 49155:UDP:UDP49155
"49156:TCP"= 49156:TCP:TCP49156
"49158:TCP"= 49158:TCP:TCP49158
"49159:TCP"= 49159:TCP:TCP49159
"49152:UDP"= 49152:UDP:UDP49152
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 06:30 32592]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/03/2012 14:48 56208]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [02/11/2011 00:45 752128]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11/07/2011 01:13 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 01:14 295248]
R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [25/12/2011 10:38 296592]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [14/11/2011 14:39 101360]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 18:01 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/03/2012 14:48 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/03/2012 14:48 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [02/11/2011 00:45 3246040]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 07:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28/03/2012 22:13 652360]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24/10/2009 03:18 360224]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/03/2012 14:48 931640]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [02/11/2011 00:45 167968]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11/07/2011 01:14 16720]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [26/04/2007 13:35 17792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28/03/2012 22:13 20464]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [30/09/2010 13:59 61824]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [30/09/2010 13:59 141568]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [03/03/2012 14:06 47360]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [11/03/2012 14:50 21520]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [11/10/2011 08:14 215936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [28/03/2012 14:35 253600]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [28/03/2012 14:55 40776]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
DLARTL_M
cmuda
netwg311
USB_NDIS_51
Si3114r5
X4HSX32
merakcontrol
lexbces
mqdmbus
UMPass
NVTCP
se2Bunic
sffp_sd
YMIDUSB
IBMTPCHK
cyberpowerups
MQAC
lvtuner
RR2Ctrl
sonywbms
dlapoolm
Udfreadr_xp
RimSerPort
vmm
ifxspmgtsrv
VIAPFD
symids
prfldsvc
npfmntor
keymaestro
hpgate
AVCamUSB20
cvintdrv
pwkntmon
pgpserv
hibernation
Xyz777b
mgabg
PXRDDriver
webfilter
vhidmini
mdmxsdk
Nsynas32
mnsframework
WmFilter
tosrfnds
hpdskflt
S3GIGP
pktfilter
lxcr_device
olregcap
keriomailserver
winpowermonitor
ezplay
cis1284
cpsvc
CTEDSPFX.DLL
TOSHIBASoftModem
cvspydr2
vpcvmm
qserver
catchme
tfsnpool
tossmbnt
mpe
ibmpmdrv
ehsched
ctljystk
olapserver
w550mdfl
bobo
tnbrlds
whoisd32
mrobeservice
SE26bus
efs
s716mdfl
ca-messagequeuing
ql2100
Sus2pl
ireike
wintabservice
sis162u
bdss
tmlisten
DSDrv4
LKbdFlt2
k750mdfl
iam
RVIEG01
nvpvrmon
NWUSBPort
magictuneengine
pml
rksample
sandboxu
avcgbdr
ntrtscan
msi_wlan_service
mozybackup
se2Eunic
FsVga
MSCamSvc
nidomainservice
wlsetupsvc
nmap
tosrfcom
iaimfp0
FINEPIX_PCC
idisw2km
HssDrv
pdlndint
dsNcAdpt
actser
idrivert
dirms_defragmentation
isamsmt
PSDNServ
ahcix86s
ASMMAP
ati2mtag
lxcj_device
imountsrv
gbpoll
captureservice
GV600_4
FETNDIS
oraclesnmppeerencapsulator
GVCplDrv
db2jds
lxrjd31s
phc600
atikmdag
vmnetuserif
genmcmn
sweepsrv.sys
PhilCam8116_XP
DynDNS_Updater_Service
iksyssec
defwatch
qmofiltr
int15
ESMCR
omci
MpFilter
se44bus
sisagp
cpqfws2e
wlancig
btcsrusb
opcenum
p17
dvd-ram_service
tifm21
avgio
CiscoVpnInstallService
rchost
DevUpper
cfgwzsvc
ftrtsvc
CTEAPSFX.DLL
WmVirHid
ixiaendpoint
spcsutilityservice
VirtualCam
dlbt_device
mssqlserveradhelper
Si3132
ZDPNDIS5
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 13:45]
.
2012-03-30 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 14:03]
.
2012-03-30 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 16:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb117?a=6R8gwAA7pN&i=26
IE: + &Mass Downloader: download this file - c:\program files\Mass Downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\Mass Downloader\Add_All.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Alistair\Application Data\Mozilla\Firefox\Profiles\vu1pnllx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=179&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100581
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar_i.id - bcf333a5000000000000001fc671f54b
FF - user.js: extensions.BabylonToolbar_i.hardId - bcf333a5000000000000001fc671f54b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15350
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:16
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 17:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3f7cdb31-9eac-41a9-9f38-cca1a5d95152}]
@Denied: (Full) (Everyone)
"Model"=dword:00000049
"Therad"=dword:00000008
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a2,2d,13,d4,fa,d4,12,87,9a,3d,2b,5d,a6,0f,e4,8a,5e,fb,39,cb,26,
c7,ed,5f,e6,8f,48,7f,ca,2d,62,73,2e,c1,e9,eb,8d,7b,fb,9c,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1128)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1044)
c:\windows\system32\WININET.dll
c:\program files\Wuala OverlayIcons\OverlayIcon.dll
c:\windows\system32\CbFsMntNtf3.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\CbFsNetRdr3.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2012-03-30 18:04:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-30 17:04
.
Pre-Run: 407,678,402,560 bytes free
Post-Run: 409,032,417,280 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
.
Thanks again

Alistair

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:09 AM

Posted 30 March 2012 - 01:04 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bstarduk

bstarduk
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 30 March 2012 - 05:06 PM

