Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "System Check" virus


  • This topic is locked This topic is locked
25 replies to this topic

#1 thonczarenko

thonczarenko

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 05 April 2012 - 09:49 AM

Hello Bleeping Computer,

I have a PC (XP Pro, SP3) that was infected with "System Check" virus. I ran CCleaner, then Malwarebytes and thought I got rid of it, but the computer started redirecting to random sites from any search engine shortly after.

I Googled (on a different PC) how to remove System Check and found directions from another website, which said to rename the random .exe files in the applicaiton data folder. Then open cmd window, Type cd \ and press Enter. Type attrib -h /s /d and press Enter. Next I ran Malwarebytes and then TDSSKiller, but that would not run, so I ran Combofix as per the directions, but that would hang during its search; 20-30 minutes into the scan I noticed the clock stopped and the mouse showed an hour glass; I waited for over an hour (I made sure Symantec A/V services were stopped before the scan). I also tried Combofix in Safe Mode with Symantec services stopped, with same results (hanging up at 20-30 minutes).

I am kicking myself since in these forums I have read said NOT to run combofix unless instructed. :( I hope I did not screw things up.

Thank you,
Todd

Below is my Hijack This log file.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:22:23 PM, on 4/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\TIBCO\TIBRV\bin\rvntsctl.exe
C:\WINDOWS\system32\svchost.exe
C:\TIBCO\TIBRV\bin\rvd.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\M50\m50.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\blp\API\office tools\bxlaui.exe
c:\blp\API\office tools\bxlartd.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [CLRHost] C:\blp\API\Office Tools\bbxlcmd.exe
O4 - Startup: Flash Messaging Startup.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://www.veracast.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oraclepartners.com
O17 - HKLM\Software\..\Telephony: DomainName = oraclepartners.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B178B699-201F-4353-9419-4685206BBB74}: NameServer = 192.168.80.22,192.168.80.242
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = oraclepartners.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{B178B699-201F-4353-9419-4685206BBB74}: NameServer = 192.168.80.22,192.168.80.242
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = oraclepartners.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{B178B699-201F-4353-9419-4685206BBB74}: NameServer = 192.168.80.22,192.168.80.242
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\123\pev.3XE (file missing)
O23 - Service: Eze Pricing Service PRIMARY (PricingPubDM_PRIMARY) - Unknown owner - C:\Program Files\Eze Castle Software\EzePricing\PricingPublisherSvc.exe
O23 - Service: TIB/Rendezvous Communications Daemon (rvd) - Unknown owner - C:\TIBCO\TIBRV\bin\rvntsctl.exe
O23 - Service: Eze Sentry PRIMARY (SentrySvcDM_PRIMARY) - Eze Castle Software - C:\Program Files\Eze Castle Software\Common\SentrySvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Eze Static Pricing Publisher PRIMARY (StaticPricePubService_PRIMARY) - Unknown owner - C:\Program Files\Eze Castle Software\EzePricing\StaticPricingPublisherSvc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 9627 bytes

Edited by thonczarenko, 05 April 2012 - 10:08 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:55 AM

Posted 05 April 2012 - 11:53 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:55 AM

Posted 09 April 2012 - 12:00 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 thonczarenko

thonczarenko
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 09 April 2012 - 08:26 AM

Hello Gringo,

Sorry, I was sick with a cold, or a virus :) and was in bed for a few days. I'll be performing the steps you have recommended today.

Thank you!!!

Todd

#5 thonczarenko

thonczarenko
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 09 April 2012 - 11:44 AM

I went in to the services.msc to stop the Symantec services, then I downloaded Defogger to my desktop and ran it. It said it finished, so I clicked on the X to close out the window, since there was no "OK" button; it did not prompt to reboot.

Next, I downloaded DDS to my desktop and ran it, but it hung so I left it for about 20 minutes and found that the PC was frozen; I rebooted, stopped Symantec services and ran both Defogger and DDS, but DDS hung again.

Any ideas?

Thanks!
Todd

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:55 AM

Posted 09 April 2012 - 01:16 PM

Hello


try this one


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 thonczarenko

thonczarenko
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 10 April 2012 - 06:52 PM

Hi Gringo,

Sorry for the delay. Here is the OTL.txt.

Thank you!

OTL logfile created on: 4/10/2012 7:33:26 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\bmeglio\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.76% Memory free
4.85 Gb Paging File | 3.44 Gb Available in Paging File | 71.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 119.59 Gb Free Space | 80.24% Space Free | Partition Type: NTFS
Drive F: | 2712.25 Gb Total Space | 2060.61 Gb Free Space | 75.97% Space Free | Partition Type: NTFS
Drive G: | 2712.25 Gb Total Space | 2060.61 Gb Free Space | 75.97% Space Free | Partition Type: NTFS
Drive H: | 2712.25 Gb Total Space | 2060.61 Gb Free Space | 75.97% Space Free | Partition Type: NTFS
Drive I: | 2712.25 Gb Total Space | 2060.61 Gb Free Space | 75.97% Space Free | Partition Type: NTFS
Drive J: | 2712.25 Gb Total Space | 2060.61 Gb Free Space | 75.97% Space Free | Partition Type: NTFS

Computer Name: BOB-HP-WS | User Name: BMeglio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\bmeglio\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - c:\blp\API\Office Tools\bxlaui.exe (Bloomberg L.P.)
PRC - c:\blp\API\Office Tools\bxlartd.exe (Bloomberg L.P.)
PRC - C:\blp\API\bbcomm.exe (Bloomberg L.P.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\TIBCO\TIBRV\bin\rvd.exe ()
PRC - C:\TIBCO\TIBRV\bin\rvntsctl.exe ()
PRC - C:\Program Files\M50\m50.exe (Jera Technology)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - c:\blp\API\Office Tools\Bloomberg.OfficeTools.DataModel.Schemas.XmlSerializers.dll ()
MOD - c:\blp\API\Office Tools\FieldServiceDesktopSchemaV8.XmlSerializers.dll ()
MOD - c:\blp\API\Office Tools\FavoriteFieldsServiceSchema.XmlSerializers.dll ()
MOD - c:\blp\API\Office Tools\Microsoft.ApplicationBlocks.UIProcess.dll ()
MOD - c:\blp\API\Office Tools\BlissAdaptor.XmlSerializers.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll ()
MOD - C:\Program Files\Microsoft Office\Office12\Wordcnvpxy.cnv ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\TIBCO\TIBRV\bin\rvd.exe ()
MOD - C:\TIBCO\TIBRV\bin\rvntsctl.exe ()


