Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

McAffee identified ZeroAccess rootkit / Google redirecting to abnow.com


  • This topic is locked This topic is locked
19 replies to this topic

#1 ramqcsport98

ramqcsport98

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 01 April 2012 - 10:54 PM

Hello,

McAfee identified and deleted the rootkit ZeroAccess and asked me to reboot my Windows XP SP3 PC. I did this, but ZeroAccess was found again after the reboot. I then ran MalWareBytes which identified this and removed it. I have since disconnected this PC from the internet and have not received any further notices. I have SpyBot S&D, Spyware Blaster, McAfee, MalwareBytes installed and regularly run HijackThis. I also successfully resolved google search redirecting to abnow.com, but would like verification that these two items have been removed permanently from my machine as I noticed in another post someone recommended a complete reformat due to a ZeroAccess installation.

Here is the dds.txt file contents:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by user1 at 17:43:52 on 2012-03-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.766 [GMT -5:00]
.
FW: McAfee Host Intrusion Prevention Firewall *Enabled*
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.sbc.com/dsl
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uWindow Title =
uSearch Page = hxxp://www.google.com
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
StartupFolder: c:\docume~1\user1\startm~1\programs\startup\syncback.lnk - c:\program files\2brightsparks\syncback\SyncBack.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{d25122bc-a60e-4663-b602-b01718f12044}\Icon3E5562ED7.ico
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: musicmatch.com\online
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153865317882
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: Interfaces\{256B9E94-052E-416D-9572-B6E2C46E3EF5} : DhcpNameServer = 10.1.1.110 10.1.1.111
TCP: Interfaces\{C8FB8631-14EB-4BD0-9EBA-74664FE3AF1E} : DhcpNameServer = 10.1.1.110 10.1.1.111
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user1\application data\mozilla\firefox\profiles\wwezx4i4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\user1\application data\mozilla\firefox\profiles\wwezx4i4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\user1\application data\mozilla\firefox\profiles\wwezx4i4.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\documents and settings\user1\application data\mozilla\firefox\profiles\wwezx4i4.default\extensions\widevinemediatransformer@widevine\plugins\npwidevinemediatransformer.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-3-7 344712]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-11 14336]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2010-6-15 1498224]
R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2012-3-7 35696]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2011-5-12 324928]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-10-22 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-5-19 120128]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-10-22 147984]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-10-22 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-3-7 69192]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2012-3-7 44680]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2012-3-7 107960]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2012-3-7 38680]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2012-3-7 35552]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-3-7 91896]
S2 antivirservice;Ma763004;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-7 135664]
S2 mcsysmon;Lkclassads;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S2 mctskshd.exe;Backupexecjobengine;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S2 mcupdmgr.exe;Mssql$soshome22;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S2 mcvsrte;Ha10kx2k;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S2 mirrorv3;Msi_wlan_service;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S2 mks_scan;Pmem;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S2 savscan;Npptnt2;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S2 symantecantibotagent;Ifxspmgtsrv;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S3 EraserUtilDrv10621;EraserUtilDrv10621;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10621.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10621.sys [?]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2012-3-7 44680]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-7 135664]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-3-7 43192]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-3-7 66536]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-11 14336]
UnknownUnknown dsload;dsload; [x]
.
=============== Created Last 30 ================
.
2012-03-28 13:11:10 40328 ----a-w- c:\windows\system32\HIPIS0e011b5.dll
2012-03-27 22:26:05 -------- d-----w- C:\Quarantine
2012-03-27 22:26:02 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
2012-03-27 22:13:50 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2012-03-22 16:36:36 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-22 16:36:36 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-07 16:59:55 60344 ----a-w- c:\windows\system32\HcApi.dll
2012-03-07 16:59:55 225144 ----a-w- c:\windows\system32\HcSql.dll
2012-03-07 16:59:55 20256 ----a-w- c:\windows\system32\HcSvc.dll
2012-03-07 16:59:55 138624 ----a-w- c:\windows\system32\KevlarSigs.dll
2012-03-07 16:59:49 -------- d-----w- c:\documents and settings\user1\application data\McAfee
2012-03-07 16:59:23 44448 ----a-w- c:\windows\system32\hipqa.dll
2012-03-07 16:59:23 35552 ----a-w- c:\windows\system32\drivers\HIPQK.sys
2012-03-07 16:59:23 25912 ----a-w- c:\windows\system32\mfehida.dll
2012-03-07 16:59:22 38680 ----a-w- c:\windows\system32\drivers\HIPPSK.sys
2012-03-07 16:59:21 107960 ----a-w- c:\windows\system32\drivers\HIPK.sys
2012-03-07 16:58:40 44680 ----a-w- c:\windows\system32\drivers\firehk.sys
2012-03-07 16:58:23 -------- d-----w- c:\program files\common files\McAfee Inc
2012-03-07 16:45:51 66536 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-03-07 16:45:51 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2012-03-07 16:45:50 43192 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-03-07 16:45:49 91896 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-03-07 16:45:49 76024 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-03-07 16:45:48 64208 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2012-03-07 16:45:48 344712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-03-07 16:45:47 69192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-07 16:45:19 -------- d-----w- c:\program files\common files\McAfee
2012-03-07 16:44:52 -------- d-----w- c:\program files\common files\Cisco Systems
2012-03-05 03:33:31 -------- d-----w- c:\documents and settings\user1\application data\Malwarebytes
2012-03-05 03:33:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-05 03:33:25 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-05 03:33:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-04 14:57:47 -------- d-sh--w- c:\documents and settings\user1\PrivacIE
.
==================== Find3M ====================
.
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 17:46:14.06 ===============

I have also attached attach.zip as well as ark.txt

Regards and thanks in advance,

Dom

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:13 AM

Posted 01 April 2012 - 11:35 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ramqcsport98

ramqcsport98
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 04 April 2012 - 12:14 AM

Thanks Gringo. I ran ComboFix and it found the ZeroAccess rootkit in the tcp/ip. It notified me twice that it found this. I made the mistake of not completely turning off McAfee so when my PC rebooted, the on-access scanner picked up NIRKMD and deleted this file. As a result, I kept getting an error stating that Windows could not find the file, but Combofix continued running through the 50+ stages and generated a log file, which I have included below:

ComboFix 12-04-01.03 - user1 04/03/2012 22:42:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1501 [GMT -5:00]
Running from: E:\ComboFix.exe
FW: McAfee Host Intrusion Prevention Firewall *Disabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\user1\Recent\Thumbs.db
c:\documents and settings\user1\WINDOWS
c:\windows\$NtUninstallKB58813$
c:\windows\$NtUninstallKB58813$\1191981640
c:\windows\$NtUninstallKB58813$\3702703856\@
c:\windows\$NtUninstallKB58813$\3702703856\L\iahonoel
c:\windows\$NtUninstallKB58813$\3702703856\loader.tlb
c:\windows\$NtUninstallKB58813$\3702703856\U\@00000001
c:\windows\$NtUninstallKB58813$\3702703856\U\@000000c0
c:\windows\$NtUninstallKB58813$\3702703856\U\@000000cb
c:\windows\$NtUninstallKB58813$\3702703856\U\@000000cf
c:\windows\$NtUninstallKB58813$\3702703856\U\@80000000
c:\windows\$NtUninstallKB58813$\3702703856\U\@800000c0
c:\windows\$NtUninstallKB58813$\3702703856\U\@800000cb
c:\windows\$NtUninstallKB58813$\3702703856\U\@800000cf
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\iun6002.exe
c:\windows\system32\.log
c:\windows\system32\dds_log_ad13.cmd
c:\windows\system32\SETA3.tmp
c:\windows\system32\SETAE.tmp
c:\windows\system32\SETB3.tmp
c:\windows\system32\SETBA.tmp
c:\windows\system32\SETCC.tmp
c:\windows\system32\SETCE.tmp
c:\windows\system32\SETDD.tmp
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\system32\dllcache\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SERVICE
-------\Service_service
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 04:00 . 2010-01-26 23:56 40328 ----a-w- c:\windows\system32\HIPIS0e011b5.dll
2012-04-04 03:57 . 2008-04-13 17:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-04-04 03:57 . 2008-04-13 17:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2012-04-01 01:33 . 2012-04-01 01:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-27 22:26 . 2012-04-04 03:42 -------- d-----w- C:\Quarantine
2012-03-27 22:13 . 2012-03-27 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-03-22 16:36 . 2012-03-22 16:36 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-22 16:36 . 2012-03-22 16:36 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-07 16:59 . 2010-06-15 17:52 138624 ----a-w- c:\windows\system32\KevlarSigs.dll
2012-03-07 16:59 . 2010-06-15 17:51 20256 ----a-w- c:\windows\system32\HcSvc.dll
2012-03-07 16:59 . 2010-06-15 17:51 225144 ----a-w- c:\windows\system32\HcSql.dll
2012-03-07 16:59 . 2010-06-15 17:51 60344 ----a-w- c:\windows\system32\HcApi.dll
2012-03-07 16:59 . 2012-03-07 16:59 -------- d-----w- c:\documents and settings\user1\Application Data\McAfee
2012-03-07 16:59 . 2010-01-26 23:59 25912 ----a-w- c:\windows\system32\mfehida.dll
2012-03-07 16:59 . 2010-01-26 23:57 35552 ----a-w- c:\windows\system32\drivers\HIPQK.sys
2012-03-07 16:59 . 2010-01-26 23:56 44448 ----a-w- c:\windows\system32\hipqa.dll
2012-03-07 16:59 . 2010-01-26 23:56 38680 ----a-w- c:\windows\system32\drivers\HIPPSK.sys
2012-03-07 16:59 . 2010-01-26 23:56 107960 ----a-w- c:\windows\system32\drivers\HIPK.sys
2012-03-07 16:58 . 2008-10-17 21:26 44680 ----a-w- c:\windows\system32\drivers\firehk.sys
2012-03-07 16:58 . 2012-03-07 16:58 -------- d-----w- c:\program files\Common Files\McAfee Inc
2012-03-07 16:45 . 2010-10-23 02:07 66536 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-03-07 16:45 . 2010-10-23 02:07 23864 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2012-03-07 16:45 . 2010-10-23 02:07 43192 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-03-07 16:45 . 2010-10-23 02:07 91896 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-03-07 16:45 . 2010-10-23 02:07 76024 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-03-07 16:45 . 2010-10-23 02:07 64208 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2012-03-07 16:45 . 2010-10-23 02:07 344712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-03-07 16:45 . 2010-10-23 02:07 69192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-07 16:45 . 2012-03-07 16:45 -------- d-----w- c:\program files\Common Files\McAfee
2012-03-07 16:44 . 2012-03-07 16:44 -------- d-----w- c:\program files\Common Files\Cisco Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2004-08-11 22:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 07:25 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-11 22:11 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-22 16:36 . 2011-05-20 13:34 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-10-23 02:07 . 2012-03-07 16:45 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-17 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-17 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-17 136544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-10-23 124224]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-06-15 979104]
.
c:\documents and settings\user1\Start Menu\Programs\Startup\
SyncBack.lnk - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-3-27 3019096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-9-24 6144]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2006-05-03 08:12 98304 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-19 00:09 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5033:TCP"= 5033:TCP:JAlbum
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/11/2004 5:00 PM 14336]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [6/15/2010 12:50 PM 1498224]
R2 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [3/7/2012 11:59 AM 35696]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [5/12/2011 12:48 PM 324928]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [10/22/2010 9:07 PM 22816]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/7/2012 11:45 AM 69192]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 7:39 PM 431456]
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [3/7/2012 11:58 AM 44680]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [3/7/2012 11:59 AM 107960]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [3/7/2012 11:59 AM 38680]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [3/7/2012 11:59 AM 35552]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2011 9:17 PM 135664]
S3 EraserUtilDrv10621;EraserUtilDrv10621;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10621.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10621.sys [?]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [3/7/2012 11:58 AM 44680]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2011 9:17 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/31/2012 8:33 PM 40776]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/7/2012 11:45 AM 66536]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/11/2004 5:00 PM 14336]
UnknownUnknown dsload;dsload; [x]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - dsgrab_01c87d7be3ac26fe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
mi-raysat_3dsMax2008_32
idechndr
oraclemtsrecoveryservice
pdlnemsg
ppped
wmp54gv4svc
hprfdev
id2scaps
Evian
mcupdmgr.exe
usb_rndisx
SbcpHid
s716mdm
vpcbus
deckzpsx
CrystalSysInfo
dbmang
ZuneWlanCfgSvc
s716unic
k56
se2End5
maya70docserver
btfirst
aspi32
ELhid
vusbbus
regmon701
SilverLink
WmaCDriverV32
speedfan
vncmirror
cdudf_xp
cqmgstor
antivirservice
epson_pm_rpcv2_01
USBCCID
CBN
SunkFilt39
cpuidlep
R300
FTSER2K
wlluc48b
zfdwm
msdv
ELkbd
bthserv
nmwcdc
bc_filter
ultra66
W8335XP
iAimFP5
cportclm
midisyn
PSDFilter
tabletservice
psimsvc
wandrv
usbio
zpsc
cwafreportscheduler
ni_nic
mozybackup
ntsyslog
csctl50
mcmispupdmgr
msmframework
CXTUNE
mwlsvc
fsaua
SiSGbeXP
acs
mqdmmdfl
hdaudbus
speakerphone
cpqfcalm
penrendezvous
owstimer
ialm
w550mdfl
spbbcsvc
openvpnservice
dsNcAdpt
elbycdio
eloggersvc6
NWADI
MA_CMIDI
winmtsrv
cpqvcagent
autostore
roxmediadb
savscan
SE2Eobex
captureservice
DcFpoint
SE2Cobex
KLOGNT
hpdj
cltnetcnservice
TdmService
mssqlserveradhelper
VIAPFD
roxmediadb9
AdfuUd
ctljystk
stirusb
mks_scan
USB11LDR
nwrdr
raidmagt
mcvsrte
s616nd5
umwdf
icollectservice
DS1410D
Afc
artdhcp
hidir
WacomVKHid
slservice
NMSAccessU
DritekPortIO
PSI_SVC_2
USBMN1X1
USIUDF
epsonbidirectionalagent
zppinger
atmeltpm
Exportit
ati
wacommousefilter
TSHWMDTCP
siskp
msloop
pca
nvedavt
ASDR
bdfdll
USB28xxOEM
nimxdfk
U3sHlpDr
persfw
curtainssyssvc
ahcix86s
umpusbxp
Sunkfiltp
InterBaseGuardian
lxcccustomerconnect
axsaki
symantecantibotagent
emitray
mcsysmon
sscdbhk5
sptisrv
oracleorahomeagent
cercsr6
hamachi
iftpsvc
usprserv
se44mgmt
sbiesvc
dvd_2K
sprtsvc_dellsupportcenter
ilicensesvc
padfsvr
dptrackerd
mirrorv3
aclient
aavmker4
lvusbsta
RushTopDevice
rpskt
SetupSys
USA49W2KP
aswmon2
enethusb
sigfilt
pxfhmdm
sonytvc
atitool
SaiClass
sprtsvc_ddoctorv2
NVTCP
TMBMServer
picturetaker
FTDIBUS
BASFND
iaimtv0
SSHDRV61
bt3cser
pinnaclemarvinusb
SiSRaid
npapimon
PhilCam8116_XP
O2SCBUS
wintabservice
RR2Mjpeg
USBVCD
mysql
uscbs108
ufdsvc
TestHandler
rxfilter
issuser
ATIVTUTW
euq_monitor
advantage
ZuneBusEnum
{e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}
wanusb
zdeviceservice
clmtomcatstartersvc
tapeware
swupdtmr
emu10k
ZD1211BU(ZyDAS)
CA561
NWDHCP
fuj02b1
bgs_sdservice
se58bus
Hardlock
CTDevice_Srv
Si3132r5
mctskshd.exe
inorpc
k750obex
wg111nd5
irsir
nalntservice
vpcusb
TryAndDecideService
Amsmpu4p
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 02:17]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 02:17]
.
2012-04-03 c:\windows\Tasks\SyncBack Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-03 c:\windows\Tasks\SyncBack stuff.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-03 c:\windows\Tasks\SyncBack pics.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-03 c:\windows\Tasks\SyncBack user1.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-03 c:\windows\Tasks\SyncBack Lightroom.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-03 c:\windows\Tasks\SyncBack My Pictures.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-03 c:\windows\Tasks\SyncBack Photos To Process.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.sbc.com/dsl
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\wwezx4i4.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ZoneAlarm - c:\program files\CheckPoint\ZoneAlarm\zatray.exe
Notify-NavLogon - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-AndreaMosaicVersion3 - c:\windows\iun6002.exe
AddRemove-ZoneAlarm Free - c:\program files\CheckPoint\Install\Install.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-03 23:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1760)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(4348)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\CTHELPER.EXE
c:\windows\system32\CTXFIHLP.EXE
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2012-04-03 23:16:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 04:16
.
Pre-Run: 22,444,322,816 bytes free
Post-Run: 23,568,904,192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 46FA1DC5CA61EDB451570BBC65000210

Regards,

Dom

#4 ramqcsport98

ramqcsport98
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 04 April 2012 - 12:17 AM

I then fully disabled McAfee and ran Combofix again, which did not give me any notifications and created the following log file:

ComboFix 12-04-01.03 - user1 04/03/2012 23:31:44.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1310 [GMT -5:00]
Running from: c:\documents and settings\user1\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *Disabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\cfosspeed.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TMBMSERVER
-------\Service_TMBMServer
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 04:44 . 2010-01-26 23:56 40328 ----a-w- c:\windows\system32\HIPIS0e011b5.dll
2012-04-04 03:57 . 2008-04-13 17:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-04-04 03:57 . 2008-04-13 17:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2012-04-01 01:33 . 2012-04-01 01:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-27 22:26 . 2012-04-04 03:42 -------- d-----w- C:\Quarantine
2012-03-27 22:13 . 2012-03-27 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-03-22 16:36 . 2012-03-22 16:36 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-22 16:36 . 2012-03-22 16:36 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-07 16:59 . 2010-06-15 17:52 138624 ----a-w- c:\windows\system32\KevlarSigs.dll
2012-03-07 16:59 . 2010-06-15 17:51 20256 ----a-w- c:\windows\system32\HcSvc.dll
2012-03-07 16:59 . 2010-06-15 17:51 225144 ----a-w- c:\windows\system32\HcSql.dll
2012-03-07 16:59 . 2010-06-15 17:51 60344 ----a-w- c:\windows\system32\HcApi.dll
2012-03-07 16:59 . 2012-03-07 16:59 -------- d-----w- c:\documents and settings\user1\Application Data\McAfee
2012-03-07 16:59 . 2010-01-26 23:59 25912 ----a-w- c:\windows\system32\mfehida.dll
2012-03-07 16:59 . 2010-01-26 23:57 35552 ----a-w- c:\windows\system32\drivers\HIPQK.sys
2012-03-07 16:59 . 2010-01-26 23:56 44448 ----a-w- c:\windows\system32\hipqa.dll
2012-03-07 16:59 . 2010-01-26 23:56 38680 ----a-w- c:\windows\system32\drivers\HIPPSK.sys
2012-03-07 16:59 . 2010-01-26 23:56 107960 ----a-w- c:\windows\system32\drivers\HIPK.sys
2012-03-07 16:58 . 2008-10-17 21:26 44680 ----a-w- c:\windows\system32\drivers\firehk.sys
2012-03-07 16:58 . 2012-03-07 16:58 -------- d-----w- c:\program files\Common Files\McAfee Inc
2012-03-07 16:45 . 2010-10-23 02:07 66536 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-03-07 16:45 . 2010-10-23 02:07 23864 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2012-03-07 16:45 . 2010-10-23 02:07 43192 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-03-07 16:45 . 2010-10-23 02:07 91896 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-03-07 16:45 . 2010-10-23 02:07 76024 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-03-07 16:45 . 2010-10-23 02:07 64208 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2012-03-07 16:45 . 2010-10-23 02:07 344712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-03-07 16:45 . 2010-10-23 02:07 69192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-07 16:45 . 2012-03-07 16:45 -------- d-----w- c:\program files\Common Files\McAfee
2012-03-07 16:44 . 2012-03-07 16:44 -------- d-----w- c:\program files\Common Files\Cisco Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2004-08-11 22:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 07:25 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-11 22:11 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-22 16:36 . 2011-05-20 13:34 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-10-23 02:07 . 2012-03-07 16:45 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-17 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-17 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-17 136544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
c:\documents and settings\user1\Start Menu\Programs\Startup\
SyncBack.lnk - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-3-27 3019096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-9-24 6144]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2006-05-03 08:12 98304 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Host Intrusion Prevention Tray]
2010-06-15 17:50 979104 ----a-w- c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2011-05-19 22:05 161088 ----a-w- c:\program files\McAfee\Common Framework\UdaterUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 21:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2010-10-23 02:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-19 00:09 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5033:TCP"= 5033:TCP:JAlbum
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/11/2004 5:00 PM 14336]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [6/15/2010 12:50 PM 1498224]
R2 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [3/7/2012 11:59 AM 35696]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [5/12/2011 12:48 PM 324928]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [10/22/2010 9:07 PM 22816]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/7/2012 11:45 AM 69192]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 7:39 PM 431456]
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [3/7/2012 11:58 AM 44680]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [3/7/2012 11:59 AM 107960]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [3/7/2012 11:59 AM 38680]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [3/7/2012 11:59 AM 35552]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2011 9:17 PM 135664]
S3 EraserUtilDrv10621;EraserUtilDrv10621;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10621.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10621.sys [?]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [3/7/2012 11:58 AM 44680]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2011 9:17 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/31/2012 8:33 PM 40776]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/7/2012 11:45 AM 66536]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/11/2004 5:00 PM 14336]
UnknownUnknown dsload;dsload; [x]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - dsgrab_01c87d7be3ac26fe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
mi-raysat_3dsMax2008_32
idechndr
oraclemtsrecoveryservice
pdlnemsg
ppped
wmp54gv4svc
hprfdev
id2scaps
Evian
mcupdmgr.exe
usb_rndisx
SbcpHid
s716mdm
vpcbus
deckzpsx
CrystalSysInfo
dbmang
ZuneWlanCfgSvc
s716unic
k56
se2End5
maya70docserver
btfirst
aspi32
ELhid
vusbbus
regmon701
SilverLink
WmaCDriverV32
speedfan
vncmirror
cdudf_xp
cqmgstor
antivirservice
epson_pm_rpcv2_01
USBCCID
CBN
SunkFilt39
cpuidlep
R300
FTSER2K
wlluc48b
zfdwm
msdv
ELkbd
bthserv
nmwcdc
bc_filter
ultra66
W8335XP
iAimFP5
cportclm
midisyn
PSDFilter
tabletservice
psimsvc
wandrv
usbio
zpsc
cwafreportscheduler
ni_nic
mozybackup
ntsyslog
csctl50
mcmispupdmgr
msmframework
CXTUNE
mwlsvc
fsaua
SiSGbeXP
acs
mqdmmdfl
hdaudbus
speakerphone
cpqfcalm
penrendezvous
owstimer
ialm
w550mdfl
spbbcsvc
openvpnservice
dsNcAdpt
elbycdio
eloggersvc6
NWADI
MA_CMIDI
winmtsrv
cpqvcagent
autostore
roxmediadb
savscan
SE2Eobex
captureservice
DcFpoint
SE2Cobex
KLOGNT
hpdj
cltnetcnservice
TdmService
mssqlserveradhelper
VIAPFD
roxmediadb9
AdfuUd
ctljystk
stirusb
mks_scan
USB11LDR
nwrdr
raidmagt
mcvsrte
s616nd5
umwdf
icollectservice
DS1410D
Afc
artdhcp
hidir
WacomVKHid
slservice
NMSAccessU
DritekPortIO
PSI_SVC_2
USBMN1X1
USIUDF
epsonbidirectionalagent
zppinger
atmeltpm
Exportit
ati
wacommousefilter
TSHWMDTCP
siskp
msloop
pca
nvedavt
ASDR
bdfdll
USB28xxOEM
nimxdfk
U3sHlpDr
persfw
curtainssyssvc
ahcix86s
umpusbxp
Sunkfiltp
InterBaseGuardian
lxcccustomerconnect
axsaki
symantecantibotagent
emitray
mcsysmon
sscdbhk5
sptisrv
oracleorahomeagent
cercsr6
hamachi
iftpsvc
usprserv
se44mgmt
sbiesvc
dvd_2K
sprtsvc_dellsupportcenter
ilicensesvc
padfsvr
dptrackerd
mirrorv3
aclient
aavmker4
lvusbsta
RushTopDevice
rpskt
SetupSys
USA49W2KP
aswmon2
enethusb
sigfilt
pxfhmdm
sonytvc
atitool
SaiClass
sprtsvc_ddoctorv2
NVTCP
picturetaker
FTDIBUS
BASFND
iaimtv0
SSHDRV61
bt3cser
pinnaclemarvinusb
SiSRaid
npapimon
PhilCam8116_XP
O2SCBUS
wintabservice
RR2Mjpeg
USBVCD
mysql
uscbs108
ufdsvc
TestHandler
rxfilter
issuser
ATIVTUTW
euq_monitor
advantage
ZuneBusEnum
{e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}
wanusb
zdeviceservice
clmtomcatstartersvc
tapeware
swupdtmr
emu10k
ZD1211BU(ZyDAS)
CA561
NWDHCP
fuj02b1
bgs_sdservice
se58bus
Hardlock
CTDevice_Srv
Si3132r5
mctskshd.exe
inorpc
k750obex
wg111nd5
irsir
nalntservice
vpcusb
TryAndDecideService
Amsmpu4p
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 02:17]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 02:17]
.
2012-04-03 c:\windows\Tasks\SyncBack Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-03 c:\windows\Tasks\SyncBack stuff.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-03 c:\windows\Tasks\SyncBack pics.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-03 c:\windows\Tasks\SyncBack user1.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-03 c:\windows\Tasks\SyncBack Lightroom.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-03 c:\windows\Tasks\SyncBack My Pictures.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-03 c:\windows\Tasks\SyncBack Photos To Process.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.sbc.com/dsl
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\wwezx4i4.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-03 23:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1748)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(3000)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\wscntfy.exe
c:\windows\CTHELPER.EXE
c:\windows\system32\CTXFIHLP.EXE
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\McAfee\Common Framework\McTray.exe
.
**************************************************************************
.
Completion time: 2012-04-03 23:53:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 04:53
ComboFix2.txt 2012-04-04 04:16
.
Pre-Run: 23,575,592,960 bytes free
Post-Run: 23,559,749,632 bytes free
.
- - End Of File - - C6392382BC109067C82ABC3BEE9D6E51

Regards

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:13 AM

Posted 04 April 2012 - 12:38 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 ramqcsport98

ramqcsport98
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 06 April 2012 - 09:39 PM

I have run TDSSKiller successfully, and have attached the log below. Unfortunately, I have not been able to run aswMBR without it crashing my machine. I am running it again now and hopefully it will allow me to see the error...in previous runs, I just have a black screen and have to turn the power off.

