Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GAC_MSIL DESKTOP.INI and ABNOW.COM REDIRECTS


  • This topic is locked This topic is locked
20 replies to this topic

#1 firefly8568

firefly8568

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 05 April 2012 - 06:32 AM

Hi Guys,


I have been searching for this for about a week but unfortunately i can't find the perfect solution

Thank you for your help

Firefly



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by accountsuser at 11:12:59 on 2012-04-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1221 [GMT 4:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Aclient\AClient.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Aclient\AClntUsr.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AClntUsr] c:\program files\aclient\AClntUsr.EXE
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 213.42.20.20
TCP: Interfaces\{2FCFD9DF-7A0E-4098-9306-62632662A646} : DhcpNameServer = 213.42.20.20
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\accountsuser\application data\mozilla\firefox\profiles\efbm1jsu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ae/
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-11-16 96408]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R2 HOSTNT;HOSTNT;c:\windows\system32\drivers\hostnt.sys [2011-8-10 4032]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-5 652360]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-7-7 104000]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-5 20464]
R3 UsbC;SafeNet MicroDog USB Device Driver;c:\windows\system32\drivers\rcusbwdm.sys [2011-8-10 50816]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FlexService;Remote Connections Service;"c:\program files\rapidbit\cisvc.exe" --> c:\program files\rapidbit\cisvc.exe [?]
S2 pav_security;Ppped;\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs --> \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 253600]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys --> c:\windows\system32\drivers\netaapl.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\zteusbnet.sys --> c:\windows\system32\drivers\ZTEusbnet.sys [?]
.
=============== Created Last 30 ================
.
2012-04-05 06:44:16 -------- d-----w- c:\documents and settings\accountsuser\local settings\application data\Yahoo
2012-04-05 06:12:02 -------- d-sh--w- c:\documents and settings\accountsuser\IECompatCache
2012-04-05 06:03:44 -------- d-----w- c:\documents and settings\accountsuser\application data\Malwarebytes
2012-04-05 06:03:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-05 06:03:32 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 06:03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-05 06:01:34 -------- d-----w- c:\program files\Conduit
2012-04-05 06:01:33 -------- d-----w- c:\documents and settings\accountsuser\local settings\application data\Conduit
2012-04-03 12:34:52 -------- d-----w- c:\documents and settings\accountsuser\local settings\application data\Google
2012-04-03 08:51:50 48 ----a-w- c:\windows\wpd99.drv
2012-04-03 05:11:57 -------- d-----w- c:\documents and settings\accountsuser\local settings\application data\Apple
2012-04-02 08:58:22 -------- d-----w- c:\documents and settings\accountsuser\application data\DAEMON Tools Lite
2012-04-02 08:10:28 -------- d-----w- c:\documents and settings\accountsuser\application data\PC Tools
2012-04-02 08:07:15 -------- d-----w- c:\program files\PC Tools Security
2012-04-02 08:02:57 -------- d-----w- c:\documents and settings\accountsuser\local settings\application data\Temp
2012-04-02 05:56:49 -------- d-----w- c:\documents and settings\accountsuser\local settings\application data\ESET
2012-04-01 11:12:44 -------- d-sh--w- c:\documents and settings\accountsuser\PrivacIE
2012-04-01 10:35:56 -------- d-----w- c:\documents and settings\accountsuser\local settings\application data\HP
2012-04-01 10:33:05 -------- d-----w- c:\documents and settings\accountsuser\application data\TeamViewer
2012-04-01 10:31:37 -------- d-----w- c:\documents and settings\accountsuser\local settings\application data\Mozilla
2012-04-01 09:39:17 -------- d-----w- c:\documents and settings\accountsuser\local settings\application data\Adobe
2012-04-01 09:07:08 -------- d-sh--w- c:\documents and settings\accountsuser\IETldCache
2012-04-01 09:07:00 -------- d-----w- c:\documents and settings\accountsuser\local settings\application data\Microsoft
2012-03-27 07:31:54 -------- d-----w- c:\program files\salesforce.com
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-22 08:03:11 -------- d-----w- c:\program files\Investintech.com Inc
2012-03-18 09:21:06 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 09:21:06 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-11 05:11:27 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
.
==================== Find3M ====================
.
2012-03-11 05:05:24 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-26 06:33:56 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 11:14:05.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 AM

Posted 07 April 2012 - 05:14 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 firefly8568

firefly8568
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 08 April 2012 - 12:55 AM

hi gringo..

thanks for the response

tried downloading the combofix and run but after it finished extracting.. ( using the infected computer )

and it stops.. ( i thought the combofix was also infected )

i monitoring where the files are going and i am seeing c:\32788r22fwjfw

but when i check the folder.. it shows the my computer details.. ( drives, printers and others )

i then use a USB ( new one )

again, the same is coming..


I tried using cmd and dir *.* and i saw some files that are in 3xe extentions

guess this is the cause why combo fix is not working

your feedback will be highly appreciated

Thanks

Firefly

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 AM

Posted 08 April 2012 - 12:59 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 firefly8568

firefly8568
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 08 April 2012 - 03:27 AM

hi gringo,

i restart and run my computer but still the results are the same

i am attaching the screen shots for the extraction and viewing the c:\32788r22fwjfw

thanks

firefly
Attached File  327888r22fwjfw.JPG   49.33KB   2 downloads

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 AM

Posted 08 April 2012 - 03:31 AM

Yes that is ok and will be taken care of soon - did you run combofix in safe mode like I asked?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 firefly8568

firefly8568
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 08 April 2012 - 04:03 AM

yes i did run the combofix using safemode.

but it is closing and not going to the usual scanning portion

it stops once it finish the extraction.

that is why i cannot produce any log from combofix..