========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- C:\123\pev.3XE EXEC /i C:\123\HIDEC.3XE C:\123\SWREG.3XE ACL HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep /RESET /Q File not found
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (StaticPricePubService_PRIMARY) -- C:\Program Files\Eze Castle Software\EzePricing\StaticPricingPublisherSvc.exe ()
SRV - (PricingPubDM_PRIMARY) -- C:\Program Files\Eze Castle Software\EzePricing\PricingPublisherSvc.exe ()
SRV - (SentrySvcDM_PRIMARY) -- C:\Program Files\Eze Castle Software\Common\SentrySvc.exe (Eze Castle Software)
SRV - (rvd) -- C:\TIBCO\TIBRV\bin\rvntsctl.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- File not found
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\WINDOWS\system32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\WINDOWS\system32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120410.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120410.003\NAVENG.SYS (Symantec Corporation)
DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (FLMckUsb) -- C:\WINDOWS\system32\drivers\ATTchWDF.sys (AuthenTec, Inc.)
DRV - (SysPlant) -- C:\WINDOWS\system32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)
DRV - (BCBUSB) Bloomberg Keyboard Comm Device (VID1188_PID03EE_V1096) -- C:\WINDOWS\system32\drivers\BCBUSB.sys (Bloomberg LP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-205722615-2038190851-311576647-1025\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-205722615-2038190851-311576647-1025\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-205722615-2038190851-311576647-1025\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 C8 5F 45 8F 12 CD 01 [binary data]
IE - HKU\S-1-5-21-205722615-2038190851-311576647-1025\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-205722615-2038190851-311576647-1025\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-205722615-2038190851-311576647-1025\..\SearchScopes\{F50003C1-E387-405A-9B45-745A6909C44B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-205722615-2038190851-311576647-1025\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-205722615-2038190851-311576647-1025\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/09 16:19:21 | 000,000,000 | ---D | M]

[2012/04/09 08:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bmeglio\Application Data\Mozilla\Extensions
[2012/04/09 08:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O3 - HKU\S-1-5-21-205722615-2038190851-311576647-1025\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-205722615-2038190851-311576647-1025..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-205722615-2038190851-311576647-1025..\Run: [CLRHost] C:\blp\API\Office Tools\bbxlcmd.exe ()
O4 - Startup: C:\Documents and Settings\bmeglio\Start Menu\Programs\Startup\Flash Messaging Startup.lnk = C:\Documents and Settings\bmeglio\Application Data\Microsoft\Installer\{E912F496-C60A-49AB-AA79-58E18AFF77C2}\_6DDC7B10B64A_42BF_BF39_50B3A0B32D6B.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-205722615-2038190851-311576647-1025\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-205722615-2038190851-311576647-1025\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-205722615-2038190851-311576647-1025\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-205722615-2038190851-311576647-1025\..Trusted Domains: msn.com ([www] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oraclepartners.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B178B699-201F-4353-9419-4685206BBB74}: NameServer = 192.168.80.22,192.168.80.242
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/11 08:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/05/19 16:37:59 | 020,216,832 | ---- | M] () - J:\automate5_eval_setup.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 19:31:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bmeglio\Desktop\OTL.exe
[2012/04/09 11:15:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\bmeglio\My Documents\dds.scr
[2012/04/09 08:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmeglio\Application Data\Mozilla
[2012/04/05 07:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2012/04/05 07:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2012/04/05 07:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2012/04/05 06:06:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/04/04 22:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/04/04 22:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmeglio\Start Menu\Programs\HiJackThis
[2012/04/04 21:04:29 | 000,397,728 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\bmeglio\My Documents\unhide.exe
[2012/04/04 20:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/04/04 20:26:41 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\123app.exe
[2012/04/04 20:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmeglio\Application Data\f-secure
[2012/04/04 20:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/04/04 16:42:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/04 16:36:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/04 16:36:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/04 16:36:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/04 16:36:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/04 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/04 16:32:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/04 16:31:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bmeglio\Start Menu\Programs\Administrative Tools
[2012/04/04 10:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/04/04 10:21:38 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2012/04/04 10:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/04 10:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/04 10:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/04 10:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/04/04 10:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/04/04 07:06:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bmeglio\Recent
[2012/04/01 20:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmeglio\Application Data\Uniblue
[2012/04/01 20:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/04/01 20:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2012/04/01 20:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/04/01 20:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmeglio\Local Settings\Application Data\PackageAware
[2012/04/01 20:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmeglio\Start Menu\Programs\AIM
[2012/04/01 20:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmeglio\Start Menu\Programs\Eze Castle Software
[2012/04/01 10:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmeglio\My Documents\Downloads
[2012/03/31 13:26:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/03/31 13:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/31 12:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmeglio\Start Menu\Programs\Bloomberg
[2012/03/29 10:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/29 09:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AIM Toolbar
[2012/03/29 09:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012/03/29 09:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2012/03/29 09:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmeglio\Application Data\Malwarebytes
[2012/03/29 09:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/29 09:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/29 09:40:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/29 09:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/10 19:41:01 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/10 19:41:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/10 19:31:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bmeglio\Desktop\OTL.exe
[2012/04/10 16:51:02 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-205722615-2038190851-311576647-1025.job
[2012/04/10 07:22:02 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\bmeglio\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/04/09 20:34:47 | 000,000,808 | ---- | M] () -- C:\WINDOWS\tasks\Reuters Backup Nightly.job
[2012/04/09 14:57:53 | 000,042,692 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/04/09 13:09:04 | 560,743,424 | ---- | M] () -- C:\Documents and Settings\bmeglio\My Documents\archive.pst
[2012/04/09 12:11:23 | 000,000,064 | ---- | M] () -- C:\WINDOWS\groups.ldb
[2012/04/09 12:06:45 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\bmeglio\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2012/04/09 12:04:25 | 000,002,363 | ---- | M] () -- C:\Documents and Settings\bmeglio\Start Menu\Programs\Startup\Flash Messaging Startup.lnk
[2012/04/09 12:03:51 | 000,004,598 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/04/09 12:03:12 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-205722615-2038190851-311576647-1025.job
[2012/04/09 12:02:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/09 12:02:01 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2012/04/09 12:00:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/09 11:59:47 | 3220,783,104 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/09 11:15:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\bmeglio\My Documents\dds.scr
[2012/04/09 11:14:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\bmeglio\defogger_reenable
[2012/04/09 11:14:01 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\bmeglio\My Documents\Defogger.exe
[2012/04/09 08:48:59 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\bmeglio\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/09 08:48:59 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/04/05 12:39:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/05 07:47:55 | 000,001,401 | ---- | M] () -- C:\IPH.PH
[2012/04/05 07:47:38 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\bmeglio\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/04/05 07:47:38 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2012/04/05 06:16:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/04 22:21:24 | 000,001,988 | ---- | M] () -- C:\Documents and Settings\bmeglio\Desktop\HiJackThis.lnk
[2012/04/04 21:58:33 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/04 21:51:13 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/04 21:44:57 | 000,526,264 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/04 21:44:57 | 000,096,120 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/04 21:04:30 | 000,397,728 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\bmeglio\My Documents\unhide.exe
[2012/04/04 20:56:23 | 000,354,816 | ---- | M] () -- C:\Documents and Settings\bmeglio\My Documents\AIMFix.exe
[2012/04/04 19:18:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/04 10:21:44 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/04/01 20:33:06 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\bmeglio\Desktop\Uniblue RegistryBooster.lnk
[2012/04/01 20:33:06 | 000,001,477 | ---- | M] () -- C:\Documents and Settings\bmeglio\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2012/03/31 13:26:18 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/29 09:40:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/26 13:41:00 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\123app.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 14:57:53 | 000,042,692 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/04/09 12:11:21 | 000,000,064 | ---- | C] () -- C:\WINDOWS\groups.ldb
[2012/04/09 11:14:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\bmeglio\defogger_reenable
[2012/04/09 11:14:06 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\bmeglio\My Documents\Defogger.exe
[2012/04/09 08:48:59 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\bmeglio\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/09 08:48:59 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/09 08:48:59 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/04/05 07:47:38 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\bmeglio\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/04/05 07:47:38 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2012/04/04 22:21:24 | 000,001,988 | ---- | C] () -- C:\Documents and Settings\bmeglio\Desktop\HiJackThis.lnk
[2012/04/04 21:38:00 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/04/04 21:18:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/04 21:18:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/04/04 20:56:22 | 000,354,816 | ---- | C] () -- C:\Documents and Settings\bmeglio\My Documents\AIMFix.exe
[2012/04/04 19:45:36 | 3220,783,104 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/04 16:42:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/04 16:42:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/04 16:36:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/04 16:36:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/04 16:36:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/04 16:36:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/04 16:36:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/04 10:21:44 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/04/03 16:51:47 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-205722615-2038190851-311576647-1025.job
[2012/04/03 16:51:46 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-205722615-2038190851-311576647-1025.job
[2012/04/01 20:33:20 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2012/04/01 20:33:06 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\bmeglio\Desktop\Uniblue RegistryBooster.lnk
[2012/04/01 20:33:06 | 000,001,477 | ---- | C] () -- C:\Documents and Settings\bmeglio\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2012/03/31 13:26:17 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/29 09:40:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/09/28 16:44:44 | 000,276,928 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/12 17:01:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/12 16:33:37 | 000,000,060 | ---- | C] () -- C:\WINDOWS\Eze_Price_BridgeCAPI.ini
[2011/08/11 15:17:02 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/08/11 15:08:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/08/11 15:02:38 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/08/11 13:45:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MESSAGE.INI
[2011/08/11 10:55:04 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\UNWISE.EXE
[2011/08/11 08:42:50 | 000,000,538 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/08/11 08:06:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/08/11 08:01:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/08/10 11:49:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/08/10 11:48:37 | 000,210,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:55 AM