20:24:41.0390 5064 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
20:24:41.0406 5064 ============================================================
20:24:41.0406 5064 Current date / time: 2012/04/04 20:24:41.0406
20:24:41.0406 5064 SystemInfo:
20:24:41.0406 5064
20:24:41.0406 5064 OS Version: 5.1.2600 ServicePack: 3.0
20:24:41.0406 5064 Product type: Workstation
20:24:41.0406 5064 ComputerName: homePC
20:24:41.0406 5064 UserName: user1
20:24:41.0406 5064 Windows directory: C:\WINDOWS
20:24:41.0406 5064 System windows directory: C:\WINDOWS
20:24:41.0406 5064 Processor architecture: Intel x86
20:24:41.0406 5064 Number of processors: 2
20:24:41.0406 5064 Page size: 0x1000
20:24:41.0406 5064 Boot type: Normal boot
20:24:41.0406 5064 ============================================================
20:24:44.0015 5064 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:24:44.0109 5064 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:24:44.0140 5064 \Device\Harddisk0\DR0:
20:24:44.0156 5064 MBR used
20:24:44.0156 5064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1CA94DEC
20:24:44.0156 5064 \Device\Harddisk1\DR1:
20:24:44.0156 5064 MBR used
20:24:44.0156 5064 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xE8E035C1
20:24:44.0578 5064 Initialize success
20:24:44.0578 5064 ============================================================
20:25:04.0781 2792 ============================================================
20:25:04.0781 2792 Scan started
20:25:04.0781 2792 Mode: Manual;
20:25:04.0781 2792 ============================================================
20:25:05.0265 2792 aavmker4 - ok
20:25:05.0296 2792 Abiosdsk - ok
20:25:05.0359 2792 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:25:05.0359 2792 abp480n5 - ok
20:25:05.0390 2792 aclient - ok
20:25:05.0421 2792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:25:05.0421 2792 ACPI - ok
20:25:05.0437 2792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:25:05.0437 2792 ACPIEC - ok
20:25:05.0453 2792 acs - ok
20:25:05.0453 2792 AdfuUd - ok
20:25:05.0593 2792 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
20:25:05.0609 2792 Adobe Version Cue CS3 - ok
20:25:05.0625 2792 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:25:05.0625 2792 adpu160m - ok
20:25:05.0640 2792 advantage - ok
20:25:05.0671 2792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:25:05.0671 2792 aec - ok
20:25:05.0671 2792 Afc - ok
20:25:05.0718 2792 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:25:05.0718 2792 AFD - ok
20:25:05.0765 2792 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:25:05.0765 2792 agp440 - ok
20:25:05.0812 2792 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:25:05.0828 2792 agpCPQ - ok
20:25:05.0828 2792 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:25:05.0828 2792 Aha154x - ok
20:25:05.0843 2792 ahcix86s - ok
20:25:05.0859 2792 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:25:05.0859 2792 aic78u2 - ok
20:25:05.0875 2792 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:25:05.0875 2792 aic78xx - ok
20:25:06.0031 2792 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll
20:25:06.0031 2792 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
20:25:06.0031 2792 Akamai ( HiddenFile.Multi.Generic ) - warning
20:25:06.0031 2792 Akamai - detected HiddenFile.Multi.Generic (1)
20:25:06.0078 2792 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:25:06.0078 2792 Alerter - ok
20:25:06.0109 2792 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:25:06.0109 2792 ALG - ok
20:25:06.0125 2792 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:25:06.0125 2792 AliIde - ok
20:25:06.0156 2792 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:25:06.0156 2792 alim1541 - ok
20:25:06.0203 2792 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:25:06.0203 2792 amdagp - ok
20:25:06.0218 2792 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:25:06.0218 2792 amsint - ok
20:25:06.0234 2792 Amsmpu4p - ok
20:25:06.0234 2792 antivirservice - ok
20:25:06.0296 2792 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:25:06.0296 2792 Apple Mobile Device - ok
20:25:06.0343 2792 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:25:06.0343 2792 AppMgmt - ok
20:25:06.0375 2792 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:25:06.0390 2792 Arp1394 - ok
20:25:06.0421 2792 artdhcp (9c454cd857b4c0ccf7a614b047616503) C:\WINDOWS\system32\SimpTcp.dll
20:25:06.0500 2792 artdhcp - ok
20:25:06.0546 2792 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:25:06.0546 2792 asc - ok
20:25:06.0562 2792 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:25:06.0562 2792 asc3350p - ok
20:25:06.0578 2792 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:25:06.0578 2792 asc3550 - ok
20:25:06.0578 2792 ASDR - ok
20:25:06.0687 2792 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:25:06.0765 2792 aspnet_state - ok
20:25:06.0781 2792 aswmon2 - ok
20:25:06.0828 2792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:25:06.0828 2792 AsyncMac - ok
20:25:06.0843 2792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:25:06.0843 2792 atapi - ok
20:25:06.0859 2792 Atdisk - ok
20:25:06.0875 2792 ati - ok
20:25:06.0906 2792 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
20:25:06.0906 2792 Ati HotKey Poller - ok
20:25:06.0968 2792 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:25:06.0984 2792 ati2mtag - ok
20:25:06.0984 2792 atitool - ok
20:25:07.0000 2792 ATIVTUTW - ok
20:25:07.0062 2792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:25:07.0062 2792 Atmarpc - ok
20:25:07.0078 2792 atmeltpm - ok
20:25:07.0156 2792 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:25:07.0156 2792 AudioSrv - ok
20:25:07.0187 2792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:25:07.0187 2792 audstub - ok
20:25:07.0187 2792 autostore - ok
20:25:07.0203 2792 axsaki - ok
20:25:07.0218 2792 BASFND - ok
20:25:07.0218 2792 bc_filter - ok
20:25:07.0234 2792 bdfdll - ok
20:25:07.0250 2792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:25:07.0250 2792 Beep - ok
20:25:07.0265 2792 bgs_sdservice - ok
20:25:07.0296 2792 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:25:07.0312 2792 BITS - ok
20:25:07.0328 2792 BLKWGU(Belkin) - ok
20:25:07.0390 2792 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:25:07.0390 2792 Bonjour Service - ok
20:25:07.0437 2792 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:25:07.0437 2792 Browser - ok
20:25:07.0453 2792 bt3cser - ok
20:25:07.0468 2792 btfirst - ok
20:25:07.0468 2792 bthserv - ok
20:25:07.0484 2792 CA561 - ok
20:25:07.0500 2792 captureservice - ok
20:25:07.0500 2792 catchme - ok
20:25:07.0531 2792 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:25:07.0531 2792 cbidf - ok
20:25:07.0546 2792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:25:07.0546 2792 cbidf2k - ok
20:25:07.0562 2792 CBN - ok
20:25:07.0625 2792 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:25:07.0625 2792 cd20xrnt - ok
20:25:07.0656 2792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:25:07.0656 2792 Cdaudio - ok
20:25:07.0656 2792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:25:07.0656 2792 Cdfs - ok
20:25:07.0703 2792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:25:07.0703 2792 Cdrom - ok
20:25:07.0718 2792 cercsr6 - ok
20:25:07.0734 2792 Changer - ok
20:25:07.0781 2792 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:25:07.0781 2792 CiSvc - ok
20:25:07.0843 2792 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:25:07.0859 2792 ClipSrv - ok
20:25:07.0859 2792 clmtomcatstartersvc - ok
20:25:07.0968 2792 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:25:08.0078 2792 clr_optimization_v2.0.50727_32 - ok
20:25:08.0109 2792 cltnetcnservice - ok
20:25:08.0171 2792 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:25:08.0171 2792 CmdIde - ok
20:25:08.0171 2792 COMSysApp - ok
20:25:08.0187 2792 cportclm - ok
20:25:08.0234 2792 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:25:08.0234 2792 Cpqarray - ok
20:25:08.0250 2792 cpqfcalm - ok
20:25:08.0250 2792 cpqvcagent - ok
20:25:08.0265 2792 cpuidlep - ok
20:25:08.0281 2792 cqmgstor - ok
20:25:08.0328 2792 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
20:25:08.0328 2792 Creative Service for CDROM Access - ok
20:25:08.0375 2792 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:25:08.0375 2792 CryptSvc - ok
20:25:08.0390 2792 CrystalSysInfo - ok
20:25:08.0390 2792 csctl50 - ok
20:25:08.0421 2792 ctac32k (8a9c65ce4fe6e8cb24ce06ba28d951a0) C:\WINDOWS\system32\drivers\ctac32k.sys
20:25:08.0421 2792 ctac32k - ok
20:25:08.0468 2792 ctaud2k (47236971dfb3e03690b98e41665d0924) C:\WINDOWS\system32\drivers\ctaud2k.sys
20:25:08.0500 2792 ctaud2k - ok
20:25:08.0500 2792 CTDevice_Srv - ok
20:25:08.0531 2792 ctdvda2k (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys
20:25:08.0531 2792 ctdvda2k - ok
20:25:08.0546 2792 ctljystk - ok
20:25:08.0578 2792 ctprxy2k (2381cf056c15271f6b8dab50ff82cf3a) C:\WINDOWS\system32\drivers\ctprxy2k.sys
20:25:08.0578 2792 ctprxy2k - ok
20:25:08.0593 2792 ctsfm2k (da1c530de86c85a701138b30fb145af3) C:\WINDOWS\system32\drivers\ctsfm2k.sys
20:25:08.0593 2792 ctsfm2k - ok
20:25:08.0625 2792 curtainssyssvc - ok
20:25:08.0656 2792 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
20:25:08.0656 2792 CVirtA - ok
20:25:08.0734 2792 CVPND (eedbab8486e358cdd6687e666941b30c) c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
20:25:08.0750 2792 CVPND - ok
20:25:08.0781 2792 CVPNDRVA (5ba042bcab6246c6bba51606afd7b488) c:\WINDOWS\system32\Drivers\CVPNDRVA.sys
20:25:08.0796 2792 CVPNDRVA - ok
20:25:08.0796 2792 cwafreportscheduler - ok
20:25:08.0812 2792 CXTUNE - ok
20:25:08.0843 2792 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:25:08.0843 2792 dac2w2k - ok
20:25:08.0890 2792 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:25:08.0890 2792 dac960nt - ok
20:25:08.0890 2792 dbmang - ok
20:25:08.0906 2792 DcFpoint - ok
20:25:08.0968 2792 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:25:08.0984 2792 DcomLaunch - ok
20:25:09.0078 2792 deckzpsx - ok
20:25:09.0125 2792 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:25:09.0125 2792 Dhcp - ok
20:25:09.0156 2792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:25:09.0156 2792 Disk - ok
20:25:09.0203 2792 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
20:25:09.0203 2792 DLABOIOM - ok
20:25:09.0218 2792 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
20:25:09.0218 2792 DLACDBHM - ok
20:25:09.0234 2792 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
20:25:09.0234 2792 DLADResN - ok
20:25:09.0250 2792 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
20:25:09.0250 2792 DLAIFS_M - ok
20:25:09.0265 2792 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
20:25:09.0265 2792 DLAOPIOM - ok
20:25:09.0281 2792 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
20:25:09.0281 2792 DLAPoolM - ok
20:25:09.0296 2792 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
20:25:09.0296 2792 DLARTL_N - ok
20:25:09.0312 2792 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
20:25:09.0312 2792 DLAUDFAM - ok
20:25:09.0312 2792 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
20:25:09.0312 2792 DLAUDF_M - ok
20:25:09.0328 2792 dmadmin - ok
20:25:09.0375 2792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:25:09.0406 2792 dmboot - ok
20:25:09.0421 2792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:25:09.0437 2792 dmio - ok
20:25:09.0468 2792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:25:09.0468 2792 dmload - ok
20:25:09.0500 2792 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:25:09.0500 2792 dmserver - ok
20:25:09.0531 2792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:25:09.0531 2792 DMusic - ok