Here are th 2 reports
2:36:25.0078 5224 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
22:36:25.0390 5224 ============================================================
22:36:25.0390 5224 Current date / time: 2012/03/30 22:36:25.0390
22:36:25.0390 5224 SystemInfo:
22:36:25.0390 5224
22:36:25.0390 5224 OS Version: 5.1.2600 ServicePack: 3.0
22:36:25.0390 5224 Product type: Workstation
22:36:25.0390 5224 ComputerName: ALISTAIR-FC7734
22:36:25.0390 5224 UserName: Alistair
22:36:25.0390 5224 Windows directory: C:\WINDOWS
22:36:25.0390 5224 System windows directory: C:\WINDOWS
22:36:25.0390 5224 Processor architecture: Intel x86
22:36:25.0390 5224 Number of processors: 2
22:36:25.0390 5224 Page size: 0x1000
22:36:25.0390 5224 Boot type: Normal boot
22:36:25.0390 5224 ============================================================
22:36:28.0921 5224 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:36:28.0968 5224 Drive \Device\Harddisk1\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:36:28.0984 5224 Drive \Device\Harddisk2\DR4 - Size: 0x3AE80000 (0.92 Gb), SectorSize: 0x200, Cylinders: 0x78, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:36:28.0984 5224 \Device\Harddisk0\DR0:
22:36:29.0031 5224 MBR used
22:36:29.0031 5224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
22:36:29.0031 5224 \Device\Harddisk1\DR2:
22:36:29.0031 5224 MBR used
22:36:29.0031 5224 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
22:36:29.0031 5224 \Device\Harddisk2\DR4:
22:36:29.0046 5224 MBR used
22:36:29.0203 5224 Initialize success
22:36:29.0203 5224 ============================================================
22:36:47.0703 5908 ============================================================
22:36:47.0703 5908 Scan started
22:36:47.0703 5908 Mode: Manual;
22:36:47.0703 5908 ============================================================
22:36:49.0718 5908 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:36:49.0718 5908 !SASCORE - ok
22:36:49.0812 5908 Abiosdsk - ok
22:36:49.0828 5908 abp480n5 - ok
22:36:49.0890 5908 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:36:49.0890 5908 ACPI - ok
22:36:49.0937 5908 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:36:49.0937 5908 ACPIEC - ok
22:36:50.0000 5908 AcrSch2Svc (4233f6646d40185422c7c520666d3b68) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
22:36:50.0015 5908 AcrSch2Svc - ok
22:36:50.0109 5908 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:36:50.0109 5908 AdobeFlashPlayerUpdateSvc - ok
22:36:50.0140 5908 adpu160m - ok
22:36:50.0156 5908 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:36:50.0156 5908 aec - ok
22:36:50.0203 5908 afcdp (53696ad8ffc5fac51949a525ff65a689) C:\WINDOWS\system32\DRIVERS\afcdp.sys
22:36:50.0203 5908 afcdp - ok
22:36:50.0328 5908 afcdpsrv (af44f7e027037628f1fac3c13cde73e6) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
22:36:50.0359 5908 afcdpsrv - ok
22:36:50.0406 5908 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:36:50.0406 5908 AFD - ok
22:36:50.0421 5908 Aha154x - ok
22:36:50.0421 5908 aic78u2 - ok
22:36:50.0437 5908 aic78xx - ok
22:36:50.0468 5908 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:36:50.0468 5908 Alerter - ok
22:36:50.0500 5908 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:36:50.0500 5908 ALG - ok
22:36:50.0500 5908 AliIde - ok
22:36:50.0546 5908 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:36:50.0546 5908 AmdK8 - ok
22:36:50.0546 5908 amsint - ok
22:36:50.0609 5908 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:36:50.0609 5908 AppMgmt - ok
22:36:50.0609 5908 asc - ok
22:36:50.0625 5908 asc3350p - ok
22:36:50.0640 5908 asc3550 - ok
22:36:50.0734 5908 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:36:50.0750 5908 aspnet_state - ok
22:36:50.0796 5908 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:36:50.0796 5908 AsyncMac - ok
22:36:50.0828 5908 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:36:50.0828 5908 atapi - ok
22:36:50.0843 5908 Atdisk - ok
22:36:50.0843 5908 atikmdag - ok
22:36:50.0875 5908 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:36:50.0875 5908 Atmarpc - ok
22:36:50.0906 5908 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:36:50.0906 5908 AudioSrv - ok
22:36:50.0937 5908 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:36:50.0953 5908 audstub - ok
22:36:50.0953 5908 AVCamUSB20 - ok
22:36:50.0968 5908 avcgbdr - ok
22:36:51.0203 5908 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
22:36:51.0281 5908 AVGIDSAgent - ok
22:36:51.0359 5908 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:36:51.0359 5908 AVGIDSDriver - ok
22:36:51.0390 5908 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:36:51.0390 5908 AVGIDSEH - ok
22:36:51.0437 5908 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:36:51.0437 5908 AVGIDSFilter - ok
22:36:51.0468 5908 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:36:51.0500 5908 AVGIDSShim - ok
22:36:51.0515 5908 avgio - ok
22:36:51.0562 5908 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:36:51.0562 5908 Avgldx86 - ok
22:36:51.0578 5908 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:36:51.0578 5908 Avgmfx86 - ok
22:36:51.0593 5908 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:36:51.0593 5908 Avgrkx86 - ok
22:36:51.0625 5908 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:36:51.0625 5908 Avgtdix - ok
22:36:51.0718 5908 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
22:36:51.0718 5908 avgwd - ok
22:36:51.0781 5908 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:36:51.0781 5908 Beep - ok
22:36:51.0843 5908 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:36:51.0843 5908 BITS - ok
22:36:51.0859 5908 bobo - ok
22:36:51.0890 5908 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:36:51.0906 5908 Browser - ok
22:36:51.0921 5908 btcsrusb - ok
22:36:51.0984 5908 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
22:36:51.0984 5908 BVRPMPR5 - ok
22:36:52.0000 5908 ca-messagequeuing - ok
22:36:52.0031 5908 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
22:36:52.0031 5908 Cardex - ok
22:36:52.0031 5908 catchme - ok
22:36:52.0109 5908 cbfs3 (238cf4f4321cefd0fece0af188357b43) C:\WINDOWS\system32\drivers\cbfs3.sys
22:36:52.0140 5908 cbfs3 - ok
22:36:52.0187 5908 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:36:52.0187 5908 cbidf2k - ok
22:36:52.0265 5908 CCALib8 (359e5a91d26d0439933bef1c29cedef7) C:\Program Files\Canon\CAL\CALMAIN.exe
22:36:52.0281 5908 CCALib8 - ok
22:36:52.0281 5908 cd20xrnt - ok
22:36:52.0296 5908 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:36:52.0296 5908 Cdaudio - ok
22:36:52.0328 5908 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:36:52.0343 5908 Cdfs - ok
22:36:52.0343 5908 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:36:52.0343 5908 Cdrom - ok
22:36:52.0359 5908 cfgwzsvc - ok
22:36:52.0359 5908 Changer - ok
22:36:52.0375 5908 CiscoVpnInstallService - ok
22:36:52.0390 5908 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:36:52.0390 5908 CiSvc - ok
22:36:52.0406 5908 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:36:52.0406 5908 ClipSrv - ok
22:36:52.0468 5908 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:36:52.0531 5908 clr_optimization_v2.0.50727_32 - ok
22:36:52.0531 5908 CmdIde - ok
22:36:52.0546 5908 cmuda - ok
22:36:52.0546 5908 COMSysApp - ok
22:36:52.0562 5908 Cpqarray - ok
22:36:52.0578 5908 cpqfws2e - ok
22:36:52.0609 5908 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:36:52.0609 5908 CryptSvc - ok
22:36:52.0625 5908 CTEAPSFX.DLL - ok
22:36:52.0625 5908 CTEDSPFX.DLL - ok
22:36:52.0640 5908 ctljystk - ok
22:36:52.0640 5908 cvintdrv - ok
22:36:52.0656 5908 cyberpowerups - ok
22:36:52.0687 5908 dac2w2k - ok
22:36:52.0703 5908 dac960nt - ok
22:36:52.0734 5908 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:36:52.0750 5908 DcomLaunch - ok
22:36:52.0765 5908 defwatch - ok
22:36:52.0765 5908 DevUpper - ok
22:36:52.0796 5908 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:36:52.0796 5908 Dhcp - ok
22:36:52.0828 5908 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:36:52.0828 5908 Disk - ok
22:36:52.0828 5908 dlapoolm - ok
22:36:52.0843 5908 DLARTL_M - ok
22:36:52.0843 5908 dlbt_device - ok
22:36:52.0875 5908 dmadmin - ok
22:36:52.0921 5908 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:36:52.0937 5908 dmboot - ok
22:36:52.0968 5908 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:36:52.0968 5908 dmio - ok
22:36:52.0968 5908 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:36:52.0968 5908 dmload - ok
22:36:53.0000 5908 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:36:53.0000 5908 dmserver - ok
22:36:53.0015 5908 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:36:53.0015 5908 DMusic - ok
22:36:53.0078 5908 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:36:53.0078 5908 Dnscache - ok
22:36:53.0109 5908 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:36:53.0109 5908 Dot3svc - ok
22:36:53.0125 5908 dpti2o - ok
