Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome & IE redirect searches can't get rid of


  • This topic is locked This topic is locked
15 replies to this topic

#1 timc_fla

timc_fla

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 02 April 2012 - 06:31 AM

The redirect to Happli or whatever site.

2 other problems that started at the same time: On reboot I receive an error message of:

Error in C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll
Missing entry:RunDLLEntry

I have also seen Malwarebytes coming up in tasktray saying it has blocked a outgoing message and gives and IP address that I can't catch.


So far I have tried to run Superantispyware then Malwarebytes. Superantispyware only found tracking cookies and Malwarebytes did not find anything thing. So read your boards and found the "HAPPLI" redirect post. followed the directions on that and ran "Combofix" and tried Chrome (my default browser) it seemed to have worked for about 2 seconds. Went to IE and tried and I was immediately redirected. Went back to Chrome and was now redirected again. Step by step I ran combofix a 2nd time. I did not receive any type of "illegal operation errors" during the process either time. Restarted the computer problem continues.

I have followed the preparation guide step by step log below


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by TynaC at 21:40:47 on 2012-04-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2048 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\TynaC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TynaC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TynaC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TynaC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TynaC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TynaC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TynaC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TynaC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe
C:\Documents and Settings\TynaC\Desktop\Defogger.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\TynaC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page =
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Connection Wizard,ShellNext = hxxp://www.msi.com/index.php?func=html&name=service_edm
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll
BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\tynac\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Spotify] "c:\documents and settings\tynac\application data\spotify\Spotify.exe" /uri spotify:autostart
uRun: [Facebook Update] "c:\documents and settings\tynac\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe"
mRun: [EzPrint] "c:\program files\lexmark 7300 series\ezprint.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DVD or CD Sharing] "c:\program files\dvd or cd sharing\ODSAgent.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,RunDLLEntry
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir8d204.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FB695D3B-30C3-4C0B-822A-C7CBE3CC61DE} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-1 652360]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-1-12 68928]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
R3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-1 20464]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-1-2 1691480]
S3 FLASHSYS;FLASHSYS;c:\program files\msi\live update 4\lu4\FlashSys.sys [2011-1-2 9216]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-01 17:33:27 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 20:50:25 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 02:19:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-26 18:10:13 -------- d-----w- c:\documents and settings\tynac\local settings\application data\Facebook
2012-03-26 18:09:55 -------- d-----w- c:\program files\Microsoft
2012-03-25 01:53:19 -------- d-----w- c:\documents and settings\tynac\local settings\application data\WMTools Downloaded Files
2012-03-10 01:56:25 89088 --sha-r- c:\windows\system32\lxcicu8.dll
.
==================== Find3M ====================
.
2012-03-31 20:50:25 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 21:41:19.56 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 05 April 2012 - 02:09 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 timc_fla

timc_fla
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 07 April 2012 - 08:07 AM

Gringo,
Thank you for your response. The problem still continues :(

Here is the gmer log as requested.

ComboFix 12-04-01.01 - TynaC 04/01/2012 23:23:12.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2248 [GMT -4:00]
Running from: c:\documents and settings\TynaC\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-01 17:33 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 20:50 . 2012-03-31 20:50 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 02:19 . 2012-03-31 02:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-26 18:10 . 2012-03-26 18:10 -------- d-----w- c:\documents and settings\TynaC\Local Settings\Application Data\Facebook
2012-03-26 18:09 . 2012-03-26 18:09 -------- d-----w- c:\program files\Microsoft
2012-03-26 18:08 . 2012-03-26 18:08 -------- d-----w- c:\program files\Common Files\Skype
2012-03-25 01:53 . 2012-03-25 01:53 -------- d-----w- c:\documents and settings\TynaC\Local Settings\Application Data\WMTools Downloaded Files
2012-03-10 01:56 . 2012-03-10 01:56 89088 --sha-r- c:\windows\system32\lxcicu8.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 20:50 . 2011-05-25 17:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 03:52 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-01-02 22:05 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-11-18 00:29 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\TynaC\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\TynaC\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\TynaC\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\TynaC\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-20 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
"Facebook Update"="c:\documents and settings\TynaC\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-03-26 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-06-08 19552872]
"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2005-09-30 200704]
"EzPrint"="c:\program files\Lexmark 7300 Series\ezprint.exe" [2005-08-01 94208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DVD or CD Sharing"="c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-21 619832]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-11-18 901800]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LXCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2005-09-08 73728]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcicoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcipswx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\TynaC\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\DLink\\DNS-320\\D-Link Storage Utility.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DVD or CD Sharing\\ODSAgent.exe"=
"c:\\Program Files\\DVD or CD Sharing\\RemoteInstallMacOSX.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Samsung\\Intelli-studio\\iStudio.exe"=
"c:\\Documents and Settings\\TynaC\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"5353:UDP"= 5353:UDP:Bonjour
"49807:TCP"= 49807:TCP:Windows Core Service
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [2/13/2012 9:19 PM 193816]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/1/2012 1:33 PM 652360]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [1/12/2011 3:40 PM 68928]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [2/13/2012 9:19 PM 240408]
R3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/1/2012 1:33 PM 20464]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/20/2011 6:42 AM 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 4:50 PM 253600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/2/2011 6:31 PM 1691480]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [1/2/2011 6:38 PM 9216]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/20/2011 6:42 AM 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:50]
.
2012-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-04-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1390067357-573735546-725345543-1003Core.job
- c:\documents and settings\TynaC\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-03-26 18:23]
.
2012-04-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1390067357-573735546-725345543-1003UA.job
- c:\documents and settings\TynaC\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-03-26 18:23]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 10:42]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 10:42]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-573735546-725345543-1003Core.job
- c:\documents and settings\TynaC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-18 01:07]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-573735546-725345543-1003UA.job
- c:\documents and settings\TynaC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-18 01:07]
.
2012-04-02 c:\windows\Tasks\qynr.job
- c:\windows\system32\lxcicu8.dll [2012-03-10 01:56]
.
2012-04-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-11-18 00:29]
.
2012-04-02 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2012-02-22 22:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.msi.com/index.php?func=html&name=service_edm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-01 23:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1964)
c:\windows\system32\WININET.dll
c:\documents and settings\TynaC\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-01 23:31:49
ComboFix-quarantined-files.txt 2012-04-02 03:31
ComboFix2.txt 2012-04-02 03:04
.
Pre-Run: 166,030,831,616 bytes free
Post-Run: 166,017,630,208 bytes free
.
- - End Of File - - F5A96D7F810624FF1F9A65A5108CD78E