Thanks

Firefly

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 AM

Posted 08 April 2012 - 11:35 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 firefly8568

firefly8568
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 09 April 2012 - 12:26 AM

Hi gringo,

Thank you very much

here are the logs

09:12:59.0734 3148 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
09:13:01.0734 3148 ============================================================
09:13:01.0734 3148 Current date / time: 2012/04/09 09:13:01.0734
09:13:01.0734 3148 SystemInfo:
09:13:01.0734 3148
09:13:01.0734 3148 OS Version: 5.1.2600 ServicePack: 3.0
09:13:01.0734 3148 Product type: Workstation
09:13:01.0734 3148 ComputerName: ACCOUNTS
09:13:01.0734 3148 UserName: accountsuser
09:13:01.0734 3148 Windows directory: C:\WINDOWS
09:13:01.0734 3148 System windows directory: C:\WINDOWS
09:13:01.0734 3148 Processor architecture: Intel x86
09:13:01.0734 3148 Number of processors: 2
09:13:01.0734 3148 Page size: 0x1000
09:13:01.0734 3148 Boot type: Normal boot
09:13:01.0734 3148 ============================================================
09:13:02.0890 3148 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:13:02.0890 3148 \Device\Harddisk0\DR0:
09:13:02.0890 3148 MBR used
09:13:02.0890 3148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3FFEAD2
09:13:02.0890 3148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3FFEB11, BlocksNum 0x550F9B0
09:13:03.0078 3148 Initialize success
09:13:03.0078 3148 ============================================================
09:13:04.0593 3164 ============================================================
09:13:04.0593 3164 Scan started
09:13:04.0593 3164 Mode: Manual;
09:13:04.0593 3164 ============================================================
09:13:05.0421 3164 Abiosdsk - ok
09:13:05.0437 3164 abp480n5 - ok
09:13:05.0468 3164 AClient - ok
09:13:05.0500 3164 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:13:05.0500 3164 ACPI - ok
09:13:05.0546 3164 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:13:05.0546 3164 ACPIEC - ok
09:13:05.0796 3164 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:13:05.0796 3164 AdobeFlashPlayerUpdateSvc - ok
09:13:05.0828 3164 adpu160m - ok
09:13:05.0875 3164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:13:05.0875 3164 aec - ok
09:13:05.0968 3164 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:13:05.0968 3164 AFD - ok
09:13:06.0125 3164 Aha154x - ok
09:13:06.0140 3164 aic78u2 - ok
09:13:06.0171 3164 aic78xx - ok
09:13:06.0187 3164 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:13:06.0187 3164 Alerter - ok
09:13:06.0218 3164 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:13:06.0218 3164 ALG - ok
09:13:06.0437 3164 AliIde - ok
09:13:06.0453 3164 amsint - ok
09:13:06.0484 3164 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:13:06.0500 3164 AppMgmt - ok
09:13:06.0515 3164 asc - ok
09:13:06.0531 3164 asc3350p - ok
09:13:06.0546 3164 asc3550 - ok
09:13:06.0859 3164 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:13:06.0875 3164 aspnet_state - ok
09:13:07.0125 3164 astcc (2a7037f93ae6ab1305606dee23c70f8c) C:\WINDOWS\system32\ASTSRV.EXE
09:13:07.0125 3164 astcc - ok
09:13:07.0171 3164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:13:07.0171 3164 AsyncMac - ok
09:13:07.0187 3164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:13:07.0187 3164 atapi - ok
09:13:07.0203 3164 Atdisk - ok
09:13:07.0234 3164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:13:07.0234 3164 Atmarpc - ok
09:13:07.0453 3164 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:13:07.0453 3164 AudioSrv - ok
09:13:07.0515 3164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:13:07.0515 3164 audstub - ok
09:13:07.0515 3164 AVPsys - ok
09:13:07.0546 3164 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:13:07.0562 3164 b57w2k - ok
09:13:07.0781 3164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:13:07.0781 3164 Beep - ok
09:13:07.0812 3164 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:13:07.0828 3164 BITS - ok
09:13:07.0921 3164 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
09:13:07.0937 3164 Bonjour Service - ok
09:13:08.0171 3164 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:13:08.0171 3164 Browser - ok
09:13:08.0218 3164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:13:08.0218 3164 cbidf2k - ok
09:13:08.0234 3164 cd20xrnt - ok
09:13:08.0234 3164 Cdaudio - ok
09:13:08.0281 3164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:13:08.0281 3164 Cdfs - ok
09:13:08.0296 3164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:13:08.0296 3164 Cdrom - ok
09:13:08.0296 3164 Changer - ok
09:13:08.0343 3164 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:13:08.0343 3164 CiSvc - ok
09:13:08.0609 3164 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:13:08.0625 3164 ClipSrv - ok
09:13:08.0687 3164 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:13:08.0703 3164 clr_optimization_v2.0.50727_32 - ok
09:13:09.0156 3164 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:13:09.0218 3164 clr_optimization_v4.0.30319_32 - ok
09:13:09.0453 3164 CmdIde - ok
09:13:09.0453 3164 COMSysApp - ok
09:13:09.0468 3164 Cpqarray - ok
09:13:09.0500 3164 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:13:09.0500 3164 CryptSvc - ok
09:13:09.0515 3164 dac2w2k - ok
09:13:09.0531 3164 dac960nt - ok
09:13:09.0562 3164 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:13:09.0562 3164 DcomLaunch - ok
09:13:09.0812 3164 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:13:09.0812 3164 Dhcp - ok
09:13:09.0843 3164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:13:09.0843 3164 Disk - ok
09:13:09.0859 3164 dmadmin - ok
09:13:09.0890 3164 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:13:09.0921 3164 dmboot - ok
09:13:09.0953 3164 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:13:09.0953 3164 dmio - ok
09:13:10.0187 3164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:13:10.0187 3164 dmload - ok
09:13:10.0218 3164 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:13:10.0218 3164 dmserver - ok
09:13:10.0250 3164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:13:10.0250 3164 DMusic - ok
09:13:10.0281 3164 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:13:10.0281 3164 Dnscache - ok
09:13:10.0562 3164 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:13:10.0578 3164 Dot3svc - ok
09:13:10.0875 3164 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
09:13:10.0906 3164 Dot4 - ok
09:13:11.0546 3164 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
09:13:11.0609 3164 Dot4Print - ok
09:13:11.0968 3164 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
09:13:11.0968 3164 dot4usb - ok
09:13:12.0015 3164 dpti2o - ok
09:13:12.0046 3164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:13:12.0046 3164 drmkaud - ok
09:13:12.0171 3164 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\WINDOWS\system32\DRIVERS\eamon.sys
09:13:12.0171 3164 eamon - ok
09:13:12.0281 3164 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:13:12.0281 3164 EapHost - ok
09:13:12.0375 3164 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
09:13:12.0375 3164 ehdrv - ok
09:13:12.0468 3164 EhttpSrv (9329ba45c8b97485926a171e34c2abb8) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
09:13:12.0484 3164 EhttpSrv - ok
09:13:12.0609 3164 ekrn (3543c6195d5ed4eda0316d3e1ba0e6ee) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
09:13:12.0609 3164 ekrn - ok
09:13:12.0875 3164 epfwtdir (3a7fba5c06dbcffc7d062fe705397a96) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
09:13:12.0875 3164 epfwtdir - ok
09:13:12.0906 3164 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:13:12.0906 3164 ERSvc - ok
09:13:12.0937 3164 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:13:12.0953 3164 Eventlog - ok
09:13:13.0187 3164 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:13:13.0187 3164 EventSystem - ok