20:25:09.0578 2792 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
20:25:09.0578 2792 DNE - ok
20:25:09.0609 2792 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:25:09.0609 2792 Dnscache - ok
20:25:09.0656 2792 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:25:09.0656 2792 Dot3svc - ok
20:25:09.0734 2792 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:25:09.0734 2792 dpti2o - ok
20:25:09.0765 2792 dptrackerd - ok
20:25:09.0781 2792 DritekPortIO - ok
20:25:09.0796 2792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:25:09.0796 2792 drmkaud - ok
20:25:09.0812 2792 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
20:25:09.0812 2792 DRVMCDB - ok
20:25:09.0828 2792 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
20:25:09.0828 2792 DRVNDDM - ok
20:25:09.0828 2792 DS1410D - ok
20:25:09.0921 2792 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
20:25:09.0921 2792 DSBrokerService - ok
20:25:10.0000 2792 dsload (705c97d75906d865cd5c2f42265ac93e) C:\WINDOWS\system32\drivers\dsload.sys
20:25:10.0000 2792 dsload - ok
20:25:10.0000 2792 dsNcAdpt - ok
20:25:10.0062 2792 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
20:25:10.0062 2792 DSproct - ok
20:25:10.0109 2792 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
20:25:10.0109 2792 dsunidrv - ok
20:25:10.0109 2792 dvd_2K - ok
20:25:10.0156 2792 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:25:10.0156 2792 E100B - ok
20:25:10.0187 2792 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:25:10.0187 2792 EapHost - ok
20:25:10.0203 2792 elbycdio - ok
20:25:10.0218 2792 ELhid - ok
20:25:10.0218 2792 ELkbd - ok
20:25:10.0234 2792 eloggersvc6 - ok
20:25:10.0250 2792 emitray - ok
20:25:10.0281 2792 emupia (661cf27263f3e0b553be050a42d357db) C:\WINDOWS\system32\drivers\emupia2k.sys
20:25:10.0281 2792 emupia - ok
20:25:10.0281 2792 enethusb - ok
20:25:10.0390 2792 enterceptAgent (c3d8c7e58d6194286a6d3985cabf19e7) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
20:25:10.0390 2792 enterceptAgent - ok
20:25:10.0406 2792 epsonbidirectionalagent - ok
20:25:10.0421 2792 epson_pm_rpcv2_01 - ok
20:25:10.0453 2792 EraserUtilDrv10621 - ok
20:25:10.0484 2792 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:25:10.0484 2792 ERSvc - ok
20:25:10.0515 2792 euq_monitor - ok
20:25:10.0578 2792 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:25:10.0578 2792 Eventlog - ok
20:25:10.0609 2792 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:25:10.0609 2792 EventSystem - ok
20:25:10.0625 2792 Evian - ok
20:25:10.0640 2792 Exportit - ok
20:25:10.0687 2792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:25:10.0703 2792 Fastfat - ok
20:25:10.0750 2792 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:25:10.0750 2792 FastUserSwitchingCompatibility - ok
20:25:10.0812 2792 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
20:25:10.0812 2792 Fax - ok
20:25:10.0843 2792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:25:10.0843 2792 Fdc - ok
20:25:10.0875 2792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:25:10.0875 2792 Fips - ok
20:25:10.0921 2792 Firehk (f96d1c2c40902604329933374950babb) C:\WINDOWS\system32\DRIVERS\firehk.sys
20:25:10.0921 2792 Firehk - ok
20:25:10.0921 2792 FirehkMP (f96d1c2c40902604329933374950babb) C:\WINDOWS\system32\DRIVERS\firehk.sys
20:25:10.0921 2792 FirehkMP - ok
20:25:10.0968 2792 firelm01 (b536bc3df46fd8f915cdb8cad7961d31) C:\WINDOWS\system32\drivers\firelm01.sys
20:25:10.0968 2792 firelm01 - ok
20:25:11.0015 2792 FirePM (c2a517a2e19584771a6b261ce80f56e9) C:\WINDOWS\system32\Drivers\FirePM.sys
20:25:11.0015 2792 FirePM - ok
20:25:11.0078 2792 FireTDI (59ef4bd94fef480c6085064382dc31bb) C:\WINDOWS\system32\Drivers\FireTDI.sys
20:25:11.0078 2792 FireTDI - ok
20:25:11.0156 2792 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:25:11.0171 2792 FLEXnet Licensing Service - ok
20:25:11.0234 2792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:25:11.0234 2792 Flpydisk - ok
20:25:11.0265 2792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:25:11.0265 2792 FltMgr - ok
20:25:11.0375 2792 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:25:11.0375 2792 FontCache3.0.0.0 - ok
20:25:11.0375 2792 fsaua - ok
20:25:11.0421 2792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:25:11.0421 2792 Fs_Rec - ok
20:25:11.0421 2792 FTDIBUS - ok
20:25:11.0453 2792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:25:11.0453 2792 Ftdisk - ok
20:25:11.0468 2792 FTSER2K - ok
20:25:11.0468 2792 fuj02b1 - ok
20:25:11.0515 2792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:25:11.0515 2792 GEARAspiWDM - ok
20:25:11.0562 2792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:25:11.0562 2792 Gpc - ok
20:25:11.0625 2792 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:25:11.0625 2792 gupdate - ok
20:25:11.0656 2792 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:25:11.0656 2792 gupdatem - ok
20:25:11.0718 2792 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:25:11.0718 2792 gusvc - ok
20:25:11.0781 2792 ha20x2k (862d4185d43128fef7818711f8f30436) C:\WINDOWS\system32\drivers\ha20x2k.sys
20:25:11.0796 2792 ha20x2k - ok
20:25:11.0812 2792 hamachi - ok
20:25:11.0812 2792 Hardlock - ok
20:25:11.0828 2792 hdaudbus - ok
20:25:11.0890 2792 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:25:11.0890 2792 helpsvc - ok
20:25:11.0906 2792 hidir - ok
20:25:11.0937 2792 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:25:11.0937 2792 HidServ - ok
20:25:11.0968 2792 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:25:11.0968 2792 HidUsb - ok
20:25:12.0015 2792 HIPK (c1213a169904db58b58602af542709d7) C:\WINDOWS\system32\drivers\HIPK.sys
20:25:12.0015 2792 HIPK - ok
20:25:12.0093 2792 HIPPSK (24c4f92d7c60f6a84449c2914284e060) C:\WINDOWS\system32\drivers\HIPPSK.sys
20:25:12.0093 2792 HIPPSK - ok
20:25:12.0125 2792 HIPQK (277c13f3df009801eeea728e32607dc6) C:\WINDOWS\system32\drivers\HIPQK.sys
20:25:12.0125 2792 HIPQK - ok
20:25:12.0218 2792 hips (2bc64e4d591358e332e7a84ad15a8d82) C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
20:25:12.0218 2792 hips - ok
20:25:12.0265 2792 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:25:12.0281 2792 hkmsvc - ok
20:25:12.0296 2792 hpdj - ok
20:25:12.0343 2792 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:25:12.0343 2792 hpn - ok
20:25:12.0359 2792 hprfdev - ok
20:25:12.0406 2792 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:25:12.0406 2792 HPZid412 - ok
20:25:12.0421 2792 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:25:12.0437 2792 HPZipr12 - ok
20:25:12.0437 2792 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:25:12.0437 2792 HPZius12 - ok
20:25:12.0531 2792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:25:12.0531 2792 HTTP - ok
20:25:12.0578 2792 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:25:12.0578 2792 HTTPFilter - ok
20:25:12.0609 2792 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:25:12.0609 2792 i2omgmt - ok
20:25:12.0656 2792 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:25:12.0656 2792 i2omp - ok
20:25:12.0687 2792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:25:12.0718 2792 i8042prt - ok
20:25:12.0734 2792 iAimFP5 - ok
20:25:12.0750 2792 iaimtv0 - ok
20:25:12.0765 2792 ialm - ok
20:25:12.0765 2792 icollectservice - ok
20:25:12.0781 2792 id2scaps - ok
20:25:12.0796 2792 idechndr - ok
20:25:12.0875 2792 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:25:12.0875 2792 IDriverT - ok
20:25:13.0000 2792 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:25:13.0015 2792 idsvc - ok
20:25:13.0062 2792 iftpsvc - ok
20:25:13.0093 2792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:25:13.0093 2792 Imapi - ok
20:25:13.0140 2792 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:25:13.0156 2792 ImapiService - ok
20:25:13.0218 2792 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:25:13.0218 2792 ini910u - ok
20:25:13.0234 2792 inorpc - ok
20:25:13.0281 2792 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:25:13.0281 2792 IntelIde - ok
20:25:13.0343 2792 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:25:13.0343 2792 intelppm - ok
20:25:13.0359 2792 InterBaseGuardian - ok
20:25:13.0421 2792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:25:13.0421 2792 Ip6Fw - ok
20:25:13.0453 2792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:25:13.0453 2792 IpFilterDriver - ok
20:25:13.0468 2792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:25:13.0468 2792 IpInIp - ok
20:25:13.0500 2792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:25:13.0500 2792 IpNat - ok
20:25:13.0593 2792 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
20:25:13.0593 2792 iPod Service - ok
20:25:13.0656 2792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:25:13.0656 2792 IPSec - ok
20:25:13.0703 2792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:25:13.0703 2792 IRENUM - ok
20:25:13.0703 2792 irsir - ok
20:25:13.0765 2792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:25:13.0765 2792 isapnp - ok
20:25:13.0781 2792 issuser - ok
20:25:13.0906 2792 JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
20:25:13.0906 2792 JavaQuickStarterService - ok
20:25:13.0953 2792 k56 - ok
20:25:13.0968 2792 k750obex - ok
20:25:14.0000 2792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:25:14.0000 2792 Kbdclass - ok
20:25:14.0015 2792 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:25:14.0031 2792 kbdhid - ok
20:25:14.0046 2792 KLOGNT - ok
20:25:14.0093 2792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:25:14.0093 2792 kmixer - ok
20:25:14.0125 2792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:25:14.0125 2792 KSecDD - ok
20:25:14.0203 2792 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:25:14.0203 2792 lanmanserver - ok
20:25:14.0656 2792 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:25:14.0656 2792 lanmanworkstation - ok
20:25:14.0687 2792 lbrtfdc - ok
20:25:14.0734 2792 LexBceS (bf270f15f6a702444f8ac621bbc30f87) C:\WINDOWS\system32\LEXBCES.EXE
20:25:14.0734 2792 LexBceS - ok
20:25:14.0906 2792 LiveUpdate (fc38b32bfc5f750ff3a5c527f946582b) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
20:25:14.0968 2792 LiveUpdate - ok
20:25:15.0000 2792 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:25:15.0015 2792 LmHosts - ok
20:25:15.0046 2792 lvusbsta - ok
20:25:15.0078 2792 lxcccustomerconnect - ok
20:25:15.0093 2792 maya70docserver - ok
20:25:15.0109 2792 MA_CMIDI - ok
20:25:15.0218 2792 McAfee SiteAdvisor Enterprise Service (4f2d526298cbc517edb82501e8041112) C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
20:25:15.0218 2792 McAfee SiteAdvisor Enterprise Service - ok
20:25:15.0296 2792 McAfeeEngineService (02d0efabb5b71005143c320daf7a0515) C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
20:25:15.0296 2792 McAfeeEngineService - ok
20:25:15.0343 2792 McAfeeFramework (5c46cadc89b1e9b01ce348842b0c2468) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
20:25:15.0343 2792 McAfeeFramework - ok
20:25:15.0390 2792 mcmispupdmgr - ok
20:25:15.0421 2792 McShield (a88c0e2b549734349dc6152b4fe07397) C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
20:25:15.0421 2792 McShield - ok
20:25:15.0453 2792 mcsysmon - ok
20:25:15.0468 2792 McTaskManager (d4e92375308343358a50bfed5d800a76) C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
20:25:15.0468 2792 McTaskManager - ok
20:25:15.0484 2792 mctskshd.exe - ok
20:25:15.0500 2792 mcupdmgr.exe - ok
20:25:15.0515 2792 mcvsrte - ok
20:25:15.0562 2792 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:25:15.0562 2792 Messenger - ok
20:25:15.0609 2792 mfeapfk (a8d2c54c2f71f5cba7ca2734341e57e6) C:\WINDOWS\system32\drivers\mfeapfk.sys
20:25:15.0609 2792 mfeapfk - ok