Posted 10 April 2012 - 07:08 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 thonczarenko

thonczarenko
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 11 April 2012 - 05:36 AM

Hi Gringo,

Combo Fix is still freezing up my computer. I made sure to stop all Symantec services, and no other Anti malware software is running. I also made sure not to click on the blue window as to not cause it to hang up.

Any other suggestions?

Thanks!
Todd

#10 thonczarenko

thonczarenko
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 11 April 2012 - 06:26 AM

I wanted to add that I let combo fix run all night (8 hours) just to make sure it was not doing anything in the background and I was giving up too quickly.

Thank you!
Todd

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:55 AM

Posted 11 April 2012 - 07:40 AM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 thonczarenko

thonczarenko
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 12 April 2012 - 07:10 AM

Hi Gringo,

Sorry for the delay. That one worked! Here is the Combo Fix log.


I'll be on the computer all day today, so I'll be able to reply quickly today.

Thank you!

ComboFix 12-04-10.02 - BMeglio 04/11/2012 19:30:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3072.2045 [GMT -4:00]
Running from: c:\documents and settings\bmeglio\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\bmeglio\LOCALS~1\Temp\SPOON\CACHE\0xD40341C5FD70502B\STUBEXE\0x0B624CAA8193C822\bxlaui.exe
c:\docume~1\bmeglio\LOCALS~1\Temp\SPOON\CACHE\0xD40341C5FD70502B\STUBEXE\0x25C0C55654D1CFB5\PresentationFontCache.exe
c:\docume~1\bmeglio\LOCALS~1\Temp\SPOON\CACHE\0xD40341C5FD70502B\STUBEXE\0x9990F23C65E87FA2\bxlartd.exe
c:\docume~1\bmeglio\LOCALS~1\Temp\SPOON\CACHE\0xD40341C5FD70502B\SXS\x86_Microsoft.VC80.CRT@8.0.50727.3053\msvcr80.dll
c:\documents and settings\bmeglio\Local Settings\Temp\SPOON\CACHE\0xD40341C5FD70502B\STUBEXE\0x0B624CAA8193C822\bxlaui.exe
c:\documents and settings\bmeglio\Local Settings\Temp\SPOON\CACHE\0xD40341C5FD70502B\STUBEXE\0x25C0C55654D1CFB5\PresentationFontCache.exe
c:\documents and settings\bmeglio\Local Settings\Temp\SPOON\CACHE\0xD40341C5FD70502B\STUBEXE\0x9990F23C65E87FA2\bxlartd.exe
c:\documents and settings\bmeglio\Local Settings\Temp\SPOON\CACHE\0xD40341C5FD70502B\SXS\x86_Microsoft.VC80.CRT@8.0.50727.3053\msvcr80.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-05 11:47 . 2012-04-05 11:47 -------- d-----w- c:\program files\AIM
2012-04-05 11:47 . 2012-04-05 11:47 -------- d-----w- c:\program files\Common Files\Software Update Utility
2012-04-05 02:21 . 2012-04-05 02:21 388096 ----a-r- c:\documents and settings\bmeglio\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-05 02:21 . 2012-04-05 02:21 -------- d-----w- c:\program files\Trend Micro
2012-04-05 01:18 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-04-05 01:18 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-05 00:42 . 2012-04-05 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-04-05 00:26 . 2012-03-26 17:41 2068016 ----a-w- C:\123app.exe
2012-04-05 00:05 . 2012-04-05 00:05 -------- d-----w- c:\documents and settings\bmeglio\Application Data\f-secure
2012-04-05 00:05 . 2012-04-05 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2012-04-04 14:21 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-04 14:21 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-04-04 14:20 . 2012-04-04 14:20 -------- d-----w- c:\program files\iPod
2012-04-04 14:20 . 2012-04-04 14:21 -------- d-----w- c:\program files\iTunes
2012-04-04 14:20 . 2012-04-04 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-04-04 14:19 . 2012-04-04 14:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-04-04 14:17 . 2012-04-04 14:17 -------- d-----w- c:\program files\Bonjour
2012-04-02 00:33 . 2012-04-02 00:33 -------- d-----w- c:\documents and settings\bmeglio\Application Data\Uniblue
2012-04-02 00:33 . 2012-04-02 00:33 -------- dc----w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-04-02 00:33 . 2012-04-02 00:33 -------- d-----w- c:\program files\Uniblue
2012-04-02 00:31 . 2012-04-02 00:31 -------- d-----w- c:\documents and settings\bmeglio\Local Settings\Application Data\PackageAware
2012-03-31 17:26 . 2012-03-31 17:26 -------- d-----w- c:\program files\CCleaner
2012-03-29 14:00 . 2012-03-29 14:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-03-29 13:59 . 2012-03-29 13:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AIM Toolbar
2012-03-29 13:59 . 2012-03-29 13:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-03-29 13:40 . 2012-03-29 13:40 -------- d-----w- c:\documents and settings\bmeglio\Application Data\Malwarebytes
2012-03-29 13:40 . 2012-03-29 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-29 13:40 . 2012-03-29 13:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-29 13:40 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 18:02 . 2011-08-11 14:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-06 14:50 . 2011-09-08 13:53 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-06 14:50 . 2011-09-08 13:53 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-06 14:50 . 2011-09-08 13:53 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-06 14:50 . 2011-09-08 13:53 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 04:39 . 2012-04-09 12:48 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLRHost"="c:\blp\API\Office Tools\bbxlcmd.exe" [2012-02-23 273408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-12-18 115560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-03 4493312]
"nwiz"="nwiz.exe" [2004-08-03 917504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
c:\documents and settings\bmeglio\Start Menu\Programs\Startup\
Flash Messaging Startup.lnk - c:\documents and settings\bmeglio\Application Data\Microsoft\Installer\{E912F496-C60A-49AB-AA79-58E18AFF77C2}\_6DDC7B10B64A_42BF_BF39_50B3A0B32D6B.exe [2011-8-11 28672]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-06 14:50 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"138.20.0.0,255.255.0.0,192.168.80.193,1"=""
"144.14.0.0,255.255.0.0,192.168.80.193,1"=""
"199.105.176.0,255.255.248.0,192.168.80.194,1"=""
"199.105.184.0,255.255.254.0,192.168.80.194,1"=""
"69.184.0.0,255.255.0.0,192.168.80.194,1"=""
"63.75.60.0,255.255.252.0,192.168.80.197,1"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2012-02-29 20:29 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-01-09 20:18 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LBTServ"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/11/2011 11:09 AM 12184]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7/6/2011 4:32 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/11/2011 7:04 PM 12856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/6/2012 10:23 PM 106104]
R3 FLMckUsb;AuthenTec TruePrint USB Driver for AES 3400, 3500, and 4000 Fingerprint Sensors;c:\windows\system32\drivers\ATTchWDF.sys [8/11/2011 10:55 AM 64000]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [4/30/2011 8:00 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [4/30/2011 8:00 AM 12184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 rvd;TIB/Rendezvous Communications Daemon;c:\tibco\TIBRV\bin\rvntsctl.exe [8/12/2011 3:46 PM 49152]
S3 BCBUSB;Bloomberg Keyboard Comm Device (VID1188_PID03EE_V1096);c:\windows\system32\drivers\BCBUSB.sys [8/11/2011 10:55 AM 23552]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 6:17 PM 23888]
S3 PricingPubDM_PRIMARY;Eze Pricing Service PRIMARY;c:\program files\Eze Castle Software\EzePricing\PricingPublisherSvc.exe [11/22/2006 12:38 PM 2157056]
S3 SentrySvcDM_PRIMARY;Eze Sentry PRIMARY;c:\program files\Eze Castle Software\Common\SentrySvc.exe [11/22/2006 12:38 PM 1952256]
S3 StaticPricePubService_PRIMARY;Eze Static Pricing Publisher PRIMARY;c:\program files\Eze Castle Software\EzePricing\StaticPricingPublisherSvc.exe [11/22/2006 12:38 PM 1981952]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 8:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2012 4:18 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2012 4:18 PM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 20:18]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 20:18]
.
2012-04-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-205722615-2038190851-311576647-1025.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 21:02]
.
2012-04-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-205722615-2038190851-311576647-1025.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 21:02]
.
2012-04-11 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-04-02 15:22]
.
2012-04-11 c:\windows\Tasks\Reuters Backup Nightly.job
- c:\windows\system32\ntbackup.exe [2008-04-14 12:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: msn.com\www
TCP: Interfaces\{B178B699-201F-4353-9419-4685206BBB74}: NameServer = 192.168.80.22,192.168.80.242
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Symantec Antvirus
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-11 20:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2012-04-11 20:25:05
ComboFix-quarantined-files.txt 2012-04-12 00:24
.
Pre-Run: 127,905,157,120 bytes free
Post-Run: 128,690,253,824 bytes free
.
- - End Of File - - 0295B8F3E8FEA6780C2F5E65C7C1B32D