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 07 April 2012 - 10:41 AM

Greetings

I want you to uninstall chrome and if it asks about user data or settings then remove that also'

when that is complete I want you to reinstall chrome and check if chrome and IE still redirects

Then I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 timc_fla

timc_fla
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 07 April 2012 - 04:35 PM

Reports from TDSSKiller and aswMBR


17:24:34.0703 2588 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
17:24:35.0140 2588 ============================================================
17:24:35.0140 2588 Current date / time: 2012/04/07 17:24:35.0140
17:24:35.0140 2588 SystemInfo:
17:24:35.0140 2588
17:24:35.0140 2588 OS Version: 5.1.2600 ServicePack: 3.0
17:24:35.0140 2588 Product type: Workstation
17:24:35.0140 2588 ComputerName: TYNA
17:24:35.0140 2588 UserName: TynaC
17:24:35.0140 2588 Windows directory: C:\WINDOWS
17:24:35.0140 2588 System windows directory: C:\WINDOWS
17:24:35.0140 2588 Processor architecture: Intel x86
17:24:35.0140 2588 Number of processors: 4
17:24:35.0140 2588 Page size: 0x1000
17:24:35.0140 2588 Boot type: Normal boot
17:24:35.0140 2588 ============================================================
17:24:36.0765 2588 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x764A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000058
17:24:36.0765 2588 \Device\Harddisk0\DR0:
17:24:36.0765 2588 MBR used
17:24:36.0765 2588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C5541
17:24:36.0765 2588 Initialize success
17:24:36.0765 2588 ============================================================
17:24:41.0375 1452 ============================================================
17:24:41.0375 1452 Scan started
17:24:41.0375 1452 Mode: Manual;
17:24:41.0375 1452 ============================================================
17:24:42.0312 1452 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:24:42.0312 1452 !SASCORE - ok
17:24:42.0343 1452 Abiosdsk - ok
17:24:42.0359 1452 abp480n5 - ok
17:24:42.0390 1452 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:24:42.0390 1452 ACPI - ok
17:24:42.0421 1452 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:24:42.0421 1452 ACPIEC - ok
17:24:42.0468 1452 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:24:42.0468 1452 AdobeFlashPlayerUpdateSvc - ok
17:24:42.0515 1452 adpu160m - ok
17:24:42.0578 1452 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:24:42.0578 1452 aec - ok
17:24:42.0609 1452 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:24:42.0609 1452 AFD - ok
17:24:42.0609 1452 Aha154x - ok
17:24:42.0625 1452 aic78u2 - ok
17:24:42.0625 1452 aic78xx - ok
17:24:42.0656 1452 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:24:42.0656 1452 Alerter - ok
17:24:42.0671 1452 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:24:42.0671 1452 ALG - ok
17:24:42.0703 1452 AliIde - ok
17:24:42.0765 1452 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
17:24:42.0781 1452 Ambfilt - ok
17:24:42.0796 1452 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
17:24:42.0796 1452 AmdPPM - ok
17:24:42.0812 1452 amsint - ok
17:24:42.0875 1452 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:24:42.0875 1452 Apple Mobile Device - ok
17:24:42.0937 1452 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:24:42.0937 1452 AppMgmt - ok
17:24:42.0937 1452 asc - ok
17:24:42.0953 1452 asc3350p - ok
17:24:42.0953 1452 asc3550 - ok
17:24:43.0015 1452 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:24:43.0062 1452 aspnet_state - ok
17:24:43.0093 1452 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:24:43.0093 1452 AsyncMac - ok
17:24:43.0125 1452 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:24:43.0125 1452 atapi - ok
17:24:43.0156 1452 Atdisk - ok
17:24:43.0187 1452 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:24:43.0187 1452 Atmarpc - ok
17:24:43.0203 1452 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:24:43.0203 1452 AudioSrv - ok
17:24:43.0234 1452 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:24:43.0234 1452 audstub - ok
17:24:43.0296 1452 BBSvc (47480f4260dae9aa589bcaf924b3767a) C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.exe
17:24:43.0296 1452 BBSvc - ok
17:24:43.0312 1452 BBUpdate (6bf743cbf3bcd09dab79245e60e1ae62) C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe
17:24:43.0312 1452 BBUpdate - ok
17:24:43.0375 1452 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:24:43.0375 1452 Beep - ok
17:24:43.0406 1452 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:24:43.0437 1452 BITS - ok
17:24:43.0484 1452 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:24:43.0500 1452 Bonjour Service - ok
17:24:43.0578 1452 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:24:43.0578 1452 Browser - ok
17:24:43.0656 1452 catchme - ok
17:24:43.0687 1452 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:24:43.0703 1452 cbidf2k - ok
17:24:43.0718 1452 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:24:43.0718 1452 CCDECODE - ok
17:24:43.0734 1452 cd20xrnt - ok
17:24:43.0765 1452 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:24:43.0765 1452 Cdaudio - ok
17:24:43.0796 1452 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:24:43.0796 1452 Cdfs - ok
17:24:43.0828 1452 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:24:43.0828 1452 Cdrom - ok
17:24:43.0828 1452 Changer - ok
17:24:43.0859 1452 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:24:43.0859 1452 CiSvc - ok
17:24:43.0890 1452 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:24:43.0890 1452 ClipSrv - ok
17:24:43.0953 1452 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:24:43.0968 1452 clr_optimization_v2.0.50727_32 - ok
17:24:44.0031 1452 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:24:44.0031 1452 clr_optimization_v4.0.30319_32 - ok
17:24:44.0046 1452 CmdIde - ok
17:24:44.0062 1452 COMSysApp - ok
17:24:44.0062 1452 Cpqarray - ok