20:25:15.0640 2792 mfeavfk (28bb783d85df19e9e007e81daf40adcc) C:\WINDOWS\system32\drivers\mfeavfk.sys
20:25:15.0640 2792 mfeavfk - ok
20:25:15.0671 2792 mfebopk (8e43e242073e9db5aa165ebe273ffd09) C:\WINDOWS\system32\drivers\mfebopk.sys
20:25:15.0671 2792 mfebopk - ok
20:25:15.0718 2792 mfehidk (e94d35a2a9b175b34b995ab37216c73e) C:\WINDOWS\system32\drivers\mfehidk.sys
20:25:15.0718 2792 mfehidk - ok
20:25:15.0750 2792 mferkdet (f68c9cda15114b360727fe622e4aec6f) C:\WINDOWS\system32\drivers\mferkdet.sys
20:25:15.0750 2792 mferkdet - ok
20:25:15.0796 2792 mfetdik (78efa6fd2a486c476045eaa1d2f218b7) C:\WINDOWS\system32\drivers\mfetdik.sys
20:25:15.0796 2792 mfetdik - ok
20:25:15.0843 2792 mfevtp (4a736798c76e6bb2cf8224dce34aa480) C:\WINDOWS\system32\mfevtps.exe
20:25:15.0843 2792 mfevtp - ok
20:25:15.0859 2792 mi-raysat_3dsMax2008_32 - ok
20:25:15.0875 2792 midisyn - ok
20:25:15.0875 2792 mirrorv3 - ok
20:25:15.0890 2792 mks_scan - ok
20:25:15.0921 2792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:25:15.0921 2792 mnmdd - ok
20:25:15.0984 2792 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:25:15.0984 2792 mnmsrvc - ok
20:25:16.0046 2792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:25:16.0046 2792 Modem - ok
20:25:16.0093 2792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:25:16.0093 2792 Mouclass - ok
20:25:16.0125 2792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:25:16.0125 2792 mouhid - ok
20:25:16.0140 2792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:25:16.0140 2792 MountMgr - ok
20:25:16.0156 2792 mozybackup - ok
20:25:16.0171 2792 mqdmmdfl - ok
20:25:16.0218 2792 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:25:16.0218 2792 mraid35x - ok
20:25:16.0343 2792 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
20:25:16.0359 2792 MREMPR5 - ok
20:25:16.0390 2792 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
20:25:16.0390 2792 MRENDIS5 - ok
20:25:16.0437 2792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:25:16.0437 2792 MRxDAV - ok
20:25:16.0500 2792 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:25:16.0515 2792 MRxSmb - ok
20:25:16.0562 2792 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:25:16.0562 2792 MSDTC - ok
20:25:16.0578 2792 msdv - ok
20:25:16.0625 2792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:25:16.0625 2792 Msfs - ok
20:25:16.0640 2792 MSIServer - ok
20:25:16.0656 2792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:25:16.0656 2792 MSKSSRV - ok
20:25:16.0671 2792 msloop - ok
20:25:16.0687 2792 msmframework - ok
20:25:16.0703 2792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:25:16.0703 2792 MSPCLOCK - ok
20:25:16.0718 2792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:25:16.0734 2792 MSPQM - ok
20:25:16.0781 2792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:25:16.0781 2792 mssmbios - ok
20:25:16.0796 2792 mssqlserveradhelper - ok
20:25:16.0843 2792 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:25:16.0843 2792 Mup - ok
20:25:16.0859 2792 mwlsvc - ok
20:25:16.0984 2792 MyDesktopWindows (29757099c684927c439847dd51a4fefa) C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
20:25:16.0984 2792 MyDesktopWindows - ok
20:25:17.0031 2792 mysql - ok
20:25:17.0046 2792 nalntservice - ok
20:25:17.0140 2792 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:25:17.0156 2792 napagent - ok
20:25:17.0203 2792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:25:17.0203 2792 NDIS - ok
20:25:17.0296 2792 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:25:17.0296 2792 NdisTapi - ok
20:25:17.0312 2792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:25:17.0328 2792 Ndisuio - ok
20:25:17.0328 2792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:25:17.0343 2792 NdisWan - ok
20:25:17.0375 2792 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:25:17.0375 2792 NDProxy - ok
20:25:17.0421 2792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:25:17.0421 2792 NetBIOS - ok
20:25:17.0437 2792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:25:17.0437 2792 NetBT - ok
20:25:17.0515 2792 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:25:17.0515 2792 NetDDE - ok
20:25:17.0531 2792 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:25:17.0531 2792 NetDDEdsdm - ok
20:25:17.0593 2792 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:25:17.0593 2792 Netlogon - ok
20:25:17.0656 2792 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:25:17.0671 2792 Netman - ok
20:25:17.0765 2792 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
20:25:17.0781 2792 NetSvc - ok
20:25:17.0906 2792 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:25:17.0906 2792 NetTcpPortSharing - ok
20:25:18.0000 2792 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:25:18.0000 2792 NIC1394 - ok
20:25:18.0015 2792 nimxdfk - ok
20:25:18.0031 2792 ni_nic - ok
20:25:18.0078 2792 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:25:18.0078 2792 Nla - ok
20:25:18.0093 2792 NMSAccessU - ok
20:25:18.0109 2792 nmwcdc - ok
20:25:18.0171 2792 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
20:25:18.0171 2792 nosGetPlusHelper - ok
20:25:18.0187 2792 npapimon - ok
20:25:18.0218 2792 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:25:18.0218 2792 Npfs - ok
20:25:18.0281 2792 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:25:18.0281 2792 Ntfs - ok
20:25:18.0296 2792 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:25:18.0296 2792 NtLmSsp - ok
20:25:18.0343 2792 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:25:18.0359 2792 NtmsSvc - ok
20:25:18.0406 2792 ntsyslog - ok
20:25:18.0421 2792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:25:18.0421 2792 Null - ok
20:25:18.0500 2792 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:25:18.0531 2792 nv - ok
20:25:18.0562 2792 nvedavt - ok
20:25:18.0578 2792 NVTCP - ok
20:25:18.0593 2792 NWADI - ok
20:25:18.0609 2792 NWDHCP - ok
20:25:18.0656 2792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:25:18.0656 2792 NwlnkFlt - ok
20:25:18.0687 2792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:25:18.0687 2792 NwlnkFwd - ok
20:25:18.0703 2792 nwrdr - ok
20:25:18.0718 2792 O2SCBUS - ok
20:25:18.0875 2792 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:25:18.0890 2792 odserv - ok
20:25:18.0953 2792 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:25:18.0953 2792 ohci1394 - ok
20:25:19.0000 2792 openvpnservice - ok
20:25:19.0015 2792 oraclemtsrecoveryservice - ok
20:25:19.0031 2792 oracleorahomeagent - ok
20:25:19.0078 2792 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:25:19.0078 2792 ose - ok
20:25:19.0125 2792 ossrv (99f877a7bb6feb5af1184eafe937c208) C:\WINDOWS\system32\drivers\ctoss2k.sys
20:25:19.0125 2792 ossrv - ok
20:25:19.0156 2792 owstimer - ok
20:25:19.0156 2792 padfsvr - ok
20:25:19.0187 2792 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:25:19.0203 2792 Parport - ok
20:25:19.0218 2792 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:25:19.0218 2792 PartMgr - ok
20:25:19.0265 2792 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:25:19.0265 2792 ParVdm - ok
20:25:19.0281 2792 pca - ok
20:25:19.0312 2792 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:25:19.0328 2792 PCI - ok
20:25:19.0328 2792 PCIDump - ok
20:25:19.0359 2792 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:25:19.0359 2792 PCIIde - ok
20:25:19.0375 2792 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:25:19.0375 2792 Pcmcia - ok
20:25:19.0390 2792 PDCOMP - ok
20:25:19.0406 2792 PDFRAME - ok
20:25:19.0421 2792 pdlnemsg - ok
20:25:19.0437 2792 PDRELI - ok
20:25:19.0453 2792 PDRFRAME - ok
20:25:19.0468 2792 penrendezvous - ok
20:25:19.0484 2792 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:25:19.0484 2792 perc2 - ok
20:25:19.0500 2792 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:25:19.0500 2792 perc2hib - ok
20:25:19.0546 2792 persfw - ok
20:25:19.0562 2792 PhilCam8116_XP - ok
20:25:19.0578 2792 picturetaker - ok
20:25:19.0593 2792 pinnaclemarvinusb - ok
20:25:19.0640 2792 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:25:19.0640 2792 PlugPlay - ok
20:25:19.0703 2792 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
20:25:19.0703 2792 Pml Driver HPZ12 - ok
20:25:19.0750 2792 PnkBstrA (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe
20:25:19.0750 2792 PnkBstrA - ok
20:25:19.0796 2792 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:25:19.0796 2792 PolicyAgent - ok
20:25:19.0812 2792 ppped - ok
20:25:19.0875 2792 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:25:19.0875 2792 PptpMiniport - ok
20:25:19.0890 2792 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:25:19.0890 2792 ProtectedStorage - ok
20:25:19.0906 2792 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:25:19.0906 2792 PSched - ok
20:25:19.0921 2792 PSDFilter - ok
20:25:19.0937 2792 psimsvc - ok
20:25:19.0953 2792 PSI_SVC_2 - ok
20:25:19.0968 2792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:25:19.0968 2792 Ptilink - ok
20:25:19.0984 2792 pxfhmdm - ok
20:25:20.0031 2792 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:25:20.0031 2792 PxHelp20 - ok
20:25:20.0078 2792 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:25:20.0078 2792 ql1080 - ok
20:25:20.0093 2792 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:25:20.0093 2792 Ql10wnt - ok
20:25:20.0109 2792 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:25:20.0109 2792 ql12160 - ok
20:25:20.0125 2792 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:25:20.0125 2792 ql1240 - ok
20:25:20.0140 2792 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:25:20.0140 2792 ql1280 - ok
20:25:20.0265 2792 R300 - ok
20:25:20.0281 2792 raidmagt - ok
20:25:20.0312 2792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:25:20.0312 2792 RasAcd - ok
20:25:20.0359 2792 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:25:20.0359 2792 RasAuto - ok
20:25:20.0406 2792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:25:20.0406 2792 Rasl2tp - ok
20:25:20.0468 2792 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:25:20.0468 2792 RasMan - ok
20:25:20.0531 2792 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:25:20.0531 2792 RasPppoe - ok
20:25:20.0546 2792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:25:20.0546 2792 Raspti - ok
20:25:20.0578 2792 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:25:20.0578 2792 Rdbss - ok
20:25:20.0593 2792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:25:20.0609 2792 RDPCDD - ok
20:25:20.0640 2792 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:25:20.0640 2792 rdpdr - ok
20:25:20.0687 2792 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:25:20.0687 2792 RDPWD - ok
20:25:20.0734 2792 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:25:20.0734 2792 RDSessMgr - ok
20:25:20.0781 2792 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:25:20.0781 2792 redbook - ok
20:25:20.0796 2792 regmon701 - ok
20:25:20.0859 2792 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:25:20.0859 2792 RemoteAccess - ok
20:25:20.0937 2792 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:25:20.0937 2792 RemoteRegistry - ok
20:25:20.0953 2792 roxmediadb - ok
20:25:20.0968 2792 roxmediadb9 - ok
20:25:21.0031 2792 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:25:21.0031 2792 RpcLocator - ok
20:25:21.0078 2792 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:25:21.0093 2792 RpcSs - ok
20:25:21.0109 2792 rpskt - ok
20:25:21.0125 2792 RR2Mjpeg - ok
20:25:21.0187 2792 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:25:21.0187 2792 RSVP - ok
20:25:21.0203 2792 RushTopDevice - ok
20:25:21.0218 2792 rxfilter - ok
20:25:21.0234 2792 s616nd5 - ok
20:25:21.0250 2792 s716mdm - ok