22:36:53.0140 5908 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:36:53.0156 5908 drmkaud - ok
22:36:53.0156 5908 dvd-ram_service - ok
22:36:53.0156 5908 DynDNS_Updater_Service - ok
22:36:53.0187 5908 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:36:53.0187 5908 EapHost - ok
22:36:53.0203 5908 efs - ok
22:36:53.0234 5908 ehsched - ok
22:36:53.0375 5908 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
22:36:53.0390 5908 EPSON_EB_RPCV4_01 - ok
22:36:53.0406 5908 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
22:36:53.0406 5908 EPSON_PM_RPCV4_01 - ok
22:36:53.0437 5908 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:36:53.0437 5908 ERSvc - ok
22:36:53.0453 5908 ESMCR - ok
22:36:53.0515 5908 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:36:53.0515 5908 Eventlog - ok
22:36:53.0578 5908 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:36:53.0578 5908 EventSystem - ok
22:36:53.0609 5908 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:36:53.0609 5908 Fastfat - ok
22:36:53.0640 5908 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:36:53.0640 5908 FastUserSwitchingCompatibility - ok
22:36:53.0656 5908 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:36:53.0656 5908 Fdc - ok
22:36:53.0718 5908 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:36:53.0718 5908 Fips - ok
22:36:53.0750 5908 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:36:53.0765 5908 Flpydisk - ok
22:36:53.0796 5908 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:36:53.0796 5908 FltMgr - ok
22:36:53.0937 5908 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:36:53.0937 5908 FontCache3.0.0.0 - ok
22:36:53.0937 5908 FsVga - ok
22:36:53.0968 5908 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:36:53.0968 5908 Fs_Rec - ok
22:36:53.0968 5908 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:36:53.0984 5908 Ftdisk - ok
22:36:53.0984 5908 ftrtsvc - ok
22:36:53.0984 5908 genmcmn - ok
22:36:54.0015 5908 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:36:54.0015 5908 Gpc - ok
22:36:54.0062 5908 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:36:54.0062 5908 HDAudBus - ok
22:36:54.0078 5908 helpsvc - ok
22:36:54.0078 5908 hibernation - ok
22:36:54.0093 5908 HidServ - ok
22:36:54.0109 5908 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:36:54.0109 5908 hidusb - ok
22:36:54.0140 5908 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:36:54.0140 5908 hkmsvc - ok
22:36:54.0140 5908 hpgate - ok
22:36:54.0156 5908 hpn - ok
22:36:54.0218 5908 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:36:54.0218 5908 HTTP - ok
22:36:54.0234 5908 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:36:54.0234 5908 HTTPFilter - ok
22:36:54.0234 5908 i2omgmt - ok
22:36:54.0250 5908 i2omp - ok
22:36:54.0265 5908 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:36:54.0265 5908 i8042prt - ok
22:36:54.0265 5908 iam - ok
22:36:54.0281 5908 IBMTPCHK - ok
22:36:54.0328 5908 IDMTDI (18d128e762b58a6fd176ceca26e8cc5f) C:\WINDOWS\system32\DRIVERS\idmtdi.sys
22:36:54.0328 5908 IDMTDI - ok
22:36:54.0406 5908 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:36:54.0421 5908 idsvc - ok
22:36:54.0437 5908 ifxspmgtsrv - ok
22:36:54.0453 5908 iksyssec - ok
22:36:54.0468 5908 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:36:54.0468 5908 Imapi - ok
22:36:54.0515 5908 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:36:54.0515 5908 ImapiService - ok
22:36:54.0562 5908 imvad_multi (e3057f56d471658edaad9d4ca5d89ba0) C:\WINDOWS\system32\drivers\imvad.sys
22:36:54.0562 5908 imvad_multi - ok
22:36:54.0562 5908 ini910u - ok
22:36:54.0578 5908 int15 - ok
22:36:54.0578 5908 IntelIde - ok
22:36:54.0609 5908 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:36:54.0609 5908 Ip6Fw - ok
22:36:54.0656 5908 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:36:54.0656 5908 IpFilterDriver - ok
22:36:54.0671 5908 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:36:54.0671 5908 IpInIp - ok
22:36:54.0750 5908 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:36:54.0750 5908 IpNat - ok
22:36:54.0796 5908 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:36:54.0796 5908 IPSec - ok
22:36:54.0812 5908 ireike - ok
22:36:54.0828 5908 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:36:54.0828 5908 IRENUM - ok
22:36:54.0859 5908 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:36:54.0859 5908 isapnp - ok
22:36:54.0859 5908 ixiaendpoint - ok
22:36:54.0984 5908 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
22:36:55.0000 5908 JavaQuickStarterService - ok
22:36:55.0000 5908 k750mdfl - ok
22:36:55.0015 5908 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:36:55.0015 5908 Kbdclass - ok
22:36:55.0031 5908 keymaestro - ok
22:36:55.0078 5908 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:36:55.0078 5908 kmixer - ok
22:36:55.0109 5908 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:36:55.0109 5908 KSecDD - ok
22:36:55.0171 5908 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:36:55.0187 5908 lanmanserver - ok
22:36:55.0234 5908 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:36:55.0234 5908 lanmanworkstation - ok
22:36:55.0234 5908 lbrtfdc - ok
22:36:55.0250 5908 lexbces - ok
22:36:55.0250 5908 LKbdFlt2 - ok
22:36:55.0265 5908 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:36:55.0265 5908 LmHosts - ok
22:36:55.0281 5908 lvtuner - ok
22:36:55.0281 5908 lxrjd31s - ok
22:36:55.0296 5908 magictuneengine - ok
22:36:55.0328 5908 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:36:55.0328 5908 MBAMProtector - ok
22:36:55.0375 5908 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:36:55.0406 5908 MBAMService - ok
22:36:55.0437 5908 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
22:36:55.0437 5908 MBAMSwissArmy - ok
22:36:55.0437 5908 merakcontrol - ok
22:36:55.0468 5908 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:36:55.0468 5908 Messenger - ok
22:36:55.0468 5908 mgabg - ok
22:36:55.0484 5908 mgabgexe - ok
22:36:55.0546 5908 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:36:55.0546 5908 Microsoft Office Groove Audit Service - ok
22:36:55.0578 5908 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:36:55.0578 5908 mnmdd - ok
22:36:55.0609 5908 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:36:55.0609 5908 mnmsrvc - ok
22:36:55.0640 5908 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:36:55.0640 5908 Modem - ok
22:36:55.0656 5908 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:36:55.0656 5908 Mouclass - ok
22:36:55.0703 5908 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:36:55.0703 5908 mouhid - ok
22:36:55.0750 5908 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:36:55.0750 5908 MountMgr - ok
22:36:55.0781 5908 mozybackup - ok
22:36:55.0796 5908 MpFilter - ok
22:36:55.0812 5908 MQAC - ok
22:36:55.0828 5908 mqdmbus - ok
22:36:55.0828 5908 mraid35x - ok
22:36:55.0843 5908 mrobeservice - ok
22:36:55.0859 5908 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:36:55.0875 5908 MRxDAV - ok
22:36:55.0921 5908 MRxSmb (2a80fd88221bafda9ad17f55193d00e0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:36:55.0937 5908 MRxSmb ( Virus.Win32.ZAccess.k ) - infected
22:36:55.0937 5908 MRxSmb - detected Virus.Win32.ZAccess.k (0)
22:36:55.0953 5908 MSCamSvc - ok
22:36:55.0953 5908 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:36:55.0953 5908 MSDTC - ok
22:36:55.0968 5908 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:36:55.0968 5908 Msfs - ok
22:36:55.0984 5908 MSIServer - ok
22:36:55.0984 5908 msi_wlan_service - ok
22:36:56.0000 5908 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:36:56.0000 5908 MSKSSRV - ok
22:36:56.0015 5908 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:36:56.0015 5908 MSPCLOCK - ok
22:36:56.0031 5908 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:36:56.0046 5908 MSPQM - ok
22:36:56.0046 5908 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:36:56.0046 5908 mssmbios - ok
22:36:56.0093 5908 mssqlserveradhelper - ok
22:36:56.0125 5908 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
22:36:56.0125 5908 MTsensor - ok
22:36:56.0156 5908 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:36:56.0156 5908 Mup - ok
22:36:56.0234 5908 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:36:56.0250 5908 napagent - ok
22:36:56.0406 5908 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
22:36:56.0421 5908 NBService - ok
22:36:56.0437 5908 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:36:56.0453 5908 NDIS - ok
22:36:56.0500 5908 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:36:56.0500 5908 NdisTapi - ok
22:36:56.0546 5908 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:36:56.0546 5908 Ndisuio - ok
22:36:56.0546 5908 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:36:56.0562 5908 NdisWan - ok
22:36:56.0593 5908 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:36:56.0593 5908 NDProxy - ok
22:36:56.0609 5908 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:36:56.0609 5908 NetBIOS - ok