17:24:44.0109 1452 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:24:44.0109 1452 CryptSvc - ok
17:24:44.0140 1452 dac2w2k - ok
17:24:44.0140 1452 dac960nt - ok
17:24:44.0171 1452 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:24:44.0171 1452 DcomLaunch - ok
17:24:44.0187 1452 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:24:44.0187 1452 Dhcp - ok
17:24:44.0203 1452 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:24:44.0203 1452 Disk - ok
17:24:44.0218 1452 dmadmin - ok
17:24:44.0281 1452 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:24:44.0296 1452 dmboot - ok
17:24:44.0343 1452 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:24:44.0343 1452 dmio - ok
17:24:44.0359 1452 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:24:44.0359 1452 dmload - ok
17:24:44.0390 1452 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:24:44.0390 1452 dmserver - ok
17:24:44.0421 1452 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:24:44.0421 1452 DMusic - ok
17:24:44.0453 1452 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:24:44.0453 1452 Dnscache - ok
17:24:44.0484 1452 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:24:44.0484 1452 Dot3svc - ok
17:24:44.0500 1452 dpti2o - ok
17:24:44.0546 1452 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:24:44.0546 1452 drmkaud - ok
17:24:44.0593 1452 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:24:44.0593 1452 EapHost - ok
17:24:44.0609 1452 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:24:44.0625 1452 ERSvc - ok
17:24:44.0640 1452 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:24:44.0656 1452 Eventlog - ok
17:24:44.0671 1452 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:24:44.0671 1452 EventSystem - ok
17:24:44.0718 1452 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:24:44.0718 1452 Fastfat - ok
17:24:44.0750 1452 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:24:44.0765 1452 FastUserSwitchingCompatibility - ok
17:24:44.0781 1452 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:24:44.0781 1452 Fdc - ok
17:24:44.0796 1452 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:24:44.0796 1452 Fips - ok
17:24:44.0875 1452 FLASHSYS (d3d9311624edd435f42cda7eaa0a6aed) C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys
17:24:44.0875 1452 FLASHSYS - ok
17:24:44.0921 1452 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:24:44.0921 1452 Flpydisk - ok
17:24:44.0953 1452 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:24:44.0953 1452 FltMgr - ok
17:24:45.0015 1452 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:24:45.0031 1452 FontCache3.0.0.0 - ok
17:24:45.0125 1452 ForceWare Intelligent Application Manager (IAM) (7dff82acdab23414abc2a95fef8982f8) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
17:24:45.0125 1452 ForceWare Intelligent Application Manager (IAM) - ok
17:24:45.0187 1452 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:24:45.0187 1452 Fs_Rec - ok
17:24:45.0234 1452 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:24:45.0234 1452 Ftdisk - ok
17:24:45.0250 1452 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:24:45.0250 1452 GEARAspiWDM - ok
17:24:45.0281 1452 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:24:45.0281 1452 Gpc - ok
17:24:45.0343 1452 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:24:45.0343 1452 gupdate - ok
17:24:45.0359 1452 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:24:45.0359 1452 gupdatem - ok
17:24:45.0390 1452 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:24:45.0390 1452 gusvc - ok
17:24:45.0453 1452 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:24:45.0453 1452 HDAudBus - ok
17:24:45.0484 1452 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:24:45.0484 1452 helpsvc - ok
17:24:45.0484 1452 HidServ - ok
17:24:45.0531 1452 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:24:45.0531 1452 hidusb - ok
17:24:45.0562 1452 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:24:45.0562 1452 hkmsvc - ok
17:24:45.0562 1452 hpn - ok
17:24:45.0609 1452 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:24:45.0609 1452 HTTP - ok
17:24:45.0671 1452 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:24:45.0671 1452 HTTPFilter - ok
17:24:45.0671 1452 i2omgmt - ok
17:24:45.0687 1452 i2omp - ok
17:24:45.0703 1452 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:24:45.0703 1452 i8042prt - ok
17:24:45.0781 1452 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:24:45.0796 1452 idsvc - ok
17:24:45.0828 1452 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:24:45.0828 1452 Imapi - ok
17:24:45.0890 1452 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:24:45.0890 1452 ImapiService - ok
17:24:45.0906 1452 ini910u - ok
17:24:46.0062 1452 IntcAzAudAddService (994186286e1df03b5bcba765a9320e0f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:24:46.0187 1452 IntcAzAudAddService - ok
17:24:46.0250 1452 IntelIde - ok
17:24:46.0281 1452 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:24:46.0281 1452 Ip6Fw - ok
17:24:46.0328 1452 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:24:46.0328 1452 IpFilterDriver - ok
17:24:46.0328 1452 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:24:46.0328 1452 IpInIp - ok
17:24:46.0359 1452 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:24:46.0359 1452 IpNat - ok
17:24:46.0421 1452 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
17:24:46.0421 1452 iPod Service - ok
17:24:46.0484 1452 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:24:46.0484 1452 IPSec - ok
17:24:46.0546 1452 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:24:46.0546 1452 IRENUM - ok
17:24:46.0578 1452 is3srv - ok
17:24:46.0609 1452 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:24:46.0609 1452 isapnp - ok
17:24:46.0625 1452 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:24:46.0625 1452 Kbdclass - ok
17:24:46.0656 1452 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:24:46.0656 1452 kmixer - ok
17:24:46.0703 1452 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:24:46.0703 1452 KSecDD - ok