20:25:21.0265 2792 s716unic - ok
20:25:21.0281 2792 SaiClass - ok
20:25:21.0343 2792 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:25:21.0343 2792 SamSs - ok
20:25:21.0359 2792 savscan - ok
20:25:21.0375 2792 SbcpHid - ok
20:25:21.0390 2792 sbiesvc - ok
20:25:21.0421 2792 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:25:21.0437 2792 SCardSvr - ok
20:25:21.0500 2792 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:25:21.0500 2792 Schedule - ok
20:25:21.0515 2792 SE2Cobex - ok
20:25:21.0546 2792 se2End5 - ok
20:25:21.0562 2792 SE2Eobex - ok
20:25:21.0578 2792 se44mgmt - ok
20:25:21.0593 2792 se58bus - ok
20:25:21.0625 2792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:25:21.0625 2792 Secdrv - ok
20:25:21.0687 2792 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:25:21.0687 2792 seclogon - ok
20:25:21.0750 2792 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:25:21.0750 2792 SENS - ok
20:25:21.0812 2792 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:25:21.0812 2792 serenum - ok
20:25:21.0859 2792 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:25:21.0859 2792 Serial - ok
20:25:21.0906 2792 SetupSys - ok
20:25:21.0953 2792 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:25:21.0953 2792 Sfloppy - ok
20:25:22.0062 2792 SgtSch2Svc (c240035fb95c2faef99cfc2403edcd46) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
20:25:22.0062 2792 SgtSch2Svc - ok
20:25:22.0171 2792 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:25:22.0187 2792 SharedAccess - ok
20:25:22.0234 2792 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:25:22.0250 2792 ShellHWDetection - ok
20:25:22.0281 2792 Si3132r5 - ok
20:25:22.0296 2792 SilverLink - ok
20:25:22.0312 2792 Simbad - ok
20:25:22.0406 2792 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:25:22.0406 2792 sisagp - ok
20:25:22.0421 2792 SiSGbeXP - ok
20:25:22.0437 2792 siskp - ok
20:25:22.0453 2792 SiSRaid - ok
20:25:22.0468 2792 slservice - ok
20:25:22.0531 2792 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
20:25:22.0531 2792 snapman - ok
20:25:22.0562 2792 sonytvc - ok
20:25:22.0593 2792 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:25:22.0593 2792 Sparrow - ok
20:25:22.0640 2792 speakerphone - ok
20:25:22.0656 2792 speedfan - ok
20:25:22.0687 2792 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:25:22.0687 2792 splitter - ok
20:25:22.0750 2792 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:25:22.0750 2792 Spooler - ok
20:25:22.0765 2792 sprtsvc_ddoctorv2 - ok
20:25:22.0781 2792 sprtsvc_dellsupportcenter - ok
20:25:22.0796 2792 sptisrv - ok
20:25:22.0812 2792 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:25:22.0812 2792 sr - ok
20:25:22.0828 2792 srescan - ok
20:25:22.0890 2792 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:25:22.0890 2792 srservice - ok
20:25:22.0937 2792 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:25:22.0937 2792 Srv - ok
20:25:22.0953 2792 sscdbhk5 - ok
20:25:23.0015 2792 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:25:23.0031 2792 SSDPSRV - ok
20:25:23.0046 2792 SSHDRV61 - ok
20:25:23.0062 2792 stirusb - ok
20:25:23.0156 2792 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:25:23.0187 2792 stisvc - ok
20:25:23.0203 2792 SunkFilt39 - ok
20:25:23.0218 2792 Sunkfiltp - ok
20:25:23.0296 2792 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:25:23.0296 2792 swenum - ok
20:25:23.0343 2792 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:25:23.0359 2792 swmidi - ok
20:25:23.0375 2792 SwPrv - ok
20:25:23.0390 2792 swupdtmr - ok
20:25:23.0421 2792 symantecantibotagent - ok
20:25:23.0453 2792 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:25:23.0453 2792 symc810 - ok
20:25:23.0468 2792 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:25:23.0468 2792 symc8xx - ok
20:25:23.0500 2792 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:25:23.0500 2792 sym_hi - ok
20:25:23.0546 2792 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:25:23.0546 2792 sym_u3 - ok
20:25:23.0578 2792 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:25:23.0578 2792 sysaudio - ok
20:25:23.0640 2792 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:25:23.0640 2792 SysmonLog - ok
20:25:23.0671 2792 tabletservice - ok
20:25:23.0687 2792 tapeware - ok
20:25:23.0734 2792 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:25:23.0750 2792 TapiSrv - ok
20:25:23.0796 2792 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:25:23.0828 2792 Tcpip - ok
20:25:23.0859 2792 TdmService - ok
20:25:23.0890 2792 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:25:23.0890 2792 TDPIPE - ok
20:25:23.0937 2792 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
20:25:23.0937 2792 tdrpman - ok
20:25:24.0000 2792 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:25:24.0000 2792 TDTCP - ok
20:25:24.0031 2792 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:25:24.0031 2792 TermDD - ok
20:25:24.0109 2792 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:25:24.0140 2792 TermService - ok
20:25:24.0171 2792 TestHandler - ok
20:25:24.0265 2792 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:25:24.0265 2792 Themes - ok
20:25:24.0328 2792 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
20:25:24.0328 2792 tifsfilter - ok
20:25:24.0390 2792 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
20:25:24.0390 2792 timounter - ok
20:25:24.0453 2792 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:25:24.0453 2792 TlntSvr - ok
20:25:24.0515 2792 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:25:24.0515 2792 TosIde - ok
20:25:24.0578 2792 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:25:24.0578 2792 TrkWks - ok
20:25:24.0625 2792 TryAndDecideService - ok
20:25:24.0640 2792 TSHWMDTCP - ok
20:25:24.0671 2792 U3sHlpDr - ok
20:25:24.0703 2792 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:25:24.0703 2792 Udfs - ok
20:25:24.0718 2792 ufdsvc - ok
20:25:24.0750 2792 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:25:24.0765 2792 ultra - ok
20:25:24.0781 2792 ultra66 - ok
20:25:24.0796 2792 umpusbxp - ok
20:25:24.0812 2792 umwdf - ok
20:25:24.0859 2792 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:25:24.0890 2792 Update - ok
20:25:24.0937 2792 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:25:24.0953 2792 upnphost - ok
20:25:25.0093 2792 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:25:25.0093 2792 UPS - ok
20:25:25.0140 2792 USB11LDR - ok
20:25:25.0187 2792 USB28xxOEM - ok
20:25:25.0218 2792 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:25:25.0218 2792 USBAAPL - ok
20:25:25.0265 2792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:25:25.0265 2792 usbccgp - ok
20:25:25.0281 2792 USBCCID - ok
20:25:25.0328 2792 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:25:25.0328 2792 usbehci - ok
20:25:25.0343 2792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:25:25.0343 2792 usbhub - ok
20:25:25.0359 2792 usbio - ok
20:25:25.0375 2792 USBMN1X1 - ok
20:25:25.0421 2792 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:25:25.0421 2792 usbprint - ok
20:25:25.0453 2792 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:25:25.0453 2792 usbscan - ok
20:25:25.0484 2792 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:25:25.0484 2792 USBSTOR - ok
20:25:25.0500 2792 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:25:25.0515 2792 usbuhci - ok
20:25:25.0531 2792 USBVCD - ok
20:25:25.0546 2792 usb_rndisx - ok
20:25:25.0562 2792 uscbs108 - ok
20:25:25.0578 2792 USIUDF - ok
20:25:25.0593 2792 usprserv - ok
20:25:25.0640 2792 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:25:25.0640 2792 VgaSave - ok
20:25:25.0671 2792 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:25:25.0687 2792 viaagp - ok
20:25:25.0718 2792 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:25:25.0718 2792 ViaIde - ok
20:25:25.0734 2792 VIAPFD - ok
20:25:25.0750 2792 vncmirror - ok
20:25:25.0781 2792 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:25:25.0781 2792 VolSnap - ok
20:25:25.0796 2792 vpcbus - ok
20:25:25.0812 2792 vpcusb - ok
20:25:25.0875 2792 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:25:25.0875 2792 VSS - ok
20:25:25.0906 2792 vusbbus - ok
20:25:25.0968 2792 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:25:25.0968 2792 w32time - ok
20:25:26.0000 2792 w550mdfl - ok
20:25:26.0015 2792 W8335XP - ok
20:25:26.0031 2792 wacommousefilter - ok
20:25:26.0046 2792 WacomVKHid - ok
20:25:26.0093 2792 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:25:26.0093 2792 Wanarp - ok
20:25:26.0109 2792 wanatw - ok
20:25:26.0125 2792 wandrv - ok
20:25:26.0140 2792 wanusb - ok
20:25:26.0156 2792 WDICA - ok
20:25:26.0203 2792 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:25:26.0203 2792 wdmaud - ok
20:25:26.0265 2792 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:25:26.0265 2792 WebClient - ok
20:25:26.0296 2792 wg111nd5 - ok
20:25:26.0390 2792 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:25:26.0390 2792 winmgmt - ok
20:25:26.0421 2792 winmtsrv - ok
20:25:26.0468 2792 wintabservice - ok
20:25:26.0484 2792 wlluc48b - ok
20:25:26.0515 2792 WmaCDriverV32 - ok
20:25:26.0546 2792 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:25:26.0546 2792 WmdmPmSN - ok
20:25:26.0609 2792 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:25:26.0609 2792 Wmi - ok
20:25:26.0671 2792 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:25:26.0671 2792 WmiApSrv - ok
20:25:26.0687 2792 wmp54gv4svc - ok
20:25:26.0781 2792 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:25:26.0812 2792 WMPNetworkSvc - ok
20:25:26.0843 2792 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:25:26.0859 2792 WS2IFSL - ok
20:25:26.0906 2792 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:25:26.0906 2792 wscsvc - ok
20:25:26.0968 2792 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:25:26.0984 2792 wuauserv - ok
20:25:27.0015 2792 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:25:27.0031 2792 WudfPf - ok
20:25:27.0078 2792 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:25:27.0078 2792 WudfRd - ok
20:25:27.0109 2792 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:25:27.0125 2792 WudfSvc - ok
20:25:27.0218 2792 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:25:27.0218 2792 WZCSVC - ok
20:25:27.0296 2792 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:25:27.0296 2792 xmlprov - ok
20:25:27.0343 2792 ZD1211BU(ZyDAS) - ok
20:25:27.0359 2792 zdeviceservice - ok
20:25:27.0406 2792 ZDPSp50 - ok
20:25:27.0421 2792 zfdwm - ok
20:25:27.0437 2792 zppinger - ok
20:25:27.0453 2792 zpsc - ok
20:25:27.0468 2792 ZuneBusEnum - ok
20:25:27.0500 2792 ZuneWlanCfgSvc - ok
20:25:27.0531 2792 {e2b953a6-195a-44f9-9ba3-3d5f4e32bb55} - ok
20:25:27.0578 2792 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
20:25:27.0609 2792 \Device\Harddisk0\DR0 - ok
20:25:27.0625 2792 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
20:25:27.0765 2792 \Device\Harddisk1\DR1 - ok
20:25:27.0796 2792 Boot (0x1200) (bd655d09b7c592923c114d7fecdc49c0) \Device\Harddisk0\DR0\Partition0
20:25:27.0796 2792 \Device\Harddisk0\DR0\Partition0 - ok
20:25:27.0796 2792 Boot (0x1200) (60848eb7db86f0380aa445598db3c47a) \Device\Harddisk1\DR1\Partition0
20:25:27.0796 2792 \Device\Harddisk1\DR1\Partition0 - ok
20:25:27.0796 2792 ============================================================
20:25:27.0796 2792 Scan finished
20:25:27.0796 2792 ============================================================
20:25:27.0812 1976 Detected object count: 1
20:25:27.0812 1976 Actual detected object count: 1
20:25:50.0812 1976 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:25:50.0812 1976 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