22:36:56.0625 5908 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:36:56.0625 5908 NetBT - ok
22:36:56.0671 5908 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:36:56.0671 5908 NetDDE - ok
22:36:56.0687 5908 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:36:56.0687 5908 NetDDEdsdm - ok
22:36:56.0734 5908 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:36:56.0734 5908 Netlogon - ok
22:36:56.0765 5908 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:36:56.0781 5908 Netman - ok
22:36:56.0937 5908 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:36:56.0937 5908 NetTcpPortSharing - ok
22:36:56.0937 5908 netwg311 - ok
22:36:56.0984 5908 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:36:57.0000 5908 Nla - ok
22:36:57.0125 5908 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
22:36:57.0125 5908 NMIndexingService - ok
22:36:57.0140 5908 npfmntor - ok
22:36:57.0187 5908 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:36:57.0187 5908 Npfs - ok
22:36:57.0234 5908 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:36:57.0234 5908 Ntfs - ok
22:36:57.0250 5908 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:36:57.0265 5908 NtLmSsp - ok
22:36:57.0312 5908 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:36:57.0312 5908 NtmsSvc - ok
22:36:57.0328 5908 ntrtscan - ok
22:36:57.0375 5908 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:36:57.0375 5908 Null - ok
22:36:57.0421 5908 nusb3hub (ff6d3248e791e7a897bd8ea2fbacbcff) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
22:36:57.0437 5908 nusb3hub - ok
22:36:57.0484 5908 nusb3xhc (b5eb7e275f2967026c6031897624bc51) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
22:36:57.0500 5908 nusb3xhc - ok
22:36:57.0750 5908 nv (54281e0eeb10143ec4327bb5d123f125) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:36:57.0859 5908 nv - ok
22:36:57.0921 5908 NVENETFD (d314fe034d68c09d412727886e24f5fb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
22:36:57.0921 5908 NVENETFD - ok
22:36:57.0953 5908 nvnetbus (f99fbb623ed78367574ee461b5b32c2c) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22:36:57.0953 5908 nvnetbus - ok
22:36:57.0968 5908 nvpvrmon - ok
22:36:58.0015 5908 NVSvc (a50af72fbca4b753fed148688e7d9abb) C:\WINDOWS\system32\nvsvc32.exe
22:36:58.0015 5908 NVSvc - ok
22:36:58.0062 5908 NVTCP - ok
22:36:58.0093 5908 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:36:58.0109 5908 NwlnkFlt - ok
22:36:58.0140 5908 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:36:58.0171 5908 NwlnkFwd - ok
22:36:58.0171 5908 NWUSBPort - ok
22:36:58.0375 5908 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:36:58.0375 5908 odserv - ok
22:36:58.0390 5908 olapserver - ok
22:36:58.0421 5908 omci - ok
22:36:58.0421 5908 opcenum - ok
22:36:58.0468 5908 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:36:58.0468 5908 ose - ok
22:36:58.0500 5908 p17 - ok
22:36:58.0546 5908 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:36:58.0562 5908 Parport - ok
22:36:58.0593 5908 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:36:58.0593 5908 PartMgr - ok
22:36:58.0625 5908 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:36:58.0625 5908 ParVdm - ok
22:36:58.0640 5908 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:36:58.0640 5908 PCI - ok
22:36:58.0656 5908 PCIDump - ok
22:36:58.0687 5908 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:36:58.0687 5908 PCIIde - ok
22:36:58.0703 5908 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:36:58.0703 5908 Pcmcia - ok
22:36:58.0781 5908 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
22:36:58.0812 5908 pcouffin - ok
22:36:58.0828 5908 PDCOMP - ok
22:36:58.0843 5908 PDFRAME - ok
22:36:58.0843 5908 PDRELI - ok
22:36:58.0859 5908 PDRFRAME - ok
22:36:58.0859 5908 perc2 - ok
22:36:58.0875 5908 perc2hib - ok
22:36:58.0890 5908 pgpserv - ok
22:36:58.0890 5908 phc600 - ok
22:36:58.0906 5908 PhilCam8116_XP - ok
22:36:58.0953 5908 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:36:58.0953 5908 PlugPlay - ok
22:36:59.0046 5908 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
22:36:59.0046 5908 PMBDeviceInfoProvider - ok
22:36:59.0078 5908 pml - ok
22:36:59.0093 5908 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:36:59.0093 5908 PolicyAgent - ok
22:36:59.0125 5908 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:36:59.0125 5908 PptpMiniport - ok
22:36:59.0140 5908 prfldsvc - ok
22:36:59.0171 5908 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:36:59.0171 5908 Processor - ok
22:36:59.0203 5908 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:36:59.0203 5908 ProtectedStorage - ok
22:36:59.0218 5908 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:36:59.0218 5908 PSched - ok
22:36:59.0234 5908 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:36:59.0234 5908 Ptilink - ok
22:36:59.0265 5908 pwkntmon - ok
22:36:59.0265 5908 PXRDDriver - ok
22:36:59.0281 5908 ql1080 - ok
22:36:59.0281 5908 Ql10wnt - ok
22:36:59.0296 5908 ql12160 - ok
22:36:59.0296 5908 ql1240 - ok
22:36:59.0312 5908 ql1280 - ok
22:36:59.0312 5908 ql2100 - ok
22:36:59.0328 5908 qmofiltr - ok
22:36:59.0515 5908 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
22:36:59.0531 5908 RapportCerberus_34302 - ok
22:36:59.0562 5908 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
22:36:59.0562 5908 RapportEI - ok
22:36:59.0578 5908 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
22:36:59.0578 5908 RapportIaso - ok
22:36:59.0593 5908 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\WINDOWS\system32\Drivers\RapportKELL.sys
22:36:59.0609 5908 RapportKELL - ok
22:36:59.0625 5908 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
22:36:59.0640 5908 RapportMgmtService - ok
22:36:59.0640 5908 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
22:36:59.0640 5908 RapportPG - ok
22:36:59.0656 5908 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:36:59.0656 5908 RasAcd - ok
22:36:59.0687 5908 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:36:59.0687 5908 RasAuto - ok
22:36:59.0718 5908 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:36:59.0734 5908 Rasl2tp - ok
22:36:59.0781 5908 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:36:59.0781 5908 RasMan - ok
22:36:59.0796 5908 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:36:59.0812 5908 RasPppoe - ok
22:36:59.0828 5908 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:36:59.0828 5908 Raspti - ok
22:36:59.0843 5908 rchost - ok
22:36:59.0875 5908 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:36:59.0875 5908 Rdbss - ok
22:36:59.0890 5908 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:36:59.0890 5908 RDPCDD - ok
22:36:59.0921 5908 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:36:59.0937 5908 rdpdr - ok
22:36:59.0968 5908 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:36:59.0968 5908 RDPWD - ok
22:37:00.0000 5908 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:37:00.0000 5908 RDSessMgr - ok
22:37:00.0015 5908 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:37:00.0015 5908 redbook - ok
22:37:00.0062 5908 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:37:00.0062 5908 RemoteAccess - ok
22:37:00.0109 5908 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:37:00.0109 5908 RemoteRegistry - ok
22:37:00.0140 5908 RimSerPort - ok
22:37:00.0156 5908 rksample - ok
22:37:00.0187 5908 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:37:00.0187 5908 RpcLocator - ok
22:37:00.0234 5908 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:37:00.0250 5908 RpcSs - ok
22:37:00.0265 5908 RR2Ctrl - ok
22:37:00.0281 5908 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:37:00.0281 5908 RSVP - ok
22:37:00.0312 5908 RVIEG01 - ok
22:37:00.0312 5908 s716mdfl - ok
22:37:00.0343 5908 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:37:00.0343 5908 SamSs - ok
22:37:00.0359 5908 sandboxu - ok
22:37:00.0468 5908 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:37:00.0468 5908 SASDIFSV - ok
22:37:00.0468 5908 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:37:00.0468 5908 SASKUTIL - ok
22:37:00.0500 5908 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:37:00.0515 5908 SCardSvr - ok
22:37:00.0531 5908 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:37:00.0531 5908 Schedule - ok
22:37:00.0546 5908 SE26bus - ok
22:37:00.0546 5908 se2Bunic - ok
22:37:00.0562 5908 se2Eunic - ok
22:37:00.0578 5908 se44bus - ok
22:37:00.0609 5908 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:37:00.0609 5908 Secdrv - ok
22:37:00.0625 5908 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:37:00.0625 5908 seclogon - ok
22:37:00.0625 5908 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:37:00.0625 5908 SENS - ok
22:37:00.0656 5908 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:37:00.0656 5908 serenum - ok
22:37:00.0656 5908 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:37:00.0671 5908 Serial - ok
22:37:00.0687 5908 sffp_sd - ok