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:55 AM

Posted 12 April 2012 - 07:40 AM

Greetings

I will be in and out today but will be on all night after 9 pm

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 thonczarenko

thonczarenko
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 12 April 2012 - 08:20 AM

You are working magic! Both scans had no issues. :)

TDSSKiller log.
08:49:43.0469 2656 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
08:49:44.0654 2656 ============================================================
08:49:44.0654 2656 Current date / time: 2012/04/12 08:49:44.0654
08:49:44.0654 2656 SystemInfo:
08:49:44.0654 2656
08:49:44.0654 2656 OS Version: 5.1.2600 ServicePack: 3.0
08:49:44.0654 2656 Product type: Workstation
08:49:44.0654 2656 ComputerName: BOB-HP-WS
08:49:44.0654 2656 UserName: BMeglio
08:49:44.0654 2656 Windows directory: C:\WINDOWS
08:49:44.0654 2656 System windows directory: C:\WINDOWS
08:49:44.0654 2656 Processor architecture: Intel x86
08:49:44.0654 2656 Number of processors: 2
08:49:44.0654 2656 Page size: 0x1000
08:49:44.0654 2656 Boot type: Normal boot
08:49:44.0654 2656 ============================================================
08:49:51.0106 2656 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
08:49:51.0106 2656 \Device\Harddisk0\DR0:
08:49:51.0106 2656 MBR used
08:49:51.0106 2656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
08:49:51.0137 2656 Initialize success
08:49:51.0137 2656 ============================================================
08:51:30.0572 3524 ============================================================
08:51:30.0572 3524 Scan started
08:51:30.0572 3524 Mode: Manual;
08:51:30.0572 3524 ============================================================
08:51:31.0866 3524 Abiosdsk - ok
08:51:31.0944 3524 abp480n5 - ok
08:51:32.0037 3524 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:51:32.0037 3524 ACPI - ok
08:51:32.0193 3524 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:51:32.0193 3524 ACPIEC - ok
08:51:32.0240 3524 adpu160m - ok
08:51:32.0302 3524 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
08:51:32.0302 3524 aeaudio - ok
08:51:32.0427 3524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:51:32.0427 3524 aec - ok
08:51:32.0489 3524 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:51:32.0505 3524 AFD - ok
08:51:32.0567 3524 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
08:51:32.0567 3524 agp440 - ok
08:51:32.0599 3524 Aha154x - ok
08:51:32.0661 3524 aic78u2 - ok
08:51:32.0723 3524 aic78xx - ok
08:51:32.0801 3524 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:51:32.0801 3524 Alerter - ok
08:51:32.0879 3524 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:51:32.0879 3524 ALG - ok
08:51:32.0910 3524 AliIde - ok
08:51:32.0957 3524 amsint - ok
08:51:33.0082 3524 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:51:33.0082 3524 Apple Mobile Device - ok
08:51:33.0191 3524 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:51:33.0206 3524 AppMgmt - ok
08:51:33.0238 3524 asc - ok
08:51:33.0300 3524 asc3350p - ok
08:51:33.0347 3524 asc3550 - ok
08:51:33.0503 3524 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:51:33.0503 3524 aspnet_state - ok
08:51:33.0596 3524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:51:33.0596 3524 AsyncMac - ok
08:51:33.0658 3524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:51:33.0674 3524 atapi - ok
08:51:33.0690 3524 Atdisk - ok
08:51:33.0783 3524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:51:33.0783 3524 Atmarpc - ok
08:51:33.0845 3524 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:51:33.0845 3524 AudioSrv - ok
08:51:33.0939 3524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:51:33.0939 3524 audstub - ok
08:51:34.0017 3524 b57w2k (5175e788bcd1cb7345ab21f3e14369d2) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
08:51:34.0017 3524 b57w2k - ok
08:51:34.0095 3524 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
08:51:34.0095 3524 BANTExt - ok
08:51:34.0173 3524 BCBUSB (8e9e66cac843e24a58b3d9a15fc05320) C:\WINDOWS\system32\DRIVERS\BCBUSB.sys
08:51:34.0173 3524 BCBUSB - ok
08:51:34.0266 3524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:51:34.0266 3524 Beep - ok
08:51:34.0344 3524 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:51:34.0344 3524 BITS - ok
08:51:34.0438 3524 Blfp (9b53d428de0a2566a03499d7aa48dec4) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
08:51:34.0438 3524 Blfp - ok
08:51:34.0562 3524 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:51:34.0578 3524 Bonjour Service - ok
08:51:34.0671 3524 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:51:34.0671 3524 Browser - ok
08:51:34.0827 3524 catchme - ok
08:51:34.0921 3524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:51:34.0921 3524 cbidf2k - ok
08:51:35.0030 3524 ccEvtMgr (4aa730bb7b79b7ba70b1e30acf97d6ab) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
08:51:35.0046 3524 ccEvtMgr - ok
08:51:35.0046 3524 ccSetMgr (4aa730bb7b79b7ba70b1e30acf97d6ab) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
08:51:35.0046 3524 ccSetMgr - ok
08:51:35.0123 3524 cd20xrnt - ok
08:51:35.0233 3524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:51:35.0233 3524 Cdaudio - ok
08:51:35.0295 3524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:51:35.0295 3524 Cdfs - ok
08:51:35.0357 3524 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:51:35.0357 3524 Cdrom - ok
08:51:35.0388 3524 Changer - ok
08:51:35.0466 3524 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:51:35.0466 3524 CiSvc - ok
08:51:35.0544 3524 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:51:35.0544 3524 ClipSrv - ok
08:51:35.0716 3524 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:51:35.0716 3524 clr_optimization_v2.0.50727_32 - ok
08:51:35.0887 3524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:51:35.0887 3524 clr_optimization_v4.0.30319_32 - ok
08:51:35.0934 3524 CmdIde - ok
08:51:36.0027 3524 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\WINDOWS\system32\Drivers\COH_Mon.sys
08:51:36.0027 3524 COH_Mon - ok
08:51:36.0059 3524 COMSysApp - ok
08:51:36.0121 3524 Cpqarray - ok
08:51:36.0230 3524 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:51:36.0230 3524 CryptSvc - ok
08:51:36.0261 3524 dac2w2k - ok
08:51:36.0324 3524 dac960nt - ok
08:51:36.0433 3524 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:51:36.0448 3524 DcomLaunch - ok
08:51:36.0557 3524 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:51:36.0573 3524 Dhcp - ok
08:51:36.0651 3524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:51:36.0651 3524 Disk - ok
08:51:36.0682 3524 dmadmin - ok
08:51:36.0760 3524 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:51:36.0776 3524 dmboot - ok
08:51:36.0853 3524 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:51:36.0853 3524 dmio - ok
08:51:36.0931 3524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:51:36.0931 3524 dmload - ok
08:51:36.0994 3524 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:51:36.0994 3524 dmserver - ok
08:51:37.0103 3524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:51:37.0103 3524 DMusic - ok
08:51:37.0181 3524 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:51:37.0181 3524 Dnscache - ok
08:51:37.0259 3524 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:51:37.0274 3524 Dot3svc - ok
08:51:37.0321 3524 dpti2o - ok
08:51:37.0415 3524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:51:37.0415 3524 drmkaud - ok
08:51:37.0461 3524 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:51:37.0477 3524 EapHost - ok
08:51:37.0586 3524 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:51:37.0586 3524 eeCtrl - ok
08:51:37.0648 3524 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:51:37.0648 3524 EraserUtilRebootDrv - ok
08:51:37.0742 3524 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:51:37.0742 3524 ERSvc - ok
08:51:37.0804 3524 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:51:37.0820 3524 Eventlog - ok
08:51:37.0913 3524 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:51:37.0929 3524 EventSystem - ok
08:51:37.0991 3524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:51:37.0991 3524 Fastfat - ok
08:51:38.0069 3524 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:51:38.0069 3524 FastUserSwitchingCompatibility - ok
08:51:38.0131 3524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:51:38.0131 3524 Fdc - ok
08:51:38.0178 3524 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:51:38.0178 3524 Fips - ok
08:51:38.0256 3524 FLMckUsb (9c3f27af7760cf64c4220ca39a132d5a) C:\WINDOWS\system32\DRIVERS\ATTchWDF.sys