17:24:46.0718 1452 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:24:46.0734 1452 LanmanServer - ok
17:24:46.0750 1452 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:24:46.0765 1452 lanmanworkstation - ok
17:24:46.0765 1452 lbrtfdc - ok
17:24:46.0796 1452 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:24:46.0796 1452 LmHosts - ok
17:24:46.0828 1452 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
17:24:46.0828 1452 LVPr2Mon - ok
17:24:46.0890 1452 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
17:24:46.0890 1452 LVPrcSrv - ok
17:24:46.0921 1452 lxci_device - ok
17:24:46.0984 1452 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
17:24:46.0984 1452 MatSvc - ok
17:24:47.0031 1452 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
17:24:47.0031 1452 MBAMProtector - ok
17:24:47.0093 1452 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:24:47.0109 1452 MBAMService - ok
17:24:47.0156 1452 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:24:47.0156 1452 Messenger - ok
17:24:47.0203 1452 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:24:47.0203 1452 mnmdd - ok
17:24:47.0234 1452 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:24:47.0234 1452 mnmsrvc - ok
17:24:47.0265 1452 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:24:47.0265 1452 Modem - ok
17:24:47.0359 1452 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
17:24:47.0375 1452 Monfilt - ok
17:24:47.0437 1452 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:24:47.0437 1452 Mouclass - ok
17:24:47.0468 1452 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:24:47.0468 1452 MountMgr - ok
17:24:47.0468 1452 mraid35x - ok
17:24:47.0515 1452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:24:47.0515 1452 MRxDAV - ok
17:24:47.0546 1452 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:24:47.0546 1452 MRxSmb - ok
17:24:47.0578 1452 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:24:47.0593 1452 MSDTC - ok
17:24:47.0625 1452 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:24:47.0625 1452 Msfs - ok
17:24:47.0656 1452 MSIServer - ok
17:24:47.0703 1452 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:24:47.0703 1452 MSKSSRV - ok
17:24:47.0703 1452 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:24:47.0703 1452 MSPCLOCK - ok
17:24:47.0718 1452 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:24:47.0718 1452 MSPQM - ok
17:24:47.0750 1452 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:24:47.0750 1452 mssmbios - ok
17:24:47.0796 1452 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:24:47.0796 1452 MSTEE - ok
17:24:47.0843 1452 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:24:47.0859 1452 Mup - ok
17:24:47.0906 1452 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:24:47.0906 1452 NABTSFEC - ok
17:24:47.0984 1452 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:24:48.0000 1452 napagent - ok
17:24:48.0031 1452 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:24:48.0031 1452 NDIS - ok
17:24:48.0078 1452 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:24:48.0078 1452 NdisIP - ok
17:24:48.0125 1452 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:24:48.0125 1452 NdisTapi - ok
17:24:48.0171 1452 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:24:48.0171 1452 Ndisuio - ok
17:24:48.0171 1452 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:24:48.0171 1452 NdisWan - ok
17:24:48.0218 1452 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:24:48.0218 1452 NDProxy - ok
17:24:48.0265 1452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:24:48.0265 1452 NetBIOS - ok
17:24:48.0296 1452 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:24:48.0296 1452 NetBT - ok
17:24:48.0359 1452 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:24:48.0359 1452 NetDDE - ok
17:24:48.0359 1452 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:24:48.0359 1452 NetDDEdsdm - ok
17:24:48.0421 1452 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:24:48.0421 1452 Netlogon - ok
17:24:48.0468 1452 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:24:48.0468 1452 Netman - ok
17:24:48.0531 1452 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:24:48.0546 1452 NetTcpPortSharing - ok
17:24:48.0671 1452 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:24:48.0687 1452 Nla - ok
17:24:48.0734 1452 nlsX86cc (1e38790bdea07472c4b16add469e9912) C:\WINDOWS\system32\NLSSRV32.EXE
17:24:48.0734 1452 nlsX86cc - ok
17:24:48.0781 1452 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:24:48.0781 1452 Npfs - ok
17:24:48.0859 1452 nSvcIp (198ff60a42802c319fba58fdb13eee49) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
17:24:48.0859 1452 nSvcIp - ok
17:24:48.0921 1452 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:24:48.0921 1452 Ntfs - ok
17:24:48.0968 1452 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:24:48.0968 1452 NtLmSsp - ok
17:24:49.0031 1452 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:24:49.0046 1452 NtmsSvc - ok
17:24:49.0078 1452 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:24:49.0078 1452 Null - ok
17:24:49.0328 1452 nv (cd9ed87b4fc6ec41d3b5be0b923843fc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:24:49.0546 1452 nv - ok
17:24:49.0609 1452 NVENETFD (c61927d27b75ed56723f2508f1a6b1be) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:24:49.0609 1452 NVENETFD - ok
17:24:49.0625 1452 nvgts (52dce3b30c9d61c8e20fe3c6da4bdfb7) C:\WINDOWS\system32\DRIVERS\nvgts.sys
17:24:49.0640 1452 nvgts - ok
17:24:49.0640 1452 nvnetbus (c529b614ef88be0f62b886c67b516550) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:24:49.0640 1452 nvnetbus - ok
17:24:49.0656 1452 nvsvc (e48c1aa03b6519b51756e3232c093300) C:\WINDOWS\system32\nvsvc32.exe
17:24:49.0671 1452 nvsvc - ok
17:24:49.0687 1452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:24:49.0687 1452 NwlnkFlt - ok
17:24:49.0718 1452 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:24:49.0718 1452 NwlnkFwd - ok