09:13:13.0250 3164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:13:13.0250 3164 Fastfat - ok
09:13:13.0296 3164 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:13:13.0296 3164 FastUserSwitchingCompatibility - ok
09:13:13.0312 3164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:13:13.0312 3164 Fdc - ok
09:13:13.0359 3164 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:13:13.0359 3164 Fips - ok
09:13:13.0406 3164 FlexService - ok
09:13:13.0640 3164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:13:13.0640 3164 Flpydisk - ok
09:13:13.0671 3164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:13:13.0671 3164 FltMgr - ok
09:13:13.0765 3164 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:13:13.0765 3164 FontCache3.0.0.0 - ok
09:13:14.0000 3164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:13:14.0000 3164 Fs_Rec - ok
09:13:14.0031 3164 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:13:14.0031 3164 Ftdisk - ok
09:13:14.0062 3164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:13:14.0062 3164 Gpc - ok
09:13:14.0140 3164 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:13:14.0140 3164 gusvc - ok
09:13:14.0187 3164 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
09:13:14.0187 3164 HdAudAddService - ok
09:13:14.0421 3164 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:13:14.0437 3164 HDAudBus - ok
09:13:14.0484 3164 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:13:14.0484 3164 helpsvc - ok
09:13:14.0531 3164 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:13:14.0531 3164 HidServ - ok
09:13:14.0781 3164 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:13:14.0781 3164 HidUsb - ok
09:13:14.0812 3164 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:13:14.0812 3164 hkmsvc - ok
09:13:14.0828 3164 HOSTNT (caed87f7526384d7ed8a51cbfa12aac2) C:\WINDOWS\system32\drivers\HOSTNT.sys
09:13:14.0828 3164 HOSTNT - ok
09:13:14.0843 3164 hpn - ok
09:13:14.0875 3164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:13:14.0890 3164 HTTP - ok
09:13:15.0125 3164 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:13:15.0125 3164 HTTPFilter - ok
09:13:15.0156 3164 i2omgmt - ok
09:13:15.0171 3164 i2omp - ok
09:13:15.0187 3164 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:13:15.0187 3164 i8042prt - ok
09:13:15.0453 3164 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:13:15.0484 3164 ialm - ok
09:13:15.0593 3164 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:13:15.0625 3164 idsvc - ok
09:13:15.0859 3164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:13:15.0859 3164 Imapi - ok
09:13:15.0890 3164 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:13:15.0890 3164 ImapiService - ok
09:13:15.0921 3164 ini910u - ok
09:13:15.0921 3164 IntelIde - ok
09:13:15.0953 3164 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:13:15.0968 3164 intelppm - ok
09:13:16.0203 3164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:13:16.0203 3164 Ip6Fw - ok
09:13:16.0234 3164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:13:16.0234 3164 IpFilterDriver - ok
09:13:16.0265 3164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:13:16.0265 3164 IpInIp - ok
09:13:16.0500 3164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:13:16.0500 3164 IpNat - ok
09:13:16.0531 3164 IPSec (d4dceb824bf28e01ee60293ded525d5e) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:13:16.0531 3164 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: d4dceb824bf28e01ee60293ded525d5e, Fake md5: 23c74d75e36e7158768dd63d92789a91
09:13:16.0531 3164 IPSec ( Virus.Win32.ZAccess.g ) - infected
09:13:16.0531 3164 IPSec - detected Virus.Win32.ZAccess.g (0)
09:13:16.0546 3164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:13:16.0546 3164 IRENUM - ok
09:13:16.0765 3164 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:13:16.0765 3164 isapnp - ok
09:13:16.0890 3164 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
09:13:16.0890 3164 JavaQuickStarterService - ok
09:13:17.0140 3164 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:13:17.0140 3164 Kbdclass - ok
09:13:17.0187 3164 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:13:17.0187 3164 kbdhid - ok
09:13:17.0218 3164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:13:17.0218 3164 kmixer - ok
09:13:17.0250 3164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:13:17.0250 3164 KSecDD - ok
09:13:17.0500 3164 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:13:17.0500 3164 lanmanserver - ok
09:13:17.0531 3164 LanmanWorkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:13:17.0531 3164 LanmanWorkstation - ok
09:13:17.0546 3164 lbrtfdc - ok
09:13:17.0593 3164 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:13:17.0593 3164 LmHosts - ok
09:13:17.0812 3164 massfilter - ok
09:13:17.0859 3164 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
09:13:17.0859 3164 MBAMProtector - ok
09:13:17.0921 3164 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:13:17.0937 3164 MBAMService - ok
09:13:17.0984 3164 McAfeeFramework (1bc1a6b644d4cc1964cd851e92b604f4) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
09:13:17.0984 3164 McAfeeFramework - ok
09:13:18.0015 3164 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
09:13:18.0031 3164 MDM - ok
09:13:18.0265 3164 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:13:18.0265 3164 Messenger - ok
09:13:18.0296 3164 mferkdk - ok
09:13:18.0343 3164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:13:18.0343 3164 mnmdd - ok
09:13:18.0375 3164 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:13:18.0375 3164 mnmsrvc - ok
09:13:18.0625 3164 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:13:18.0625 3164 Modem - ok
09:13:18.0656 3164 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:13:18.0656 3164 Mouclass - ok
09:13:18.0687 3164 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:13:18.0687 3164 mouhid - ok
09:13:18.0718 3164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:13:18.0718 3164 MountMgr - ok
09:13:18.0937 3164 mraid35x - ok
09:13:18.0984 3164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:13:19.0000 3164 MRxDAV - ok
09:13:19.0062 3164 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:13:19.0062 3164 MRxSmb - ok
09:13:19.0093 3164 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:13:19.0109 3164 MSDTC - ok
09:13:19.0343 3164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:13:19.0343 3164 Msfs - ok
09:13:19.0343 3164 MSIServer - ok
09:13:19.0375 3164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:13:19.0375 3164 MSKSSRV - ok
09:13:19.0406 3164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:13:19.0406 3164 MSPCLOCK - ok
09:13:19.0437 3164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:13:19.0437 3164 MSPQM - ok
09:13:19.0656 3164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:13:19.0656 3164 mssmbios - ok
09:13:19.0687 3164 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:13:19.0703 3164 Mup - ok
09:13:19.0734 3164 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:13:19.0750 3164 napagent - ok
09:13:20.0000 3164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:13:20.0000 3164 NDIS - ok
09:13:20.0031 3164 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:13:20.0046 3164 NdisTapi - ok
09:13:20.0062 3164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:13:20.0062 3164 Ndisuio - ok
09:13:20.0078 3164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:13:20.0078 3164 NdisWan - ok
09:13:20.0125 3164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:13:20.0125 3164 NDProxy - ok
09:13:20.0343 3164 Netaapl - ok
09:13:20.0359 3164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:13:20.0359 3164 NetBIOS - ok
09:13:20.0390 3164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:13:20.0406 3164 NetBT - ok
09:13:20.0421 3164 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:13:20.0437 3164 NetDDE - ok
09:13:20.0437 3164 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:13:20.0437 3164 NetDDEdsdm - ok