08:51:38.0256 3524 FLMckUsb - ok
08:51:38.0365 3524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:51:38.0365 3524 Flpydisk - ok
08:51:38.0443 3524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:51:38.0443 3524 FltMgr - ok
08:51:38.0630 3524 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:51:38.0630 3524 FontCache3.0.0.0 - ok
08:51:38.0708 3524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:51:38.0708 3524 Fs_Rec - ok
08:51:38.0739 3524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:51:38.0739 3524 Ftdisk - ok
08:51:38.0848 3524 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:51:38.0848 3524 GEARAspiWDM - ok
08:51:38.0942 3524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:51:38.0942 3524 Gpc - ok
08:51:39.0082 3524 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:51:39.0082 3524 gupdate - ok
08:51:39.0082 3524 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:51:39.0082 3524 gupdatem - ok
08:51:39.0222 3524 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:51:39.0222 3524 helpsvc - ok
08:51:39.0347 3524 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:51:39.0347 3524 HidServ - ok
08:51:39.0441 3524 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:51:39.0441 3524 hidusb - ok
08:51:39.0519 3524 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:51:39.0519 3524 hkmsvc - ok
08:51:39.0581 3524 hpn - ok
08:51:39.0674 3524 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:51:39.0674 3524 HTTP - ok
08:51:39.0737 3524 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:51:39.0737 3524 HTTPFilter - ok
08:51:39.0784 3524 i2omgmt - ok
08:51:39.0846 3524 i2omp - ok
08:51:39.0939 3524 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:51:39.0939 3524 i8042prt - ok
08:51:40.0033 3524 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:51:40.0033 3524 IDriverT - ok
08:51:40.0236 3524 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:51:40.0236 3524 idsvc - ok
08:51:40.0345 3524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:51:40.0345 3524 Imapi - ok
08:51:40.0423 3524 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:51:40.0423 3524 ImapiService - ok
08:51:40.0501 3524 ini910u - ok
08:51:40.0610 3524 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:51:40.0610 3524 IntelIde - ok
08:51:40.0688 3524 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:51:40.0688 3524 intelppm - ok
08:51:40.0734 3524 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:51:40.0734 3524 Ip6Fw - ok
08:51:40.0999 3524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:51:40.0999 3524 IpFilterDriver - ok
08:51:41.0077 3524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:51:41.0077 3524 IpInIp - ok
08:51:41.0124 3524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:51:41.0124 3524 IpNat - ok
08:51:41.0249 3524 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
08:51:41.0264 3524 iPod Service - ok
08:51:41.0373 3524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:51:41.0373 3524 IPSec - ok
08:51:41.0436 3524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:51:41.0436 3524 IRENUM - ok
08:51:41.0529 3524 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:51:41.0529 3524 isapnp - ok
08:51:41.0747 3524 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
08:51:41.0747 3524 JavaQuickStarterService - ok
08:51:41.0856 3524 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:51:41.0856 3524 Kbdclass - ok
08:51:41.0888 3524 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:51:41.0888 3524 kbdhid - ok
08:51:41.0950 3524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:51:41.0966 3524 kmixer - ok
08:51:42.0043 3524 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:51:42.0043 3524 KSecDD - ok
08:51:42.0106 3524 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:51:42.0121 3524 LanmanServer - ok
08:51:42.0184 3524 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:51:42.0199 3524 lanmanworkstation - ok
08:51:42.0262 3524 LBeepKE (be2dc24d403643a2d1d98f33c7087b38) C:\WINDOWS\system32\Drivers\LBeepKE.sys
08:51:42.0262 3524 LBeepKE - ok
08:51:42.0293 3524 lbrtfdc - ok
08:51:42.0449 3524 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
08:51:42.0449 3524 LBTServ - ok
08:51:42.0558 3524 LEqdUsb (717e6714bca808f2a372e636aff3d15a) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
08:51:42.0558 3524 LEqdUsb - ok
08:51:42.0620 3524 LHidEqd (2786f7b4003adff88ce28bc1800b5407) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
08:51:42.0620 3524 LHidEqd - ok
08:51:42.0682 3524 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
08:51:42.0682 3524 LHidFilt - ok
08:51:42.0979 3524 LiveUpdate (6293e44f4aa06f7fcda06f4b07cdc0c2) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
08:51:43.0010 3524 LiveUpdate - ok
08:51:43.0088 3524 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:51:43.0103 3524 LmHosts - ok
08:51:43.0228 3524 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
08:51:43.0228 3524 LMIGuardianSvc - ok
08:51:43.0368 3524 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
08:51:43.0368 3524 LMIInfo - ok
08:51:43.0399 3524 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe
08:51:43.0415 3524 LMIMaint - ok
08:51:43.0509 3524 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
08:51:43.0509 3524 lmimirr - ok
08:51:43.0540 3524 LMIRfsClientNP - ok
08:51:43.0633 3524 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
08:51:43.0633 3524 LMIRfsDriver - ok
08:51:43.0727 3524 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
08:51:43.0727 3524 LMouFilt - ok
08:51:43.0867 3524 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
08:51:43.0867 3524 LogMeIn - ok
08:51:43.0961 3524 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:51:43.0976 3524 Messenger - ok
08:51:44.0054 3524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:51:44.0054 3524 mnmdd - ok
08:51:44.0116 3524 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:51:44.0116 3524 mnmsrvc - ok
08:51:44.0194 3524 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:51:44.0194 3524 Modem - ok
08:51:44.0350 3524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:51:44.0366 3524 Mouclass - ok
08:51:44.0522 3524 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:51:44.0522 3524 mouhid - ok
08:51:44.0615 3524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:51:44.0615 3524 MountMgr - ok
08:51:44.0631 3524 mraid35x - ok
08:51:44.0724 3524 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:51:44.0740 3524 MRxDAV - ok
08:51:44.0849 3524 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:51:44.0864 3524 MRxSmb - ok
08:51:44.0942 3524 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:51:44.0942 3524 MSDTC - ok
08:51:45.0020 3524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:51:45.0020 3524 Msfs - ok
08:51:45.0052 3524 MSIServer - ok
08:51:45.0145 3524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:51:45.0145 3524 MSKSSRV - ok
08:51:45.0192 3524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:51:45.0192 3524 MSPCLOCK - ok
08:51:45.0270 3524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:51:45.0270 3524 MSPQM - ok
08:51:45.0519 3524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:51:45.0519 3524 mssmbios - ok
08:51:45.0581 3524 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:51:45.0581 3524 Mup - ok
08:51:45.0644 3524 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:51:45.0659 3524 napagent - ok
08:51:45.0784 3524 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120410.003\NAVENG.SYS
08:51:45.0784 3524 NAVENG - ok
08:51:45.0940 3524 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120410.003\NAVEX15.SYS
08:51:45.0955 3524 NAVEX15 - ok
08:51:46.0065 3524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:51:46.0065 3524 NDIS - ok
08:51:46.0158 3524 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:51:46.0158 3524 NdisTapi - ok
08:51:46.0330 3524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:51:46.0330 3524 Ndisuio - ok
08:51:46.0532 3524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:51:46.0548 3524 NdisWan - ok
08:51:46.0641 3524 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:51:46.0641 3524 NDProxy - ok
08:51:46.0704 3524 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
08:51:46.0704 3524 Net Driver HPZ12 - ok
08:51:46.0766 3524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:51:46.0766 3524 NetBIOS - ok
08:51:46.0813 3524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:51:46.0813 3524 NetBT - ok
08:51:46.0891 3524 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:51:46.0891 3524 NetDDE - ok