17:24:49.0796 1452 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:24:49.0812 1452 odserv - ok
17:24:49.0859 1452 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:24:49.0859 1452 ose - ok
17:24:49.0921 1452 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:24:49.0921 1452 Parport - ok
17:24:49.0937 1452 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:24:49.0937 1452 PartMgr - ok
17:24:49.0968 1452 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:24:49.0968 1452 ParVdm - ok
17:24:49.0984 1452 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:24:49.0984 1452 PCI - ok
17:24:49.0984 1452 PCIDump - ok
17:24:50.0000 1452 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:24:50.0000 1452 PCIIde - ok
17:24:50.0031 1452 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:24:50.0031 1452 Pcmcia - ok
17:24:50.0031 1452 PDCOMP - ok
17:24:50.0046 1452 PDFRAME - ok
17:24:50.0046 1452 PDRELI - ok
17:24:50.0062 1452 PDRFRAME - ok
17:24:50.0062 1452 perc2 - ok
17:24:50.0062 1452 perc2hib - ok
17:24:50.0156 1452 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
17:24:50.0187 1452 PID_PEPI - ok
17:24:50.0250 1452 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:24:50.0250 1452 PlugPlay - ok
17:24:50.0265 1452 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:24:50.0265 1452 PolicyAgent - ok
17:24:50.0296 1452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:24:50.0296 1452 PptpMiniport - ok
17:24:50.0312 1452 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:24:50.0312 1452 Processor - ok
17:24:50.0343 1452 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:24:50.0343 1452 ProtectedStorage - ok
17:24:50.0343 1452 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:24:50.0343 1452 PSched - ok
17:24:50.0359 1452 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:24:50.0359 1452 Ptilink - ok
17:24:50.0375 1452 ql1080 - ok
17:24:50.0375 1452 Ql10wnt - ok
17:24:50.0390 1452 ql12160 - ok
17:24:50.0390 1452 ql1240 - ok
17:24:50.0406 1452 ql1280 - ok
17:24:50.0421 1452 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:24:50.0421 1452 RasAcd - ok
17:24:50.0453 1452 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:24:50.0453 1452 RasAuto - ok
17:24:50.0500 1452 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:24:50.0500 1452 Rasl2tp - ok
17:24:50.0546 1452 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:24:50.0546 1452 RasMan - ok
17:24:50.0578 1452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:24:50.0578 1452 RasPppoe - ok
17:24:50.0578 1452 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:24:50.0578 1452 Raspti - ok
17:24:50.0609 1452 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:24:50.0609 1452 Rdbss - ok
17:24:50.0625 1452 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:24:50.0625 1452 RDPCDD - ok
17:24:50.0671 1452 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:24:50.0671 1452 rdpdr - ok
17:24:50.0718 1452 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:24:50.0718 1452 RDPWD - ok
17:24:50.0765 1452 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:24:50.0765 1452 RDSessMgr - ok
17:24:50.0796 1452 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:24:50.0796 1452 redbook - ok
17:24:50.0828 1452 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:24:50.0828 1452 RemoteAccess - ok
17:24:50.0890 1452 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:24:50.0890 1452 RemoteRegistry - ok
17:24:50.0921 1452 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:24:50.0921 1452 RpcLocator - ok
17:24:50.0937 1452 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:24:50.0953 1452 RpcSs - ok
17:24:50.0984 1452 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:24:50.0984 1452 RSVP - ok
17:24:51.0062 1452 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:24:51.0062 1452 SamSs - ok
17:24:51.0109 1452 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:24:51.0125 1452 SASDIFSV - ok
17:24:51.0125 1452 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:24:51.0125 1452 SASKUTIL - ok
17:24:51.0187 1452 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:24:51.0187 1452 SCardSvr - ok
17:24:51.0218 1452 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:24:51.0218 1452 Schedule - ok
17:24:51.0265 1452 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:24:51.0265 1452 Secdrv - ok
17:24:51.0312 1452 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:24:51.0312 1452 seclogon - ok
17:24:51.0312 1452 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:24:51.0312 1452 SENS - ok
17:24:51.0343 1452 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:24:51.0343 1452 serenum - ok
17:24:51.0375 1452 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:24:51.0375 1452 Serial - ok
17:24:51.0421 1452 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:24:51.0421 1452 Sfloppy - ok
17:24:51.0453 1452 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:24:51.0468 1452 SharedAccess - ok
17:24:51.0515 1452 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:24:51.0531 1452 ShellHWDetection - ok
17:24:51.0546 1452 Simbad - ok
17:24:51.0640 1452 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
17:24:51.0640 1452 SkypeUpdate - ok
17:24:51.0703 1452 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:24:51.0703 1452 SLIP - ok
17:24:51.0750 1452 Sparrow - ok
17:24:51.0765 1452 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:24:51.0765 1452 splitter - ok
17:24:51.0781 1452 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:24:51.0796 1452 Spooler - ok
17:24:51.0812 1452 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:24:51.0812 1452 sr - ok
17:24:51.0828 1452 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:24:51.0843 1452 srservice - ok
17:24:51.0875 1452 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:24:51.0875 1452 Srv - ok
17:24:51.0921 1452 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:24:51.0921 1452 SSDPSRV - ok
17:24:51.0953 1452 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:24:51.0953 1452 stisvc - ok