22:37:00.0718 5908 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:37:00.0718 5908 Sfloppy - ok
22:37:00.0765 5908 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:37:00.0781 5908 SharedAccess - ok
22:37:00.0812 5908 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:37:00.0812 5908 ShellHWDetection - ok
22:37:00.0828 5908 Si3114r5 - ok
22:37:00.0828 5908 Si3132 - ok
22:37:00.0843 5908 Simbad - ok
22:37:00.0843 5908 sis162u - ok
22:37:00.0859 5908 sisagp - ok
22:37:00.0906 5908 snapman (eb49860e776ce860dc3cfb9edb1ba517) C:\WINDOWS\system32\DRIVERS\snapman.sys
22:37:00.0906 5908 snapman - ok
22:37:00.0921 5908 sonywbms - ok
22:37:00.0921 5908 Sparrow - ok
22:37:00.0937 5908 spcsutilityservice - ok
22:37:00.0937 5908 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:37:00.0953 5908 splitter - ok
22:37:00.0968 5908 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:37:00.0968 5908 Spooler - ok
22:37:00.0984 5908 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:37:00.0984 5908 sr - ok
22:37:01.0015 5908 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:37:01.0015 5908 srservice - ok
22:37:01.0062 5908 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:37:01.0062 5908 Srv - ok
22:37:01.0093 5908 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:37:01.0093 5908 SSDPSRV - ok
22:37:01.0140 5908 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:37:01.0140 5908 stisvc - ok
22:37:01.0156 5908 Sus2pl - ok
22:37:01.0171 5908 sweepsrv.sys - ok
22:37:01.0203 5908 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:37:01.0203 5908 swenum - ok
22:37:01.0250 5908 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:37:01.0250 5908 swmidi - ok
22:37:01.0281 5908 SwPrv - ok
22:37:01.0281 5908 symc810 - ok
22:37:01.0296 5908 symc8xx - ok
22:37:01.0296 5908 symids - ok
22:37:01.0312 5908 sym_hi - ok
22:37:01.0312 5908 sym_u3 - ok
22:37:01.0343 5908 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:37:01.0343 5908 sysaudio - ok
22:37:01.0375 5908 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:37:01.0375 5908 SysmonLog - ok
22:37:01.0406 5908 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:37:01.0406 5908 TapiSrv - ok
22:37:01.0437 5908 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
22:37:01.0437 5908 TBPanel - ok
22:37:01.0484 5908 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:37:01.0500 5908 Tcpip - ok
22:37:01.0531 5908 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:37:01.0531 5908 TDPIPE - ok
22:37:01.0578 5908 tdrpman273 (431801fcc97034e04a6eff81136578d7) C:\WINDOWS\system32\DRIVERS\tdrpm273.sys
22:37:01.0593 5908 tdrpman273 - ok
22:37:01.0609 5908 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:37:01.0609 5908 TDTCP - ok
22:37:01.0640 5908 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:37:01.0640 5908 TermDD - ok
22:37:01.0671 5908 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:37:01.0687 5908 TermService - ok
22:37:01.0734 5908 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:37:01.0734 5908 Themes - ok
22:37:01.0750 5908 tifm21 - ok
22:37:01.0781 5908 timounter (a34d7024bb7140ec785c86bc065d4f60) C:\WINDOWS\system32\DRIVERS\timntr.sys
22:37:01.0796 5908 timounter - ok
22:37:01.0843 5908 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:37:01.0843 5908 TlntSvr - ok
22:37:01.0859 5908 tmlisten - ok
22:37:01.0859 5908 tnbrlds - ok
22:37:01.0875 5908 TosIde - ok
22:37:01.0890 5908 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:37:01.0890 5908 TrkWks - ok
22:37:01.0906 5908 Udfreadr_xp - ok
22:37:01.0921 5908 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:37:01.0921 5908 Udfs - ok
22:37:01.0937 5908 ultra - ok
22:37:01.0937 5908 UMPass - ok
22:37:01.0968 5908 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:37:01.0968 5908 Update - ok
22:37:02.0000 5908 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:37:02.0000 5908 upnphost - ok
22:37:02.0000 5908 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:37:02.0015 5908 UPS - ok
22:37:02.0046 5908 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:37:02.0062 5908 usbccgp - ok
22:37:02.0093 5908 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:37:02.0093 5908 usbehci - ok
22:37:02.0125 5908 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:37:02.0125 5908 usbhub - ok
22:37:02.0171 5908 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:37:02.0171 5908 usbohci - ok
22:37:02.0187 5908 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:37:02.0187 5908 usbprint - ok
22:37:02.0187 5908 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:37:02.0203 5908 usbscan - ok
22:37:02.0203 5908 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:37:02.0203 5908 usbstor - ok
22:37:02.0218 5908 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:37:02.0218 5908 usbuhci - ok
22:37:02.0218 5908 USB_NDIS_51 - ok
22:37:02.0265 5908 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:37:02.0265 5908 VgaSave - ok
22:37:02.0296 5908 VIAHdAudAddService (264f2f26975136e015c9aa5e025b39f4) C:\WINDOWS\system32\drivers\viahduaa.sys
22:37:02.0296 5908 VIAHdAudAddService - ok
22:37:02.0328 5908 ViaIde - ok
22:37:02.0328 5908 VIAPFD - ok
22:37:02.0343 5908 VirtualCam - ok
22:37:02.0343 5908 vmm - ok
22:37:02.0359 5908 vmnetuserif - ok
22:37:02.0359 5908 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:37:02.0359 5908 VolSnap - ok
22:37:02.0390 5908 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:37:02.0406 5908 VSS - ok
22:37:02.0437 5908 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:37:02.0437 5908 W32Time - ok
22:37:02.0453 5908 w550mdfl - ok
22:37:02.0468 5908 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:37:02.0468 5908 Wanarp - ok
22:37:02.0468 5908 WDICA - ok
22:37:02.0484 5908 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:37:02.0500 5908 wdmaud - ok
22:37:02.0515 5908 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:37:02.0515 5908 WebClient - ok
22:37:02.0515 5908 whoisd32 - ok
22:37:02.0562 5908 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:37:02.0562 5908 winmgmt - ok
22:37:02.0578 5908 wintabservice - ok
22:37:02.0593 5908 wlancig - ok
22:37:02.0625 5908 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:37:02.0625 5908 WmdmPmSN - ok
22:37:02.0718 5908 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:37:02.0734 5908 Wmi - ok
22:37:02.0765 5908 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:37:02.0781 5908 WmiAcpi - ok
22:37:02.0812 5908 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:37:02.0812 5908 WmiApSrv - ok
22:37:02.0906 5908 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:37:02.0921 5908 WMPNetworkSvc - ok
22:37:02.0921 5908 WmVirHid - ok
22:37:02.0984 5908 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:37:02.0984 5908 WS2IFSL - ok
22:37:03.0015 5908 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:37:03.0031 5908 wscsvc - ok
22:37:03.0046 5908 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:37:03.0046 5908 wuauserv - ok
22:37:03.0093 5908 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:37:03.0093 5908 WudfPf - ok
22:37:03.0109 5908 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:37:03.0109 5908 WudfRd - ok
22:37:03.0140 5908 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:37:03.0140 5908 WudfSvc - ok
22:37:03.0187 5908 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:37:03.0203 5908 WZCSVC - ok
22:37:03.0218 5908 X4HSX32 - ok
22:37:03.0250 5908 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:37:03.0250 5908 xmlprov - ok
22:37:03.0265 5908 Xyz777b - ok
22:37:03.0281 5908 YMIDUSB - ok
22:37:03.0296 5908 ZDPNDIS5 - ok
22:37:03.0312 5908 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:37:03.0484 5908 \Device\Harddisk0\DR0 - ok
22:37:03.0484 5908 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
22:37:03.0484 5908 \Device\Harddisk1\DR2 - ok
22:37:03.0500 5908 MBR (0x1B8) (e29d6bda5093af255cbee4a598f53711) \Device\Harddisk2\DR4
22:37:04.0078 5908 \Device\Harddisk2\DR4 - ok
22:37:04.0078 5908 Boot (0x1200) (69ad7ef9790c20e911a8061025aa27c7) \Device\Harddisk0\DR0\Partition0
22:37:04.0078 5908 \Device\Harddisk0\DR0\Partition0 - ok
22:37:04.0078 5908 Boot (0x1200) (45734d453400e9a6c6359c9455396e78) \Device\Harddisk1\DR2\Partition0
22:37:04.0093 5908 \Device\Harddisk1\DR2\Partition0 - ok
22:37:04.0093 5908 ============================================================
22:37:04.0093 5908 Scan finished
22:37:04.0093 5908 ============================================================
22:37:04.0093 4212 Detected object count: 1
22:37:04.0093 4212 Actual detected object count: 1
22:37:38.0562 4212 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
22:37:39.0343 4212 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\mrxsmb.sys) error 1813
22:37:41.0640 4212 Backup copy found, using it..
22:37:41.0671 4212 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
22:37:44.0015 4212 MRxSmb ( Virus.Win32.ZAccess.k ) - User select action: Cure
22:38:11.0328 4248 Deinitialize success



swMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-30 22:48:17
-----------------------------
22:48:17.328 OS Version: Windows 5.1.2600 Service Pack 3
22:48:17.328 Number of processors: 2 586 0x4303
22:48:17.328 ComputerName: ALISTAIR-FC7734 UserName: Alistair
22:49:23.640 Initialize success
22:49:49.468 The log file has been saved successfully to "C:\Documents and Settings\Alistair\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-30 22:50:55
-----------------------------
22:50:55.734 OS Version: Windows 5.1.2600 Service Pack 3
22:50:55.734 Number of processors: 2 586 0x4303
22:50:55.734 ComputerName: ALISTAIR-FC7734 UserName: Alistair
22:50:57.390 Initialize success
22:51:39.078 AVAST engine defs: 12033000
22:53:11.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
22:53:11.984 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01110 Size: 476940MB BusType: 3
22:53:12.015 Disk 0 MBR read successfully
22:53:12.015 Disk 0 MBR scan
22:53:12.046 Disk 0 Windows XP default MBR code
22:53:12.046 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
22:53:12.046 Disk 0 scanning sectors +976752000
22:53:12.125 Disk 0 scanning C:\WINDOWS\system32\drivers
22:53:21.375 Service scanning
22:53:35.531 Modules scanning
22:53:41.078 Disk 0 trace - called modules:
22:53:41.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:53:41.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a551ab8]
22:53:41.093 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000074[0x8a5709e8]
22:53:41.093 5 ACPI.sys[b9f68620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a51fd98]
22:53:42.656 AVAST engine scan C:\WINDOWS
22:54:05.484 AVAST engine scan C:\WINDOWS\system32
22:56:56.765 AVAST engine scan C:\WINDOWS\system32\drivers
22:57:23.125 AVAST engine scan C:\Documents and Settings\Alistair
23:01:51.265 AVAST engine scan C:\Documents and Settings\All Users
23:03:48.734 Scan finished successfully
23:04:58.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Alistair\Desktop\MBR.dat"
23:04:58.328 The log file has been saved successfully to "C:\Documents and Settings\Alistair\Desktop\aswMBR.txt"