09:13:20.0671 3164 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:13:20.0671 3164 Netlogon - ok
09:13:20.0703 3164 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:13:20.0703 3164 Netman - ok
09:13:21.0015 3164 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:13:21.0046 3164 NetTcpPortSharing - ok
09:13:21.0281 3164 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:13:21.0296 3164 Nla - ok
09:13:21.0359 3164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:13:21.0375 3164 Npfs - ok
09:13:21.0406 3164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:13:21.0437 3164 Ntfs - ok
09:13:21.0671 3164 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:13:21.0671 3164 NtLmSsp - ok
09:13:21.0718 3164 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:13:21.0718 3164 NtmsSvc - ok
09:13:21.0765 3164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:13:21.0765 3164 Null - ok
09:13:21.0796 3164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:13:21.0796 3164 NwlnkFlt - ok
09:13:22.0031 3164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:13:22.0031 3164 NwlnkFwd - ok
09:13:22.0093 3164 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:13:22.0093 3164 ose - ok
09:13:22.0156 3164 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:13:22.0156 3164 Parport - ok
09:13:22.0390 3164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:13:22.0390 3164 PartMgr - ok
09:13:22.0421 3164 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:13:22.0421 3164 ParVdm - ok
09:13:22.0453 3164 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:13:22.0453 3164 PCI - ok
09:13:22.0484 3164 PCIDump - ok
09:13:22.0718 3164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:13:22.0718 3164 PCIIde - ok
09:13:22.0765 3164 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:13:22.0765 3164 Pcmcia - ok
09:13:22.0781 3164 PDCOMP - ok
09:13:22.0796 3164 PDFRAME - ok
09:13:22.0812 3164 PDRELI - ok
09:13:22.0812 3164 PDRFRAME - ok
09:13:22.0828 3164 perc2 - ok
09:13:22.0843 3164 perc2hib - ok
09:13:22.0890 3164 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:13:22.0890 3164 PlugPlay - ok
09:13:22.0921 3164 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:13:22.0921 3164 PolicyAgent - ok
09:13:23.0171 3164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:13:23.0171 3164 PptpMiniport - ok
09:13:23.0187 3164 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:13:23.0187 3164 ProtectedStorage - ok
09:13:23.0203 3164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:13:23.0203 3164 PSched - ok
09:13:23.0234 3164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:13:23.0234 3164 Ptilink - ok
09:13:23.0281 3164 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:13:23.0281 3164 PxHelp20 - ok
09:13:23.0281 3164 ql1080 - ok
09:13:23.0296 3164 Ql10wnt - ok
09:13:23.0312 3164 ql12160 - ok
09:13:23.0328 3164 ql1240 - ok
09:13:23.0328 3164 ql1280 - ok
09:13:23.0359 3164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:13:23.0359 3164 RasAcd - ok
09:13:23.0609 3164 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:13:23.0609 3164 RasAuto - ok
09:13:23.0671 3164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:13:23.0671 3164 Rasl2tp - ok
09:13:23.0718 3164 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:13:23.0718 3164 RasMan - ok
09:13:23.0953 3164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:13:23.0953 3164 RasPppoe - ok
09:13:23.0984 3164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:13:23.0984 3164 Raspti - ok
09:13:24.0015 3164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:13:24.0031 3164 Rdbss - ok
09:13:24.0062 3164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:13:24.0062 3164 RDPCDD - ok
09:13:24.0093 3164 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:13:24.0109 3164 rdpdr - ok
09:13:24.0359 3164 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:13:24.0359 3164 RDPWD - ok
09:13:24.0390 3164 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:13:24.0390 3164 RDSessMgr - ok
09:13:24.0453 3164 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:13:24.0453 3164 redbook - ok
09:13:24.0703 3164 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:13:24.0703 3164 RemoteAccess - ok
09:13:24.0734 3164 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:13:24.0750 3164 RemoteRegistry - ok
09:13:24.0984 3164 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:13:24.0984 3164 RpcLocator - ok
09:13:25.0031 3164 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:13:25.0031 3164 RpcSs - ok
09:13:25.0281 3164 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:13:25.0281 3164 RSVP - ok
09:13:25.0546 3164 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:13:25.0546 3164 SamSs - ok
09:13:25.0562 3164 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:13:25.0578 3164 SCardSvr - ok
09:13:25.0828 3164 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:13:25.0828 3164 Schedule - ok
09:13:26.0078 3164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:13:26.0078 3164 Secdrv - ok
09:13:26.0312 3164 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:13:26.0312 3164 seclogon - ok
09:13:26.0343 3164 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:13:26.0343 3164 SENS - ok
09:13:26.0718 3164 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:13:26.0718 3164 Serial - ok
09:13:26.0984 3164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:13:26.0984 3164 Sfloppy - ok
09:13:27.0234 3164 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:13:27.0234 3164 SharedAccess - ok
09:13:27.0281 3164 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:13:27.0281 3164 ShellHWDetection - ok
09:13:27.0500 3164 Simbad - ok
09:13:27.0750 3164 Sparrow - ok
09:13:27.0984 3164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:13:27.0984 3164 splitter - ok
09:13:28.0234 3164 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:13:28.0234 3164 Spooler - ok
09:13:28.0484 3164 sptd (ab5c8f6e63674dbad9c1e449e8fd77ce) C:\WINDOWS\System32\Drivers\sptd.sys
09:13:28.0500 3164 sptd - ok
09:13:28.0765 3164 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:13:28.0765 3164 sr - ok
09:13:29.0000 3164 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:13:29.0000 3164 srservice - ok
09:13:29.0250 3164 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:13:29.0265 3164 Srv - ok
09:13:29.0515 3164 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:13:29.0515 3164 SSDPSRV - ok
09:13:29.0750 3164 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:13:29.0765 3164 stisvc - ok
09:13:30.0015 3164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:13:30.0015 3164 swenum - ok
09:13:30.0140 3164 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
09:13:30.0156 3164 SwitchBoard - ok
09:13:30.0390 3164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:13:30.0390 3164 swmidi - ok
09:13:30.0609 3164 SwPrv - ok
09:13:30.0640 3164 symc810 - ok
09:13:30.0859 3164 symc8xx - ok
09:13:31.0093 3164 sym_hi - ok
09:13:31.0312 3164 sym_u3 - ok
09:13:31.0562 3164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:13:31.0562 3164 sysaudio - ok
09:13:31.0812 3164 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:13:31.0812 3164 SysmonLog - ok
09:13:32.0046 3164 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:13:32.0046 3164 TapiSrv - ok
09:13:32.0312 3164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:13:32.0312 3164 Tcpip - ok
09:13:32.0562 3164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:13:32.0562 3164 TDPIPE - ok
09:13:32.0812 3164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:13:32.0812 3164 TDTCP - ok
09:13:33.0046 3164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:13:33.0046 3164 TermDD - ok
09:13:33.0281 3164 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:13:33.0281 3164 TermService - ok
09:13:33.0546 3164 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:13:33.0546 3164 Themes - ok