17:24:52.0000 1452 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:24:52.0000 1452 streamip - ok
17:24:52.0078 1452 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:24:52.0078 1452 swenum - ok
17:24:52.0093 1452 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:24:52.0093 1452 swmidi - ok
17:24:52.0125 1452 SwPrv - ok
17:24:52.0140 1452 symc810 - ok
17:24:52.0140 1452 symc8xx - ok
17:24:52.0140 1452 sym_hi - ok
17:24:52.0156 1452 sym_u3 - ok
17:24:52.0171 1452 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:24:52.0171 1452 sysaudio - ok
17:24:52.0218 1452 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:24:52.0234 1452 SysmonLog - ok
17:24:52.0234 1452 szkg5 - ok
17:24:52.0234 1452 szkgfs - ok
17:24:52.0265 1452 szserver - ok
17:24:52.0296 1452 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:24:52.0312 1452 TapiSrv - ok
17:24:52.0359 1452 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:24:52.0375 1452 Tcpip - ok
17:24:52.0406 1452 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:24:52.0406 1452 TDPIPE - ok
17:24:52.0421 1452 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:24:52.0421 1452 TDTCP - ok
17:24:52.0437 1452 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:24:52.0437 1452 TermDD - ok
17:24:52.0468 1452 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:24:52.0468 1452 TermService - ok
17:24:52.0515 1452 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:24:52.0515 1452 Themes - ok
17:24:52.0578 1452 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:24:52.0578 1452 TlntSvr - ok
17:24:52.0578 1452 TosIde - ok
17:24:52.0625 1452 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:24:52.0625 1452 TrkWks - ok
17:24:52.0640 1452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:24:52.0640 1452 Udfs - ok
17:24:52.0656 1452 ultra - ok
17:24:52.0703 1452 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:24:52.0703 1452 Update - ok
17:24:52.0734 1452 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:24:52.0734 1452 upnphost - ok
17:24:52.0781 1452 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:24:52.0781 1452 UPS - ok
17:24:52.0828 1452 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:24:52.0828 1452 USBAAPL - ok
17:24:52.0859 1452 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:24:52.0859 1452 usbaudio - ok
17:24:52.0890 1452 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:24:52.0890 1452 usbccgp - ok
17:24:52.0921 1452 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:24:52.0921 1452 usbehci - ok
17:24:52.0968 1452 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:24:52.0968 1452 usbhub - ok
17:24:52.0968 1452 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:24:52.0984 1452 usbohci - ok
17:24:52.0984 1452 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:24:52.0984 1452 usbprint - ok
17:24:53.0015 1452 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:24:53.0015 1452 usbscan - ok
17:24:53.0062 1452 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:24:53.0062 1452 USBSTOR - ok
17:24:53.0093 1452 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:24:53.0093 1452 VgaSave - ok
17:24:53.0093 1452 ViaIde - ok
17:24:53.0109 1452 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:24:53.0125 1452 VolSnap - ok
17:24:53.0156 1452 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:24:53.0171 1452 VSS - ok
17:24:53.0234 1452 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:24:53.0234 1452 W32Time - ok
17:24:53.0281 1452 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:24:53.0281 1452 Wanarp - ok
17:24:53.0281 1452 WDICA - ok
17:24:53.0312 1452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:24:53.0312 1452 wdmaud - ok
17:24:53.0343 1452 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:24:53.0343 1452 WebClient - ok
17:24:53.0406 1452 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:24:53.0406 1452 winmgmt - ok
17:24:53.0468 1452 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:24:53.0484 1452 WmdmPmSN - ok
17:24:53.0531 1452 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:24:53.0546 1452 Wmi - ok
17:24:53.0609 1452 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:24:53.0609 1452 WmiApSrv - ok
17:24:53.0718 1452 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:24:53.0718 1452 WMPNetworkSvc - ok
17:24:53.0906 1452 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:24:53.0921 1452 WPFFontCache_v0400 - ok
17:24:53.0984 1452 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:24:53.0984 1452 WS2IFSL - ok
17:24:54.0015 1452 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:24:54.0031 1452 wscsvc - ok
17:24:54.0031 1452 WSearch - ok
17:24:54.0062 1452 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:24:54.0062 1452 WSTCODEC - ok
17:24:54.0093 1452 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:24:54.0093 1452 wuauserv - ok
17:24:54.0140 1452 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:24:54.0140 1452 WudfPf - ok
17:24:54.0140 1452 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:24:54.0140 1452 WudfRd - ok
17:24:54.0203 1452 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:24:54.0218 1452 WudfSvc - ok
17:24:54.0250 1452 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:24:54.0265 1452 WZCSVC - ok
17:24:54.0265 1452 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:24:54.0265 1452 xmlprov - ok
17:24:54.0343 1452 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:24:54.0359 1452 YahooAUService - ok
17:24:54.0375 1452 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:24:54.0515 1452 \Device\Harddisk0\DR0 - ok
17:24:54.0515 1452 Boot (0x1200) (9b9bf86f4206162570ffafc2828283c8) \Device\Harddisk0\DR0\Partition0
17:24:54.0515 1452 \Device\Harddisk0\DR0\Partition0 - ok
17:24:54.0515 1452 ============================================================
17:24:54.0515 1452 Scan finished
17:24:54.0515 1452 ============================================================
17:24:54.0531 0492 Detected object count: 0
17:24:54.0531 0492 Actual detected object count: 0