08:51:46.0906 3524 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:51:46.0906 3524 NetDDEdsdm - ok
08:51:46.0984 3524 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:51:46.0984 3524 Netlogon - ok
08:51:47.0093 3524 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:51:47.0093 3524 Netman - ok
08:51:47.0327 3524 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:51:47.0327 3524 NetTcpPortSharing - ok
08:51:47.0514 3524 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:51:47.0514 3524 Nla - ok
08:51:47.0623 3524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:51:47.0623 3524 Npfs - ok
08:51:47.0717 3524 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:51:47.0717 3524 Ntfs - ok
08:51:47.0810 3524 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:51:47.0810 3524 NtLmSsp - ok
08:51:47.0919 3524 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:51:47.0919 3524 NtmsSvc - ok
08:51:47.0997 3524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:51:47.0997 3524 Null - ok
08:51:48.0169 3524 nv (933a02052aed2da698811a14b7848faf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:51:48.0184 3524 nv - ok
08:51:48.0278 3524 NVSvc (87445455aef55e3ed41d25a803c545fe) C:\WINDOWS\system32\nvsvc32.exe
08:51:48.0278 3524 NVSvc - ok
08:51:48.0418 3524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:51:48.0418 3524 NwlnkFlt - ok
08:51:48.0465 3524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:51:48.0465 3524 NwlnkFwd - ok
08:51:48.0558 3524 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:51:48.0558 3524 ose - ok
08:51:48.0667 3524 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:51:48.0667 3524 Parport - ok
08:51:48.0761 3524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:51:48.0761 3524 PartMgr - ok
08:51:48.0839 3524 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:51:48.0839 3524 ParVdm - ok
08:51:48.0948 3524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:51:48.0964 3524 PCI - ok
08:51:48.0979 3524 PCIDump - ok
08:51:49.0057 3524 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
08:51:49.0057 3524 PCIIde - ok
08:51:49.0119 3524 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:51:49.0119 3524 Pcmcia - ok
08:51:49.0166 3524 PDCOMP - ok
08:51:49.0228 3524 PDFRAME - ok
08:51:49.0416 3524 PDRELI - ok
08:51:49.0447 3524 PDRFRAME - ok
08:51:49.0493 3524 perc2 - ok
08:51:49.0556 3524 perc2hib - ok
08:51:49.0680 3524 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:51:49.0680 3524 PlugPlay - ok
08:51:49.0758 3524 pmem (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\DRIVERS\pmemnt.sys
08:51:49.0758 3524 pmem - ok
08:51:49.0821 3524 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
08:51:49.0821 3524 Pml Driver HPZ12 - ok
08:51:49.0899 3524 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:51:49.0899 3524 PolicyAgent - ok
08:51:49.0945 3524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:51:49.0945 3524 PptpMiniport - ok
08:51:50.0164 3524 PricingPubDM_PRIMARY (be1b1be8ec1e32c5d0d30ed17c79eb5e) C:\Program Files\Eze Castle Software\EzePricing\PricingPublisherSvc.exe
08:51:50.0195 3524 PricingPubDM_PRIMARY - ok
08:51:50.0273 3524 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:51:50.0288 3524 ProtectedStorage - ok
08:51:50.0335 3524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:51:50.0335 3524 PSched - ok
08:51:50.0397 3524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:51:50.0397 3524 Ptilink - ok
08:51:50.0429 3524 ql1080 - ok
08:51:50.0475 3524 Ql10wnt - ok
08:51:50.0538 3524 ql12160 - ok
08:51:50.0584 3524 ql1240 - ok
08:51:50.0647 3524 ql1280 - ok
08:51:50.0709 3524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:51:50.0709 3524 RasAcd - ok
08:51:50.0787 3524 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:51:50.0787 3524 RasAuto - ok
08:51:50.0896 3524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:51:50.0896 3524 Rasl2tp - ok
08:51:50.0959 3524 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:51:50.0959 3524 RasMan - ok
08:51:51.0036 3524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:51:51.0036 3524 RasPppoe - ok
08:51:51.0083 3524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:51:51.0083 3524 Raspti - ok
08:51:51.0177 3524 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:51:51.0177 3524 Rdbss - ok
08:51:51.0286 3524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:51:51.0286 3524 RDPCDD - ok
08:51:51.0473 3524 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:51:51.0473 3524 rdpdr - ok
08:51:51.0551 3524 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:51:51.0566 3524 RDPWD - ok
08:51:51.0644 3524 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:51:51.0660 3524 RDSessMgr - ok
08:51:51.0753 3524 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:51:51.0753 3524 redbook - ok
08:51:51.0847 3524 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:51:51.0847 3524 RemoteAccess - ok
08:51:51.0925 3524 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:51:51.0925 3524 RemoteRegistry - ok
08:51:52.0003 3524 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:51:52.0003 3524 RpcLocator - ok
08:51:52.0174 3524 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
08:51:52.0174 3524 RpcSs - ok
08:51:52.0252 3524 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:51:52.0268 3524 RSVP - ok
08:51:52.0314 3524 rvd (c13de5c469048e9af5b0f971f93e4f50) C:\TIBCO\TIBRV\bin\rvntsctl.exe
08:51:52.0314 3524 rvd - ok
08:51:52.0424 3524 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:51:52.0439 3524 SamSs - ok
08:51:52.0486 3524 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:51:52.0501 3524 SCardSvr - ok
08:51:52.0579 3524 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:51:52.0579 3524 Schedule - ok
08:51:52.0657 3524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:51:52.0657 3524 Secdrv - ok
08:51:52.0735 3524 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:51:52.0735 3524 seclogon - ok
08:51:52.0782 3524 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:51:52.0782 3524 SENS - ok
08:51:52.0969 3524 SentrySvcDM_PRIMARY (4e7d5747c018b07c69f35bbaecd8b9cb) C:\Program Files\Eze Castle Software\Common\SentrySvc.exe
08:51:52.0985 3524 SentrySvcDM_PRIMARY - ok
08:51:53.0078 3524 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:51:53.0078 3524 serenum - ok
08:51:53.0109 3524 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:51:53.0109 3524 Serial - ok
08:51:53.0250 3524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:51:53.0250 3524 Sfloppy - ok
08:51:53.0530 3524 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:51:53.0530 3524 SharedAccess - ok
08:51:53.0624 3524 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:51:53.0624 3524 ShellHWDetection - ok
08:51:53.0967 3524 Simbad - ok
08:51:54.0839 3524 SmcService (d916a094dc3b5332cf53f50bde0d0fae) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
08:51:54.0855 3524 SmcService - ok
08:51:55.0104 3524 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
08:51:55.0104 3524 smwdm - ok
08:51:55.0229 3524 SNAC (d3b6133b0bf6620643e5f36de1f54ab6) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
08:51:55.0245 3524 SNAC - ok
08:51:55.0307 3524 Sparrow - ok
08:51:55.0447 3524 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
08:51:55.0447 3524 SPBBCDrv - ok
08:51:55.0556 3524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:51:55.0556 3524 splitter - ok
08:51:55.0665 3524 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:51:55.0665 3524 Spooler - ok
08:51:55.0759 3524 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:51:55.0759 3524 sr - ok
08:51:55.0806 3524 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:51:55.0806 3524 srservice - ok
08:51:55.0915 3524 SRTSP (522651a0e7dc6415e083317370b609cc) C:\WINDOWS\system32\Drivers\SRTSP.SYS
08:51:55.0930 3524 SRTSP - ok
08:51:56.0039 3524 SRTSPL (34e823b8d730099d032608fcccbc6a25) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
08:51:56.0039 3524 SRTSPL - ok
08:51:56.0133 3524 SRTSPX (469006e15f5b0fe8ae94184a18a81586) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
08:51:56.0133 3524 SRTSPX - ok
08:51:56.0211 3524 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:51:56.0226 3524 Srv - ok
08:51:56.0304 3524 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:51:56.0304 3524 SSDPSRV - ok
08:51:56.0538 3524 StaticPricePubService_PRIMARY (a7fe194b0da2cf0f33ae0015b9ec4963) C:\Program Files\Eze Castle Software\EzePricing\StaticPricingPublisherSvc.exe
08:51:56.0554 3524 StaticPricePubService_PRIMARY - ok
08:51:56.0647 3524 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:51:56.0663 3524 stisvc - ok