#7 ramqcsport98

ramqcsport98
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 06 April 2012 - 09:50 PM

aswMBR just ran successfully. I simply deleted the contents of my Documents and Settings/<user>/Local Settings/Temp folder, including an "_av4_" folder, and it ran quickly. Was it supposed to use these files to run, or is this OK?


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-06 21:38:30
-----------------------------
21:38:30.234 OS Version: Windows 5.1.2600 Service Pack 3
21:38:30.234 Number of processors: 2 586 0x604
21:38:30.234 ComputerName: homePC UserName:
21:38:35.031 Initialize success
21:38:46.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-18
21:38:46.750 Disk 0 Vendor: WDC_WD2500JS-75NCB2 10.02E03 Size: 238418MB BusType: 3
21:38:46.750 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-20
21:38:46.750 Disk 1 Vendor: ST32000542AS CC34 Size: 1907729MB BusType: 3
21:38:46.781 Disk 0 MBR read successfully
21:38:46.781 Disk 0 MBR scan
21:38:46.796 Disk 0 unknown MBR code
21:38:46.796 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
21:38:46.796 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 234793 MB offset 112455
21:38:46.828 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3561 MB offset 480970035
21:38:46.843 Disk 0 scanning sectors +488263545
21:38:46.953 Disk 0 scanning C:\WINDOWS\system32\drivers
21:39:09.281 Service scanning
21:39:46.515 Modules scanning
21:40:05.500 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
21:40:08.218 Disk 0 trace - called modules:
21:40:08.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
21:40:08.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a78aab8]
21:40:08.250 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-18[0x8a7abd98]
21:40:08.250 Scan finished successfully
21:46:19.687 Disk 0 MBR has been saved successfully to "L:\MBR.dat"
21:46:19.703 The log file has been saved successfully to "L:\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:13 AM

Posted 06 April 2012 - 10:02 PM

Greetings

How are things running at this time?


At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ramqcsport98

ramqcsport98
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 07 April 2012 - 11:44 AM

ComboFix ran successfully and produced the following log file. The PC seems to be running OK, but I have all of the AV/Spyware/etc... disabled. I will re-enable everything and put it back online to see how it does. Is there anything in these logs that looks suspicious that I need to be aware of?

ComboFix 12-04-01.03 - user1 04/07/2012 10:42:59.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1372 [GMT -5:00]
Running from: c:\documents and settings\user1\Desktop\PC Tools\ComboFix.exe
Command switches used :: c:\documents and settings\user1\Desktop\PC Tools\CFScript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *Enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\captureservice.dll
.
---- Previous Run -------
.
c:\windows\system32\mi-raysat_3dsmax9_32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ATITOOL
-------\Service_atitool
-------\Legacy_SAICLASS
-------\Service_SaiClass
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 16:01 . 2010-01-26 23:56 40328 ----a-w- c:\windows\system32\HIPIS0e011b5.dll
2012-04-04 03:57 . 2008-04-13 17:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-04-04 03:57 . 2008-04-13 17:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2012-03-27 22:26 . 2012-04-07 15:27 -------- d-----w- C:\Quarantine
2012-03-27 22:13 . 2012-03-27 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-03-22 16:36 . 2012-03-22 16:36 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-22 16:36 . 2012-03-22 16:36 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2004-08-11 22:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 07:25 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-11 22:11 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-22 16:36 . 2011-05-20 13:34 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-10-23 02:07 . 2012-03-07 16:45 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-04_04.02.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-07 16:01 . 2012-04-07 16:01 16384 c:\windows\Temp\Perflib_Perfdata_440.dat
+ 2012-04-07 16:01 . 2012-04-07 16:01 16384 c:\windows\Temp\Perflib_Perfdata_25c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user1^Start Menu^Programs^Startup^SyncBack.lnk]
path=c:\documents and settings\user1\Start Menu\Programs\Startup\SyncBack.lnk
backup=c:\windows\pss\SyncBack.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-10-17 00:42 904840 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDrvEmulator]
2005-11-04 23:07 49152 ------w- c:\program files\Creative\Shared Files\Module Loader\DLLML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2009-10-17 00:37 1325936 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2006-05-03 08:12 98304 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Host Intrusion Prevention Tray]
2010-06-15 17:50 979104 ----a-w- c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2011-05-19 22:05 161088 ----a-w- c:\program files\McAfee\Common Framework\UdaterUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 21:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
2009-10-17 00:39 136544 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2010-10-23 02:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
2007-01-18 19:20 190008 ----a-w- c:\program files\Seagate\SystemTray\StxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-19 00:09 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5033:TCP"= 5033:TCP:JAlbum
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/11/2004 5:00 PM 14336]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [6/15/2010 12:50 PM 1498224]
R2 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [3/7/2012 11:59 AM 35696]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [10/22/2010 9:07 PM 22816]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/7/2012 11:45 AM 69192]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 7:39 PM 431456]
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [3/7/2012 11:58 AM 44680]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [3/7/2012 11:59 AM 107960]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [3/7/2012 11:59 AM 38680]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [3/7/2012 11:59 AM 35552]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2011 9:17 PM 135664]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [5/12/2011 12:48 PM 324928]
S3 EraserUtilDrv10621;EraserUtilDrv10621;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10621.sys --> c:\program files\Common Files\Symantec

Shared\EENGINE\EraserUtilDrv10621.sys [?]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [3/7/2012 11:58 AM 44680]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2011 9:17 PM 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/7/2012 11:45 AM 66536]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/11/2004 5:00 PM 14336]
UnknownUnknown dsload;dsload; [x]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - dsgrab_01c87d7be3ac26fe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
mi-raysat_3dsMax2008_32
idechndr
oraclemtsrecoveryservice
pdlnemsg
ppped
wmp54gv4svc
hprfdev
id2scaps
Evian
mcupdmgr.exe
usb_rndisx
SbcpHid
s716mdm
vpcbus
deckzpsx
CrystalSysInfo
dbmang
ZuneWlanCfgSvc
s716unic
k56
se2End5
maya70docserver
btfirst
aspi32
ELhid
vusbbus
regmon701
SilverLink
WmaCDriverV32
speedfan
vncmirror
cdudf_xp
cqmgstor
antivirservice
epson_pm_rpcv2_01
USBCCID
CBN
SunkFilt39
cpuidlep
R300
FTSER2K
wlluc48b
zfdwm
msdv
ELkbd
bthserv
nmwcdc
bc_filter
ultra66
W8335XP
iAimFP5
cportclm
midisyn
PSDFilter
tabletservice
psimsvc
wandrv
usbio
zpsc
cwafreportscheduler
ni_nic
mozybackup
ntsyslog
csctl50
mcmispupdmgr
msmframework
CXTUNE
mwlsvc
fsaua
SiSGbeXP
acs
mqdmmdfl
hdaudbus
speakerphone
cpqfcalm
penrendezvous
owstimer
ialm
w550mdfl
spbbcsvc
openvpnservice
dsNcAdpt
elbycdio
eloggersvc6
NWADI
MA_CMIDI
winmtsrv
cpqvcagent
autostore
roxmediadb
savscan
SE2Eobex
captureservice
DcFpoint
SE2Cobex
KLOGNT
hpdj
cltnetcnservice
TdmService
mssqlserveradhelper
VIAPFD
roxmediadb9
AdfuUd
ctljystk
stirusb
mks_scan
USB11LDR
nwrdr
raidmagt
mcvsrte
s616nd5
umwdf
icollectservice
DS1410D
Afc
artdhcp
hidir
WacomVKHid
slservice
NMSAccessU
DritekPortIO
PSI_SVC_2
USBMN1X1
USIUDF
epsonbidirectionalagent
zppinger
atmeltpm
Exportit
ati
wacommousefilter
TSHWMDTCP
siskp
msloop
pca
nvedavt
ASDR
bdfdll
USB28xxOEM
nimxdfk
U3sHlpDr
persfw
curtainssyssvc
ahcix86s
umpusbxp
Sunkfiltp
InterBaseGuardian
lxcccustomerconnect
axsaki
symantecantibotagent
emitray
mcsysmon
sscdbhk5
sptisrv
oracleorahomeagent
cercsr6
hamachi
iftpsvc
usprserv
se44mgmt
sbiesvc
dvd_2K
sprtsvc_dellsupportcenter
ilicensesvc
padfsvr
dptrackerd
mirrorv3
aclient
aavmker4
lvusbsta
RushTopDevice
rpskt
SetupSys
USA49W2KP
aswmon2
enethusb
sigfilt
pxfhmdm
sonytvc
sprtsvc_ddoctorv2
NVTCP
picturetaker
FTDIBUS
BASFND
iaimtv0
SSHDRV61
bt3cser
pinnaclemarvinusb
SiSRaid
npapimon
PhilCam8116_XP
O2SCBUS
wintabservice
RR2Mjpeg
USBVCD
mysql
uscbs108
ufdsvc
TestHandler
rxfilter
issuser
ATIVTUTW
euq_monitor
advantage
ZuneBusEnum
{e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}
wanusb
zdeviceservice
clmtomcatstartersvc
tapeware
swupdtmr
emu10k
ZD1211BU(ZyDAS)
CA561
NWDHCP
fuj02b1
bgs_sdservice
se58bus
Hardlock
CTDevice_Srv
Si3132r5
mctskshd.exe
inorpc
k750obex
wg111nd5
irsir
nalntservice
vpcusb
TryAndDecideService
Amsmpu4p
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 02:17]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 02:17]
.
2012-04-07 c:\windows\Tasks\SyncBack Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-07 c:\windows\Tasks\SyncBack stuff.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-07 c:\windows\Tasks\SyncBack pics.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-07 c:\windows\Tasks\SyncBack user1.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-07 c:\windows\Tasks\SyncBack Lightroom.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-07 c:\windows\Tasks\SyncBack My Pictures.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
2012-04-07 c:\windows\Tasks\SyncBack Photos To Process.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-03-27 21:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.sbc.com/dsl
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\wwezx4i4.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-07 11:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1776)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(3144)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\windows\CTHELPER.EXE
c:\windows\system32\CTXFIHLP.EXE
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\windows\system32\taskmgr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2012-04-07 11:16:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-07 16:16
ComboFix2.txt 2012-04-04 05:05
ComboFix3.txt 2012-04-04 04:16
.
Pre-Run: 23,557,767,168 bytes free
Post-Run: 23,524,839,424 bytes free
.
- - End Of File - - 7C1557AE853743F06AA1E92DC028DD1C

Thanks,

Dom

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:13 AM

Posted 07 April 2012 - 12:21 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8.1.2
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 17
Viewpoint Media Player
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:13 AM

Posted 09 April 2012 - 11:24 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ramqcsport98

ramqcsport98
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 10 April 2012 - 04:58 PM

I have already performed most of the steps you requested, but need just a little more time to complete them. I will get the results posted as soon as possible.

Thanks!

Dom

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:13 AM

Posted 10 April 2012 - 06:30 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ramqcsport98

ramqcsport98
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 11 April 2012 - 10:43 AM

I have removed/updated the programs you suggested and have also run mBam again and HijackThis, for which I have posted the logs below:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.07.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user1 :: homePC [administrator]

4/11/2012 9:36:50 AM
mbam-log-2012-04-11 (09-36-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260606
Time elapsed: 31 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:38:35 AM, on 4/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153865317882
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HIPSCore Service (hips) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

--
End of file - 14482 bytes

Thanks,

Dom

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:13 AM

Posted 11 April 2012 - 11:10 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
      O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
      O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - Startup: SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users