aswMBR report

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 17:28:46
-----------------------------
17:28:46.859 OS Version: Windows 5.1.2600 Service Pack 3
17:28:46.859 Number of processors: 4 586 0x502
17:28:46.859 ComputerName: TYNA UserName:
17:28:47.859 Initialize success
17:29:53.234 AVAST engine defs: 12040701
17:29:59.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0
17:29:59.875 Disk 0 Vendor: Hitachi_ V5DO Size: 238475MB BusType: 3
17:29:59.906 Disk 0 MBR read successfully
17:29:59.906 Disk 0 MBR scan
17:29:59.921 Disk 0 Windows XP default MBR code
17:29:59.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238474 MB offset 63
17:29:59.921 Disk 0 scanning sectors +488396160
17:29:59.984 Disk 0 scanning C:\WINDOWS\system32\drivers
17:30:05.250 Service scanning
17:30:19.953 Modules scanning
17:30:24.625 Disk 0 trace - called modules:
17:30:24.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
17:30:24.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aab5ab8]
17:30:24.640 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000067[0x8aa63920]
17:30:24.640 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path1Target1Lun0[0x8aa71a38]
17:30:25.265 AVAST engine scan C:\WINDOWS
17:30:40.281 AVAST engine scan C:\WINDOWS\system32
17:31:14.140 File: C:\WINDOWS\system32\lxcicu8.dll **INFECTED** Win32:Diller-DF [Trj]
17:32:43.812 AVAST engine scan C:\WINDOWS\system32\drivers
17:32:55.250 AVAST engine scan C:\Documents and Settings\TynaC
17:33:49.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TynaC\Desktop\MBR.dat"
17:33:49.421 The log file has been saved successfully to "C:\Documents and Settings\TynaC\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 07 April 2012 - 05:58 PM

Hello


did you uninstall chrome?

did you reinstall it?

is it still redirecting after the install?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 timc_fla

timc_fla
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 07 April 2012 - 10:09 PM

Sorry,

Yes I uninstalled Chrome checked it & IE and they continued to redirect to different searches.
I followed the next two steps that you sent and it seems that the aswBER did find something(it said win32 was infected) were the tdsskiller did not. I have replied to you with the logs ask you requested.

Thank you

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 07 April 2012 - 10:25 PM

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
DeleteFile:
c:\windows\Tasks\qynr.job
c:\windows\system32\lxcicu8.dll
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 timc_fla

timc_fla
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 08 April 2012 - 07:23 PM

This is the error that came up after the running of Blitzbank after reboot.
Posted Image


Here is the Blitzbank log:


BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\windows\tasks\qynr.job", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\windows\system32\lxcicu8.dll", destinationFile = "(null)", replaceWithDummy = 0


I have checked both Chrome and IE and they are not redirecting when I chose the first search returned. So it appears the the redirect problem is corrected, however this error mentioned above concerns me.

Edited by timc_fla, 08 April 2012 - 07:29 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 08 April 2012 - 08:09 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files\Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 timc_fla

timc_fla
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 09 April 2012 - 06:05 AM

It took two tries to get combofix to run the first time I tried to run it left it and went to bed. It did not run for some reason.
Finally got it to run this morning and here is the report.

I am still getting the error RUNDLL error I posted yesterday. How do I fix that?

The redirect problem appears to be fixed.