Thanks
Alistair

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:09 AM

Posted 30 March 2012 - 09:02 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\Program Files\Windows iLivid Toolbar
c:\documents and settings\Alistair\Application Data\SpeedyPC Software
c:\documents and settings\Alistair\Application Data\DriverCure
c:\documents and settings\All Users\Application Data\SpeedyPC Software
c:\program files\SpeedyPC Software
c:\program files\Ask.com
c:\documents and settings\Alistair\Local Settings\Application Data\AskToolbar

DDS::
uStart Page = hxxp://mystart.incredibar.com/mb117?a=6R8gwAA7pN&i=26

FireFox::
FF - ProfilePath - c:\documents and settings\Alistair\Application Data\Mozilla\Firefox\Profiles\vu1pnllx.default\
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=179&systemid=406&sr=0&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100581
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar_i.id - bcf333a5000000000000001fc671f54b
FF - user.js: extensions.BabylonToolbar_i.hardId - bcf333a5000000000000001fc671f54b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15350
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:16
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - std

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3f7cdb31-9eac-41a9-9f38-cca1a5d95152}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 bstarduk

bstarduk
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 31 March 2012 - 11:47 AM

Hi Gringo,
I have done as requested and now I have an issue.
Have tried to reboot in normal and safe modes and have tried to rerun combofix. It runs and tells me that it has found an instance of Rootfix and it will reboot which it does I then get the blue screen and it begins to cycle through the test runs to test no 50 and then hangs for over 1 hour so I have to use Task Manager to close the program and reboot.
Therefore I have no reports to attach otherwise computer is ok of a fashion just occasionally it slows right down and hangs briefly but this is very spasmodic. I have tried the reboot scenario for 4 times twice in Safe twice not.

Sorry if this does not help

Cheers

Alistair

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:09 AM

Posted 31 March 2012 - 12:15 PM

Hello

How is the computer doing now? Is it able to boot into windows normaly? Is it still redirecting?


I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 bstarduk

bstarduk
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 31 March 2012 - 12:57 PM

Computer is ok I am able to boot although I have to bypass Combofix every tiome I reboot but it is working,at the moment it is not redirecting the internet pages but it does go slow spasmodically but only for a short time.

This is the report


cronis True Image Home 2011
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
AMD Processor Driver
Ask Toolbar
Ask Toolbar Updater
AVG 2012
BitTorrent
Canon Camera Access Library
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SD1400 IS_IXUS 130 Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
ConvertXtoDVD 2.2.3.258
coverXP (remove only)
eMule
Epson Easy Photo Print 2
Epson Print CD
Epson Printer Software Downloader
EPSON PX650 Series Printer Uninstall
EPSON Scan
Epson Stylus Photo PX650_TX650 Manual
EPSON Web-To-Page
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Internet Download Manager
Java Auto Updater
Java™ 6 Update 29
K-Lite Codec Pack 8.4.0 (Full)
Malwarebytes Anti-Malware version 1.60.1.1000
MetaProducts Mass Downloader
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 11.0 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Mystery of Mortlake Mansion 1.00
Mystery Stories - Berlin Nights FINAL 1.00
Nero 7 Ultra Edition
neroxml
NETGEAR Digital Entertainer for Windows
NVIDIA Drivers
Platform
Plus Pack for Acronis True Image Home 2011
PMB
Quicken 2010
Rapport
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
SUPERAntiSpyware
swMSM
Tumblebugs
Tumblebugs 2
Uninstall Startup Inspector
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vacation Quest 2 - Australia
VIA Platform Device Manager
VLC media player 2.0.1
WebFldrs XP
WinAVI Video Converter
Windows Genuine Advantage Notifications (KB905474)
Windows iLivid Toolbar
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
Worlds Greatest Cities Mahjong
Wuala
Wuala CBFS
Wuala OverlayIcons
X-Sheet Invoicing
XML Paper Specification Shared Components Pack 1.0
XpertVision 6.1

Thanks
Alistair

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:09 AM

Posted 31 March 2012 - 08:54 PM

boot into safe mode and see if it will finish


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 bstarduk

bstarduk
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 01 April 2012 - 02:48 AM