08:51:56.0741 3524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:51:56.0741 3524 swenum - ok
08:51:56.0834 3524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:51:56.0834 3524 swmidi - ok
08:51:56.0881 3524 SwPrv - ok
08:51:57.0115 3524 Symantec AntiVirus (dd10cb8aa990f89091bc267370fd0843) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
08:51:57.0130 3524 Symantec AntiVirus - ok
08:51:57.0193 3524 symc810 - ok
08:51:57.0224 3524 symc8xx - ok
08:51:57.0302 3524 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
08:51:57.0302 3524 SymEvent - ok
08:51:57.0380 3524 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
08:51:57.0380 3524 SYMREDRV - ok
08:51:57.0427 3524 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
08:51:57.0427 3524 SYMTDI - ok
08:51:57.0489 3524 sym_hi - ok
08:51:57.0551 3524 sym_u3 - ok
08:51:57.0645 3524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:51:57.0645 3524 sysaudio - ok
08:51:57.0723 3524 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:51:57.0723 3524 SysmonLog - ok
08:51:57.0785 3524 SysPlant (5383efa1351463f2f036a3e1b5f87d0c) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
08:51:57.0785 3524 SysPlant - ok
08:51:57.0847 3524 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:51:57.0863 3524 TapiSrv - ok
08:51:57.0956 3524 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:51:57.0956 3524 Tcpip - ok
08:51:58.0050 3524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:51:58.0050 3524 TDPIPE - ok
08:51:58.0097 3524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:51:58.0097 3524 TDTCP - ok
08:51:58.0175 3524 Teefer2 (0dc098cc18a974e7c1e96e6846bd06e4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
08:51:58.0175 3524 Teefer2 - ok
08:51:58.0206 3524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:51:58.0221 3524 TermDD - ok
08:51:58.0284 3524 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:51:58.0284 3524 TermService - ok
08:51:58.0393 3524 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:51:58.0393 3524 Themes - ok
08:51:58.0502 3524 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
08:51:58.0518 3524 TlntSvr - ok
08:51:58.0580 3524 TosIde - ok
08:51:58.0673 3524 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:51:58.0673 3524 TrkWks - ok
08:51:58.0751 3524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:51:58.0767 3524 Udfs - ok
08:51:58.0814 3524 ultra - ok
08:51:58.0907 3524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:51:58.0907 3524 Update - ok
08:51:59.0001 3524 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:51:59.0016 3524 upnphost - ok
08:51:59.0094 3524 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:51:59.0094 3524 UPS - ok
08:51:59.0172 3524 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:51:59.0172 3524 usbaudio - ok
08:51:59.0250 3524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:51:59.0250 3524 usbccgp - ok
08:51:59.0281 3524 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:51:59.0297 3524 usbehci - ok
08:51:59.0359 3524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:51:59.0375 3524 usbhub - ok
08:51:59.0422 3524 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:51:59.0422 3524 usbscan - ok
08:51:59.0515 3524 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:51:59.0515 3524 usbuhci - ok
08:51:59.0577 3524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:51:59.0577 3524 VgaSave - ok
08:51:59.0609 3524 ViaIde - ok
08:51:59.0686 3524 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:51:59.0702 3524 VolSnap - ok
08:51:59.0780 3524 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:51:59.0796 3524 VSS - ok
08:51:59.0874 3524 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:51:59.0874 3524 W32Time - ok
08:51:59.0936 3524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:51:59.0936 3524 Wanarp - ok
08:52:00.0045 3524 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
08:52:00.0061 3524 Wdf01000 - ok
08:52:00.0107 3524 WDICA - ok
08:52:00.0294 3524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:52:00.0294 3524 wdmaud - ok
08:52:00.0622 3524 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:52:00.0622 3524 WebClient - ok
08:52:00.0762 3524 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:52:00.0762 3524 winmgmt - ok
08:52:00.0887 3524 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
08:52:00.0902 3524 WinRM - ok
08:52:00.0996 3524 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:52:00.0996 3524 WmdmPmSN - ok
08:52:01.0089 3524 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:52:01.0089 3524 Wmi - ok
08:52:01.0214 3524 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:52:01.0214 3524 WmiApSrv - ok
08:52:01.0354 3524 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
08:52:01.0370 3524 WMPNetworkSvc - ok
08:52:01.0635 3524 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:52:01.0635 3524 WPFFontCache_v0400 - ok
08:52:01.0775 3524 WPS (28d229ba1182591e43aca9d58f539dce) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
08:52:01.0775 3524 WPS - ok
08:52:01.0822 3524 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
08:52:01.0822 3524 WpsHelper - ok
08:52:01.0915 3524 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:52:01.0915 3524 WS2IFSL - ok
08:52:02.0320 3524 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:52:02.0336 3524 wscsvc - ok
08:52:02.0585 3524 WSearch - ok
08:52:02.0757 3524 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:52:02.0757 3524 wuauserv - ok
08:52:02.0819 3524 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:52:02.0819 3524 WudfPf - ok
08:52:02.0897 3524 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:52:02.0897 3524 WudfRd - ok
08:52:02.0959 3524 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:52:02.0959 3524 WudfSvc - ok
08:52:03.0053 3524 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:52:03.0069 3524 WZCSVC - ok
08:52:03.0162 3524 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:52:03.0162 3524 xmlprov - ok
08:52:03.0193 3524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:52:03.0224 3524 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
08:52:03.0224 3524 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
08:52:03.0224 3524 Boot (0x1200) (5c51a98cc46aa8272c03e5d46408516c) \Device\Harddisk0\DR0\Partition0
08:52:03.0224 3524 \Device\Harddisk0\DR0\Partition0 - ok
08:52:03.0224 3524 ============================================================
08:52:03.0224 3524 Scan finished
08:52:03.0224 3524 ============================================================
08:52:03.0271 2140 Detected object count: 1
08:52:03.0271 2140 Actual detected object count: 1
08:52:13.0792 2140 \Device\Harddisk0\DR0\# - copied to quarantine
08:52:13.0807 2140 \Device\Harddisk0\DR0 - copied to quarantine
08:52:13.0869 2140 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
08:52:13.0885 2140 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
08:52:13.0885 2140 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
08:52:13.0901 2140 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
08:52:13.0901 2140 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
08:52:13.0916 2140 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
08:52:14.0384 2140 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
08:52:14.0399 2140 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
08:52:14.0415 2140 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
08:52:14.0462 2140 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
08:52:14.0477 2140 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
08:52:14.0508 2140 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:52:14.0524 2140 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:52:14.0540 2140 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
08:52:14.0540 2140 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
08:52:14.0555 2140 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
08:52:14.0555 2140 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
08:52:14.0586 2140 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
08:52:14.0618 2140 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
08:52:14.0711 2140 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
08:52:14.0727 2140 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
08:52:14.0820 2140 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
08:52:14.0883 2140 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
08:52:14.0914 2140 \Device\Harddisk0\DR0 - ok
08:52:15.0974 2140 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
08:52:24.0000 0632 Deinitialize success