09:13:33.0781 3164 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:13:33.0781 3164 TlntSvr - ok
09:13:33.0812 3164 TosIde - ok
09:13:34.0062 3164 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:13:34.0062 3164 TrkWks - ok
09:13:34.0109 3164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:13:34.0109 3164 Udfs - ok
09:13:34.0328 3164 ultra - ok
09:13:34.0390 3164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:13:34.0390 3164 Update - ok
09:13:34.0750 3164 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:13:34.0750 3164 upnphost - ok
09:13:34.0781 3164 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:13:34.0781 3164 UPS - ok
09:13:34.0796 3164 USBAAPL - ok
09:13:35.0031 3164 UsbC (9e7dc3f68f9f9b50d8f38ef5434aa3e3) C:\WINDOWS\system32\Drivers\rcusbwdm.sys
09:13:35.0031 3164 UsbC - ok
09:13:35.0078 3164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:13:35.0078 3164 usbccgp - ok
09:13:35.0312 3164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:13:35.0312 3164 usbehci - ok
09:13:35.0359 3164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:13:35.0359 3164 usbhub - ok
09:13:35.0578 3164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:13:35.0593 3164 usbprint - ok
09:13:35.0640 3164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:13:35.0640 3164 usbscan - ok
09:13:35.0875 3164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:13:35.0875 3164 USBSTOR - ok
09:13:35.0890 3164 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:13:35.0890 3164 usbuhci - ok
09:13:35.0921 3164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:13:35.0921 3164 VgaSave - ok
09:13:36.0125 3164 ViaIde - ok
09:13:36.0171 3164 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:13:36.0171 3164 VolSnap - ok
09:13:36.0218 3164 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:13:36.0218 3164 VSS - ok
09:13:36.0453 3164 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:13:36.0453 3164 W32Time - ok
09:13:36.0500 3164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:13:36.0500 3164 Wanarp - ok
09:13:36.0750 3164 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:13:36.0765 3164 Wdf01000 - ok
09:13:36.0796 3164 WDICA - ok
09:13:37.0031 3164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:13:37.0031 3164 wdmaud - ok
09:13:37.0062 3164 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:13:37.0062 3164 WebClient - ok
09:13:37.0343 3164 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:13:37.0343 3164 winmgmt - ok
09:13:37.0375 3164 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:13:37.0375 3164 WmdmPmSN - ok
09:13:37.0625 3164 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:13:37.0625 3164 Wmi - ok
09:13:37.0671 3164 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:13:37.0671 3164 WmiAcpi - ok
09:13:37.0921 3164 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:13:37.0921 3164 WmiApSrv - ok
09:13:38.0015 3164 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:13:38.0062 3164 WMPNetworkSvc - ok
09:13:38.0625 3164 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:13:38.0640 3164 WPFFontCache_v0400 - ok
09:13:38.0875 3164 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:13:38.0875 3164 WS2IFSL - ok
09:13:38.0921 3164 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:13:38.0921 3164 wscsvc - ok
09:13:39.0156 3164 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:13:39.0156 3164 wuauserv - ok
09:13:39.0203 3164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:13:39.0203 3164 WudfPf - ok
09:13:39.0421 3164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:13:39.0421 3164 WudfRd - ok
09:13:39.0453 3164 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:13:39.0468 3164 WudfSvc - ok
09:13:39.0500 3164 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:13:39.0515 3164 WZCSVC - ok
09:13:39.0750 3164 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:13:39.0750 3164 xmlprov - ok
09:13:39.0781 3164 ZTEusbmdm6k - ok
09:13:39.0984 3164 ZTEusbnet - ok
09:13:40.0015 3164 ZTEusbnmea - ok
09:13:40.0015 3164 ZTEusbser6k - ok
09:13:40.0046 3164 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
09:13:40.0187 3164 \Device\Harddisk0\DR0 - ok
09:13:40.0187 3164 Boot (0x1200) (638b04ff5712ddb10fac3e018fd2e423) \Device\Harddisk0\DR0\Partition0
09:13:40.0187 3164 \Device\Harddisk0\DR0\Partition0 - ok
09:13:40.0203 3164 Boot (0x1200) (7e67d6691d8aa0e5f1a2247170e4f34c) \Device\Harddisk0\DR0\Partition1
09:13:40.0203 3164 \Device\Harddisk0\DR0\Partition1 - ok
09:13:40.0203 3164 ============================================================
09:13:40.0203 3164 Scan finished
09:13:40.0203 3164 ============================================================
09:13:40.0218 1524 Detected object count: 1
09:13:40.0218 1524 Actual detected object count: 1
09:13:55.0968 1524 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
09:13:56.0640 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\@ - copied to quarantine
09:13:56.0656 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\L\fnmrujxn - copied to quarantine
09:13:56.0656 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\loader.tlb - copied to quarantine
09:13:56.0671 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@00000001 - copied to quarantine
09:13:56.0750 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@000000c0 - copied to quarantine
09:13:56.0781 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@000000cb - copied to quarantine
09:13:56.0796 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@000000cf - copied to quarantine
09:13:56.0828 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@80000000 - copied to quarantine
09:13:56.0828 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@800000c0 - copied to quarantine
09:13:56.0843 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@800000cb - copied to quarantine
09:13:56.0859 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@800000cf - copied to quarantine
09:13:57.0734 1524 C:\WINDOWS\assembly\GAC_MSIL\desktop.ini - copied to quarantine
09:13:57.0734 1524 C:\WINDOWS\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - copied to quarantine
09:13:57.0750 1524 C:\Documents and Settings\accountsuser\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - copied to quarantine
09:13:58.0984 1524 Backup copy found, using it..
09:13:59.0000 1524 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
09:14:03.0656 1524 C:\WINDOWS\$NtUninstallKB36170$\1010927114 - will be deleted on reboot
09:14:03.0656 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\@ - will be deleted on reboot
09:14:03.0734 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\loader.tlb - will be deleted on reboot
09:14:03.0750 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@00000001 - will be deleted on reboot
09:14:03.0750 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@000000c0 - will be deleted on reboot
09:14:03.0750 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@000000cb - will be deleted on reboot
09:14:03.0750 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@000000cf - will be deleted on reboot
09:14:03.0750 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@80000000 - will be deleted on reboot
09:14:03.0750 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@800000c0 - will be deleted on reboot
09:14:03.0750 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@800000cb - will be deleted on reboot
09:14:03.0750 1524 C:\WINDOWS\$NtUninstallKB36170$\3308828557\U\@800000cf - will be deleted on reboot
09:14:03.0750 1524 C:\WINDOWS\assembly\GAC_MSIL\desktop.ini - will be deleted on reboot
09:14:03.0750 1524 C:\WINDOWS\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - will be deleted on reboot
09:14:03.0750 1524 C:\Documents and Settings\accountsuser\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb - will be deleted on reboot
09:14:03.0750 1524 IPSec ( Virus.Win32.ZAccess.g ) - User select action: Cure
09:14:22.0328 3264 Deinitialize success