Below is the Combofix report:

ComboFix 12-04-01.01 - TynaC 04/09/2012 6:43.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2240 [GMT -4:00]
Running from: c:\documents and settings\TynaC\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\TynaC\Desktop\CFScript.txt
.
- REDUCED FUNCTIONALITY MODE -
.
ADS - WINDOWS: deleted 128 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_584.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 10:38 . 2012-04-09 10:38 -------- d--h--w- c:\windows\PIF
2012-04-09 10:37 . 2012-04-09 10:37 -------- d-----w- c:\program files\BabylonToolbar
2012-04-09 10:37 . 2012-04-09 10:37 1533 ----a-w- C:\user.js
2012-04-09 10:37 . 2012-04-09 10:37 -------- d-----w- c:\documents and settings\TynaC\Local Settings\Application Data\Zoom_Downloader
2012-04-09 10:37 . 2012-04-09 10:37 -------- d-----w- c:\documents and settings\TynaC\Local Settings\Application Data\Babylon
2012-04-09 10:37 . 2012-04-09 10:37 -------- d-----w- c:\documents and settings\TynaC\Application Data\Babylon
2012-04-09 10:37 . 2012-04-09 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2012-04-09 10:37 . 2012-04-09 10:37 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-04-09 10:37 . 2012-04-09 10:37 -------- d-----w- c:\documents and settings\TynaC\Application Data\com.w3i.fliptoast
2012-04-09 10:37 . 2012-04-09 10:37 -------- d-----w- c:\program files\Fliptoast
2012-04-09 10:37 . 2012-04-09 10:37 -------- d-----w- c:\documents and settings\TynaC\Application Data\W3i, LLC
2012-03-31 20:50 . 2012-03-31 20:50 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 02:19 . 2012-03-31 02:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-26 18:10 . 2012-03-26 18:10 -------- d-----w- c:\documents and settings\TynaC\Local Settings\Application Data\Facebook
2012-03-26 18:09 . 2012-03-26 18:09 -------- d-----w- c:\program files\Microsoft
2012-03-26 18:08 . 2012-03-26 18:08 -------- d-----w- c:\program files\Common Files\Skype
2012-03-25 01:53 . 2012-03-25 01:53 -------- d-----w- c:\documents and settings\TynaC\Local Settings\Application Data\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 20:50 . 2011-05-25 17:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 03:52 3072 ------w- c:\windows\system32\iacenc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_02.58.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-09 10:37 . 2012-04-09 10:37 82726 c:\windows\Installer\{B25D67C4-E885-43F8-8085-B532F6261529}\fliptoast.exe
+ 2012-04-09 10:46 . 2009-10-07 06:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2012-04-02 02:58 . 2009-10-07 06:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2012-04-09 10:37 . 2012-04-09 10:37 960000 c:\windows\Installer\db470.msi
+ 2012-04-04 00:07 . 2012-04-04 00:07 341504 c:\windows\Installer\7932db4.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\TynaC\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\TynaC\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\TynaC\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\TynaC\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-20 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
"Facebook Update"="c:\documents and settings\TynaC\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-03-26 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-06-08 19552872]
"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2005-09-30 200704]
"EzPrint"="c:\program files\Lexmark 7300 Series\ezprint.exe" [2005-08-01 94208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DVD or CD Sharing"="c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-21 619832]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LXCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2005-09-08 73728]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Fliptoast.lnk - c:\program files\Fliptoast\fliptoast.exe [2012-1-26 142336]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcicoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcipswx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\TynaC\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\DLink\\DNS-320\\D-Link Storage Utility.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DVD or CD Sharing\\ODSAgent.exe"=
"c:\\Program Files\\DVD or CD Sharing\\RemoteInstallMacOSX.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Samsung\\Intelli-studio\\iStudio.exe"=
"c:\\Documents and Settings\\TynaC\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"5353:UDP"= 5353:UDP:Bonjour
"28551:TCP"= 28551:TCP:Windows Core Service
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [2/13/2012 9:19 PM 193816]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [1/12/2011 3:40 PM 68928]
R3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/20/2011 6:42 AM 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 4:50 PM 253600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/2/2011 6:31 PM 1691480]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [2/13/2012 9:19 PM 240408]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [1/2/2011 6:38 PM 9216]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/20/2011 6:42 AM 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:50]
.
2012-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-04-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1390067357-573735546-725345543-1003Core.job
- c:\documents and settings\TynaC\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-03-26 18:23]
.
2012-04-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1390067357-573735546-725345543-1003UA.job
- c:\documents and settings\TynaC\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-03-26 18:23]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 10:42]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 10:42]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-573735546-725345543-1003Core.job
- c:\documents and settings\TynaC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-18 01:07]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-573735546-725345543-1003UA.job
- c:\documents and settings\TynaC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-18 01:07]
.
2012-04-09 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2012-02-22 22:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.msi.com/index.php?func=html&name=service_edm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-09 06:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(7932)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\TynaC\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\lxcicoms.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\system32\SearchProtocolHost.exe
.
**************************************************************************
.
Completion time: 2012-04-09 06:51:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 10:51
ComboFix2.txt 2012-04-02 03:31
ComboFix3.txt 2012-04-02 03:04
.
Pre-Run: 164,448,686,080 bytes free
Post-Run: 164,604,186,624 bytes free
.
- - End Of File - - ED1AEFD50D6188BA8B340EDECF433599

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 09 April 2012 - 08:05 AM

Hello


I am still getting the error RUNDLL error I posted yesterday. How do I fix that? - looks like it is coming from a lexmark printer, do you have one installed - if you no longer use it try to uninstall it - if you do use it try to reinstall the drivers for it



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 13 April 2012 - 11:46 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Ask Toolbar
Bing Bar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 16 April 2012 - 11:28 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:32 AM

Posted 19 April 2012 - 11:21 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users