aswMBR log.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-12 09:01:34
-----------------------------
09:01:34.771 OS Version: Windows 5.1.2600 Service Pack 3
09:01:34.771 Number of processors: 2 586 0x209
09:01:34.771 ComputerName: BOB-HP-WS UserName: BMeglio
09:01:45.514 Initialize success
09:03:31.585 AVAST engine defs: 12041200
09:03:42.919 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:03:42.919 Disk 0 Vendor: ST3160021A 3.06 Size: 152627MB BusType: 3
09:03:42.934 Disk 0 MBR read successfully
09:03:42.934 Disk 0 MBR scan
09:03:42.965 Disk 0 Windows XP default MBR code
09:03:42.965 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
09:03:42.981 Disk 0 scanning sectors +312560640
09:03:43.043 Disk 0 scanning C:\WINDOWS\system32\drivers
09:03:56.977 Service scanning
09:04:26.807 Modules scanning
09:04:37.161 Disk 0 trace - called modules:
09:04:37.192 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
09:04:37.192 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a1b8ab8]
09:04:37.192 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a1bab00]
09:04:37.721 AVAST engine scan C:\WINDOWS
09:04:45.630 AVAST engine scan C:\WINDOWS\system32
09:08:56.889 AVAST engine scan C:\WINDOWS\system32\drivers
09:09:16.036 AVAST engine scan C:\Documents and Settings\bmeglio
09:14:15.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bmeglio\My Documents\MBR.dat"
09:14:15.578 The log file has been saved successfully to "C:\Documents and Settings\bmeglio\My Documents\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:55 AM

Posted 12 April 2012 - 08:29 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
    O3 - HKU\S-1-5-21-205722615-2038190851-311576647-1025\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users