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 09:16:15
-----------------------------
09:16:15.343 OS Version: Windows 5.1.2600 Service Pack 3
09:16:15.343 Number of processors: 2 586 0x403
09:16:15.343 ComputerName: ACCOUNTS UserName:
09:16:16.312 Initialize success
09:17:13.765 AVAST engine defs: 12040801
09:17:20.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
09:17:20.812 Disk 0 Vendor: WDC_WD800JD-60LSA5 10.01E03 Size: 76319MB BusType: 3
09:17:20.828 Disk 0 MBR read successfully
09:17:20.828 Disk 0 MBR scan
09:17:20.859 Disk 0 unknown MBR code
09:17:20.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 32765 MB offset 63
09:17:20.875 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 43551 MB offset 67103505
09:17:20.875 Disk 0 scanning sectors +156296385
09:17:20.953 Disk 0 scanning C:\WINDOWS\system32\drivers
09:17:28.546 Service scanning
09:17:41.531 Modules scanning
09:17:46.343 Disk 0 trace - called modules:
09:17:46.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
09:17:46.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aacaab8]
09:17:46.375 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000067[0x8aaf79e8]
09:17:46.375 5 ACPI.sys[b9e4d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8ab19940]
09:17:46.640 AVAST engine scan C:\WINDOWS
09:17:52.812 AVAST engine scan C:\WINDOWS\system32
09:19:56.953 AVAST engine scan C:\WINDOWS\system32\drivers
09:20:07.187 AVAST engine scan C:\Documents and Settings\accountsuser
09:20:27.250 AVAST engine scan C:\Documents and Settings\All Users
09:22:29.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\accountsuser\Desktop\MBR.dat"
09:22:29.984 The log file has been saved successfully to "C:\Documents and Settings\accountsuser\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 AM