Finally managed to do it

ComboFix 12-03-30.02 - Administrator 01/04/2012 7:15.6.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1789 [GMT 1:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VMNETUSERIF
-------\Service_vmnetuserif
-------\Legacy_VMNETUSERIF
-------\Legacy_VMNETUSERIF
-------\Legacy_VMNETUSERIF
-------\Legacy_VMNETUSERIF
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-03-31 07:21 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-03-30 22:04 . 2012-03-30 22:04 -------- d-----w- c:\program files\Common Files\Java
2012-03-30 22:00 . 2012-03-30 22:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-30 22:00 . 2012-03-30 22:00 -------- d-----w- c:\program files\Java
2012-03-30 21:37 . 2012-03-30 21:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-30 07:06 . 2012-03-30 07:07 -------- d-----w- c:\documents and settings\Administrator
2012-03-29 13:31 . 2012-03-30 17:49 -------- d-----w- c:\program files\Startup Inspector for Windows
2012-03-29 06:42 . 2012-03-29 06:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-03-28 23:50 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\HFXB4.tmp
2012-03-28 21:13 . 2012-03-28 21:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-28 21:13 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-28 13:55 . 2012-03-28 21:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-28 13:35 . 2012-03-28 13:45 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-25 02:05 . 2012-03-25 02:05 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-25 02:05 . 2012-03-25 02:05 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 22:45 . 2009-01-21 18:03 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2012-03-14 22:39 . 2012-03-14 23:47 -------- d-----w- C:\Netgear
2012-03-11 13:48 . 2012-03-11 13:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-06 17:57 . 2012-03-06 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2012-03-03 13:06 . 2012-03-03 13:06 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-03-03 13:06 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2012-03-03 13:06 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2012-03-03 13:06 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2012-03-03 13:06 . 2012-03-03 13:06 -------- d-----w- c:\program files\VSO
2012-03-02 11:34 . 2012-03-06 19:05 -------- d-----w- c:\program files\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 22:00 . 2011-10-13 17:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-30 21:39 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-03-28 13:45 . 2011-10-11 17:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 07:08 . 2012-02-14 07:06 577578 ----a-w- c:\windows\system32\dotnetfx_sp3.exe
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 14:41 . 2012-02-02 14:41 35942 ----a-w- C:\silverlight.exe
2012-01-11 19:06 . 2012-02-16 03:14 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-10-11 06:28 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-06 06:07 . 2012-01-06 06:07 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax
2012-03-25 02:05 . 2011-10-11 10:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 12:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 13:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 15:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-30_16.54.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-01 06:23 . 2012-04-01 06:23 16384 c:\windows\temp\Perflib_Perfdata_f8c.dat
+ 2006-02-28 12:00 . 2012-04-01 06:11 68478 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2012-03-30 17:00 68478 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2012-04-01 06:11 435582 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2012-03-30 17:00 435582 c:\windows\system32\perfh009.dat
+ 2012-03-30 22:00 . 2012-03-30 22:00 157472 c:\windows\system32\javaws.exe
- 2011-10-22 07:07 . 2011-10-03 04:06 157472 c:\windows\system32\javaws.exe
+ 2012-03-30 22:00 . 2012-03-30 22:00 149280 c:\windows\system32\javaw.exe
+ 2012-03-30 22:00 . 2012-03-30 22:00 149280 c:\windows\system32\java.exe
+ 2012-03-30 22:04 . 2012-03-30 22:04 203776 c:\windows\Installer\11c055.msi
+ 2012-03-30 22:00 . 2012-03-30 22:00 901120 c:\windows\Installer\11c045.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2011-05-26 14:07 559104 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{93104DA7-58BF-4A46-820D-8407E89FF56B}"
[HKEY_CLASSES_ROOT\CLSID\{93104DA7-58BF-4A46-820D-8407E89FF56B}]
2011-11-04 20:33 158224 ----a-w- c:\windows\system32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-11-04 20:33 158224 ----a-w- c:\windows\system32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2012-02-22 650104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-11 3905920]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-06-23 3380632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-01-29 2157064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"nwiz"="nwiz.exe" [2008-01-08 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-01-14 29753344]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2536760]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-22 5550984]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-11-23 390728]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Alistair\\Application Data\\Wuala\\Roaming\\Wuala.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\ffmpeg.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\receiver.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sharefolder.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\tagtool.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sjcmdwiz.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
"49153:UDP"= 49153:UDP:UDP49153
"49154:UDP"= 49154:UDP:UDP49154
"49155:UDP"= 49155:UDP:UDP49155
"49156:TCP"= 49156:TCP:TCP49156
"49158:TCP"= 49158:TCP:TCP49158
"49159:TCP"= 49159:TCP:TCP49159
"49152:UDP"= 49152:UDP:UDP49152
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 06:30 32592]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/03/2012 14:48 56208]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [02/11/2011 00:45 752128]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11/07/2011 01:13 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 01:14 295248]
R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [25/12/2011 10:38 296592]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [14/11/2011 14:39 101360]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 18:01 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/03/2012 14:48 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/03/2012 14:48 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [02/11/2011 00:45 3246040]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 07:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28/03/2012 22:13 652360]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24/10/2009 03:18 360224]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/03/2012 14:48 931640]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [02/11/2011 00:45 167968]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11/07/2011 01:14 16720]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [26/04/2007 13:35 17792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28/03/2012 22:13 20464]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [30/09/2010 13:59 61824]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [30/09/2010 13:59 141568]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [03/03/2012 14:06 47360]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [11/10/2011 08:14 215936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [28/03/2012 14:35 253600]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [28/03/2012 14:55 40776]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - RapportIaso
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
DLARTL_M
cmuda
netwg311
USB_NDIS_51
Si3114r5
X4HSX32
merakcontrol
lexbces
mqdmbus
UMPass
NVTCP
se2Bunic
sffp_sd
YMIDUSB
IBMTPCHK
cyberpowerups
MQAC
lvtuner
RR2Ctrl
sonywbms
dlapoolm
Udfreadr_xp
RimSerPort
vmm
ifxspmgtsrv
VIAPFD
symids
prfldsvc
npfmntor
keymaestro
hpgate
AVCamUSB20
cvintdrv
pwkntmon
pgpserv
hibernation
Xyz777b
mgabg
PXRDDriver
webfilter
vhidmini
mdmxsdk
Nsynas32
mnsframework
WmFilter
tosrfnds
hpdskflt
S3GIGP
pktfilter
lxcr_device
olregcap
keriomailserver
winpowermonitor
ezplay
cis1284
cpsvc
CTEDSPFX.DLL
TOSHIBASoftModem
cvspydr2
vpcvmm
qserver
catchme
tfsnpool
tossmbnt
mpe
ibmpmdrv
ehsched
ctljystk
olapserver
w550mdfl
bobo
tnbrlds
whoisd32
mrobeservice
SE26bus
efs
s716mdfl
ca-messagequeuing
ql2100
Sus2pl
ireike
wintabservice
sis162u
bdss
tmlisten
DSDrv4
LKbdFlt2
k750mdfl
iam
RVIEG01
nvpvrmon
NWUSBPort
magictuneengine
pml
rksample
sandboxu
avcgbdr
ntrtscan
msi_wlan_service
mozybackup
se2Eunic
FsVga
MSCamSvc
nidomainservice
wlsetupsvc
nmap
tosrfcom
iaimfp0
FINEPIX_PCC
idisw2km
HssDrv
pdlndint
dsNcAdpt
actser
idrivert
dirms_defragmentation
isamsmt
PSDNServ
ahcix86s
ASMMAP
ati2mtag
lxcj_device
imountsrv
gbpoll
captureservice
GV600_4
FETNDIS
oraclesnmppeerencapsulator
GVCplDrv
db2jds
lxrjd31s
phc600
atikmdag
genmcmn
sweepsrv.sys
PhilCam8116_XP
DynDNS_Updater_Service
iksyssec
defwatch
qmofiltr
int15
ESMCR
omci
MpFilter
se44bus
sisagp
cpqfws2e
wlancig
btcsrusb
opcenum
p17
dvd-ram_service
tifm21
avgio
CiscoVpnInstallService
rchost
DevUpper
cfgwzsvc
ftrtsvc
CTEAPSFX.DLL
WmVirHid
ixiaendpoint
spcsutilityservice
VirtualCam
dlbt_device
mssqlserveradhelper
Si3132
ZDPNDIS5
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 13:45]
.
2012-03-30 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 14:03]
.
.
------- Supplementary Scan -------
.
uStart Page =
IE: + &Mass Downloader: download this file - c:\program files\Mass Downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\Mass Downloader\Add_All.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Alistair\Application Data\Mozilla\Firefox\Profiles\vu1pnllx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-DATAMNGR - c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
SafeBoot-67314555.sys
AddRemove-Windows Searchqu Toolbar - c:\program files\Windows iLivid Toolbar\uninstall.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-01 07:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1128)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4200)
c:\windows\system32\WININET.dll
c:\program files\Wuala OverlayIcons\OverlayIcon.dll
c:\windows\system32\CbFsMntNtf3.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2012-04-01 07:27:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-01 06:27
ComboFix2.txt 2012-03-30 17:04
.
Pre-Run: 428,663,820,288 bytes free
Post-Run: 431,360,274,432 bytes free
.
- - End Of File - - 44124C0F72E184449F54DEC6D8567128


Thanks
Alistair

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:09 AM

Posted 01 April 2012 - 02:58 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Ask Toolbar
Ask Toolbar Updater
BitTorrent
eMule
Java™ 6 Update 29
Windows iLivid Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 bstarduk

bstarduk
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 01 April 2012 - 08:13 AM

Please find attached reports as requested
The only other bug that has started to appear is a box at the bottom of the screen (at random) from Internet Download Manager asking if I want to download from this page with a yes or no box. If you click yes it then tries to download from the following site http://cdn.ip.netshelter.net/brocade/uk/2012_q1/1/images/player/modieus.zip[/i]
Apart from that all is ok at the moment.

MBAM Report

alwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.01.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Alistair :: ALISTAIR-FC7734 [administrator]

Protection: Enabled

01/04/2012 13:37:16
mbam-log-2012-04-01 (13-37-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197297
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HIJACK THIS Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:06:09, on 01/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Idechndr (uisp) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)

--
End of file - 11642 bytes

Please find attached reports as requested
The only other bug that has started to appear is a box at the bottom of the screen (at random) from Internet Download Manager asking if I want to download from this page with a yes or no box. If you click yes it then tries to download from the following site http://cdn.ip.netshelter.net/brocade/uk/2012_q1/1/images/player/modieus.zip
Apart from that all is ok at the moment.

MBAM Report

alwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.01.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Alistair :: ALISTAIR-FC7734 [administrator]

Protection: Enabled

01/04/2012 13:37:16
mbam-log-2012-04-01 (13-37-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197297
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HIJACK THIS Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:06:09, on 01/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Idechndr (uisp) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)

--
End of file - 11642 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users