Posted 09 April 2012 - 01:15 AM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 firefly8568

firefly8568
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 09 April 2012 - 02:39 AM

hi Gringo,


As of now, i don't have any issues surfacing..

I will let you know once i encountered one..

Here is the combofix log



ComboFix 12-04-08.02 - accountsuser 04/09/2012 11:20:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1645 [GMT 4:00]
Running from: c:\documents and settings\accountsuser\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\windows\system32\dds_log_ad13.cmd
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\spool\prtprocs\w32x86\pcldll6l.dll
c:\windows\system32\spool\prtprocs\w32x86\zpp.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVPSYS
-------\Service_AVPsys
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 05:13 . 2012-04-09 05:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 11:59 . 2012-04-05 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2012-04-05 07:34 . 2012-04-05 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SummitSoft
2012-04-05 06:03 . 2012-04-05 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-05 06:03 . 2012-04-05 06:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-05 06:03 . 2011-12-10 11:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 06:01 . 2012-04-05 06:01 -------- d-----w- c:\program files\Conduit
2012-04-03 08:51 . 2012-04-05 09:42 48 ----a-w- c:\windows\wpd99.drv
2012-04-03 07:33 . 2012-04-03 07:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2012-04-02 08:07 . 2012-04-02 08:59 -------- d-----w- c:\program files\PC Tools Security
2012-04-01 09:06 . 2012-04-08 06:02 -------- d-----w- c:\documents and settings\accountsuser
2012-04-01 07:39 . 2012-04-01 07:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2012-04-01 07:27 . 2012-04-01 07:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-04-01 07:25 . 2012-04-01 07:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-04-01 07:14 . 2012-04-01 07:14 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2012-04-01 07:14 . 2012-04-01 07:14 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-04-01 06:55 . 2012-04-01 06:55 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-03-29 05:41 . 2012-03-29 05:41 -------- d-----w- c:\documents and settings\accountuser\cache
2012-03-27 07:31 . 2012-03-27 07:31 -------- d-----w- c:\program files\salesforce.com
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-22 08:03 . 2012-03-22 08:03 -------- d-----w- c:\program files\Investintech.com Inc
2012-03-18 09:21 . 2012-03-18 09:21 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 09:21 . 2012-03-18 09:21 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-09 05:14 . 2004-08-04 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-26 06:33 . 2010-12-07 08:14 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-01-11 19:06 . 2012-02-15 05:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-18 09:21 . 2011-06-02 07:03 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"AClntUsr"="c:\program files\Aclient\AClntUsr.EXE" [2012-04-09 180224]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-10-01 497648]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
c:\documents and settings\accountuser\Start Menu\Programs\Startup\
Chatter Desktop.lnk - c:\program files\salesforce.com\Chatter Desktop\Chatter Desktop.exe [2012-3-27 142848]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 06:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 18:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-10-01 04:44 497648 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2010-03-09 00:28 11989960 ----a-w- c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 00:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 13:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-19 05:41 136176 ----atw- c:\documents and settings\accountuser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp 1000 firmware]
2001-12-15 08:10 36864 ------w- c:\program files\hp LaserJet 1000\fwdl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JFSW2Launch]
2010-11-03 09:43 176128 ----a-w- c:\documents and settings\accountuser\Application Data\Transcend\JFSW2\JFSW2Launch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-04-29 12:59 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 09:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Aclient\\AClntUsr.EXE"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\TVUPlayer_green.v2.5.3.1\\TVUPlayer.exe"=
"c:\\Program Files\\ComicRack\\ComicRack.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Picasa3\\PicasaUpdater.exe"=
"c:\\Documents and Settings\\accountuser\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Picasa3\\Picasa3.exe"=
"c:\\Documents and Settings\\accountuser\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Documents and Settings\\accountuser\\Local Settings\\Temp\\jag218930.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program Files\\pdf995\\res\\drivedir\\pdflib.exe"=
"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Documents and Settings\\accountuser\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Yahoo!\\YUpdater\\yupdater.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Documents and Settings\\accountuser\\Local Settings\\Application Data\\pwccap.exe"=
"c:\\Program Files\\Common Files\\Adobe AIR\\Versions\\1.0\\Adobe AIR Application Installer.exe"=
"c:\\Program Files\\Common Files\\Adobe AIR\\Versions\\1.0\\Resources\\Adobe AIR Updater.exe"=
"c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil11e_Plugin.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Documents and Settings\\accountsuser\\Desktop\\tdsskiller.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11/16/2009 9:06 AM 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/16/2009 9:04 AM 735960]
R2 HOSTNT;HOSTNT;c:\windows\system32\drivers\hostnt.sys [8/10/2011 11:41 AM 4032]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/5/2012 10:03 AM 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/5/2012 10:03 AM 20464]
R3 UsbC;SafeNet MicroDog USB Device Driver;c:\windows\system32\drivers\rcusbwdm.sys [8/10/2011 11:41 AM 50816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 FlexService;Remote Connections Service;"c:\program files\RapidBIT\cisvc.exe" --> c:\program files\RapidBIT\cisvc.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 5:28 PM 253600]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys --> c:\windows\system32\DRIVERS\netaapl.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys --> c:\windows\system32\DRIVERS\ZTEusbnet.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
trcboot
mcredirector
nmraapache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 05:23]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-681088101-345519370-106516045-1221Core.job
- c:\documents and settings\accountuser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-19 05:41]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-681088101-345519370-106516045-1221UA.job
- c:\documents and settings\accountuser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-19 05:41]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.42.20.20
FF - ProfilePath - c:\documents and settings\accountsuser\Application Data\Mozilla\Firefox\Profiles\efbm1jsu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ae/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
SafeBoot-93637087.sys
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
MSConfigStartUp-PC Optimizer Pro - c:\program files\PC Optimizer Pro\StartApps.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-09 11:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3784)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Aclient\AClient.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-04-09 11:34:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 07:34
.
Pre-Run: 13,625,098,240 bytes free
Post-Run: 13,790,445,568 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 59C30538C3AD18774D067F661BF04419

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 AM

Posted 09 April 2012 - 02:43 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files\Conduit

FireFox::
FF - ProfilePath - c:\documents and settings\accountsuser\Application Data\Mozilla\Firefox\Profiles\efbm1jsu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 firefly8568

firefly8568
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 09 April 2012 - 04:20 AM

Hi Gringo,

everything went smoothly

just a few diagnosis while running the combofix

"rootkit" is infected

here is the log file

Thank you


ComboFix 12-04-08.02 - accountsuser 04/09/2012 13:02:35.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1636 [GMT 4:00]
Running from: c:\documents and settings\accountsuser\Desktop\virus removal\ComboFix.exe
Command switches used :: c:\documents and settings\accountsuser\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 07:50 . 2009-05-18 09:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-09 07:50 . 2008-04-17 08:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-04-09 07:50 . 2012-04-09 07:50 -------- d-----w- c:\program files\iPod
2012-04-09 07:49 . 2012-04-09 07:49 -------- d-----w- c:\program files\Apple Software Update
2012-04-09 07:49 . 2011-08-02 12:38 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2012-04-09 07:49 . 2011-08-02 12:38 18432 ----a-w- c:\windows\system32\drivers\netaapl.sys
2012-04-09 07:49 . 2012-02-15 07:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-09 07:49 . 2012-02-15 07:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-09 05:13 . 2012-04-09 05:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 11:59 . 2012-04-05 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2012-04-05 07:34 . 2012-04-05 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SummitSoft
2012-04-05 06:03 . 2012-04-05 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-05 06:03 . 2012-04-05 06:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-05 06:03 . 2011-12-10 11:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:51 . 2012-04-05 09:42 48 ----a-w- c:\windows\wpd99.drv
2012-04-03 07:33 . 2012-04-03 07:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2012-04-02 08:07 . 2012-04-02 08:59 -------- d-----w- c:\program files\PC Tools Security
2012-04-01 09:06 . 2012-04-08 06:02 -------- d-----w- c:\documents and settings\accountsuser
2012-04-01 07:39 . 2012-04-01 07:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2012-04-01 07:27 . 2012-04-01 07:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-04-01 07:25 . 2012-04-01 07:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-04-01 07:14 . 2012-04-01 07:14 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2012-04-01 07:14 . 2012-04-01 07:14 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-04-01 06:55 . 2012-04-01 06:55 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-03-29 05:41 . 2012-03-29 05:41 -------- d-----w- c:\documents and settings\accountuser\cache
2012-03-27 07:31 . 2012-03-27 07:31 -------- d-----w- c:\program files\salesforce.com
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-22 08:03 . 2012-03-22 08:03 -------- d-----w- c:\program files\Investintech.com Inc
2012-03-18 09:21 . 2012-03-18 09:21 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 09:21 . 2012-03-18 09:21 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-09 05:14 . 2004-08-04 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-26 06:33 . 2010-12-07 08:14 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-01-11 19:06 . 2012-02-15 05:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-18 09:21 . 2011-06-02 07:03 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"AClntUsr"="c:\program files\Aclient\AClntUsr.EXE" [2012-04-09 180224]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-10-01 497648]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\documents and settings\accountuser\Start Menu\Programs\Startup\
Chatter Desktop.lnk - c:\program files\salesforce.com\Chatter Desktop\Chatter Desktop.exe [2012-3-27 142848]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 06:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 18:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-10-01 04:44 497648 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2010-03-09 00:28 11989960 ----a-w- c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 00:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 13:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-19 05:41 136176 ----atw- c:\documents and settings\accountuser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp 1000 firmware]
2001-12-15 08:10 36864 ------w- c:\program files\hp LaserJet 1000\fwdl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JFSW2Launch]
2010-11-03 09:43 176128 ----a-w- c:\documents and settings\accountuser\Application Data\Transcend\JFSW2\JFSW2Launch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-04-29 12:59 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 09:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Aclient\\AClntUsr.EXE"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\TVUPlayer_green.v2.5.3.1\\TVUPlayer.exe"=
"c:\\Program Files\\ComicRack\\ComicRack.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Picasa3\\PicasaUpdater.exe"=
"c:\\Documents and Settings\\accountuser\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Picasa3\\Picasa3.exe"=
"c:\\Documents and Settings\\accountuser\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Documents and Settings\\accountuser\\Local Settings\\Temp\\jag218930.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program Files\\pdf995\\res\\drivedir\\pdflib.exe"=
"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Documents and Settings\\accountuser\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Yahoo!\\YUpdater\\yupdater.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Documents and Settings\\accountuser\\Local Settings\\Application Data\\pwccap.exe"=
"c:\\Program Files\\Common Files\\Adobe AIR\\Versions\\1.0\\Adobe AIR Application Installer.exe"=
"c:\\Program Files\\Common Files\\Adobe AIR\\Versions\\1.0\\Resources\\Adobe AIR Updater.exe"=
"c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil11e_Plugin.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Documents and Settings\\accountsuser\\Desktop\\tdsskiller.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11/16/2009 9:06 AM 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/16/2009 9:04 AM 735960]
R2 HOSTNT;HOSTNT;c:\windows\system32\drivers\hostnt.sys [8/10/2011 11:41 AM 4032]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/5/2012 10:03 AM 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/5/2012 10:03 AM 20464]
R3 UsbC;SafeNet MicroDog USB Device Driver;c:\windows\system32\drivers\rcusbwdm.sys [8/10/2011 11:41 AM 50816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 FlexService;Remote Connections Service;"c:\program files\RapidBIT\cisvc.exe" --> c:\program files\RapidBIT\cisvc.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 5:28 PM 253600]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [4/9/2012 11:49 AM 18432]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys --> c:\windows\system32\DRIVERS\ZTEusbnet.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
trcboot
mcredirector
nmraapache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 05:23]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-681088101-345519370-106516045-1221Core.job
- c:\documents and settings\accountuser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-19 05:41]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-681088101-345519370-106516045-1221UA.job
- c:\documents and settings\accountuser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-19 05:41]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.42.20.20
FF - ProfilePath - c:\documents and settings\accountsuser\Application Data\Mozilla\Firefox\Profiles\efbm1jsu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ae/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-09 13:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(176)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Aclient\AClient.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-04-09 13:16:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 09:16
ComboFix2.txt 2012-04-09 07:34
.
Pre-Run: 13,247,373,312 bytes free
Post-Run: 13,298,946,048 bytes free
.
- - End Of File - - ADD0DCE66A12164CC83A8FF114417795

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 AM

Posted 09 April 2012 - 07:34 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.0
Java™ 6 Update 20
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 firefly8568

firefly8568
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 10 April 2012 - 01:07 AM

hi gringo..

thanks for the reply

here are the logs

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
accountsuser :: ACCOUNTS [administrator]

Protection: Disabled

4/10/2012 9:38:00 AM
mbam-log-2012-04-10 (09-38-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225570
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:48:32 AM, on 4/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Aclient\AClient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Aclient\AClntUsr.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Aclient\AClntUsr.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Aclient\AClient.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Remote Connections Service (FlexService) - Unknown owner - C:\Program Files\RapidBIT\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Ppped (pav_security) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 6393 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users