Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Link getting redirected


  • This topic is locked This topic is locked
18 replies to this topic

#1 Digitalspidey

Digitalspidey

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 15 April 2012 - 09:54 PM

Now there is a problem in the other computer.
When I google, the search results show some sites, but when I click on it it gets redirected to some other site.
I ran quick scan of Microsoft Security essentials, It found a trojan and removed it.
I uninstalled Internet explorer and Google Chrome, which is what I had.
I downloaded Firefox and installed and ran MSE complete scan.
It didn't find any problems , but hangs at the end of the scan.
I am still getting redirected.
Please advise, and also let me know if should not be posting on this thread and start a new thread.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 AM

Posted 15 April 2012 - 10:01 PM

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Digitalspidey

Digitalspidey
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 15 April 2012 - 11:33 PM

Ran defogger - disabled successfully
Ran Securtiy-check , Output from Security Check - Checkup.txt below

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 13
Java™ SE Runtime Environment 6
Java™ SE Development Kit 6
Java version out of date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Ran DDS.SCR - Output from DDS.txt below

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Sreeram at 21:27:16 on 2012-04-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1390 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
D:\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\jre6\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Sreeram\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Sreeram\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\sreeram\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\880\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Update] rundll32.exe "c:\documents and settings\sreeram\application data\macromedia\macromedia\arroibs.dll",DllRegisterServer
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "d:\jre6\bin\jusched.exe"
mRun: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
dRun: [Update] rundll32.exe "c:\documents and settings\sreeram\application data\macromedia\macromedia\arroibs.dll",DllRegisterServer
StartupFolder: c:\docume~1\sreeram\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://ironman.paramount.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230224710359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sreeram\application data\mozilla\firefox\profiles\h7asqg2k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\sreeram\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: d:\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\jre6\bin\new_plugin\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl70132f46;MpKsl70132f46;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba89d100-34bd-4b8e-8a3a-8ccbf8f97137}\MpKsl70132f46.sys [2012-4-15 29904]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2012-3-3 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2012-3-3 451960]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-16 40552]
.
=============== Created Last 30 ================
.
2012-04-15 23:27:23 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba89d100-34bd-4b8e-8a3a-8ccbf8f97137}\offreg.dll
2012-04-15 23:27:23 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba89d100-34bd-4b8e-8a3a-8ccbf8f97137}\MpKsl70132f46.sys
2012-04-15 05:07:45 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba89d100-34bd-4b8e-8a3a-8ccbf8f97137}\mpengine.dll
2012-04-10 02:05:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-10 02:05:54 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2012-04-06 04:49:17 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2012-04-06 04:49:17 256 ----a-w- c:\windows\system32\MSIevent.bat
2012-04-06 04:46:04 -------- d-----w- c:\program files\Verizon
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
.
==================== Find3M ====================
.
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-07 18:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:27:34.29 ===============

#4 Digitalspidey

Digitalspidey
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 15 April 2012 - 11:35 PM

Ran DDS.scr - Output from attach.txt below
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/16/2008 11:36:06 AM
System Uptime: 4/15/2012 4:01:52 PM (5 hours ago)
.
Motherboard: Dell Inc. | | 0JC474
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 40 GiB total, 10.996 GiB free.
D: is FIXED (NTFS) - 40 GiB total, 39.48 GiB free.
E: is FIXED (NTFS) - 40 GiB total, 39.928 GiB free.
F: is FIXED (NTFS) - 29 GiB total, 28.921 GiB free.
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 5.0
Adobe AIR
Advanced Video FX Utility
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bamboo
Bamboo Dock
Bonjour
BufferChm
C4200
C4200_doccd
c4200_Help
Choice Guard
Conexant D850 56K V.9x DFVc Modem
Copy
Creative WebCam Instant Driver (1.03.02.0425)
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.8
Dell Resource CD
Destination Component
DeviceDiscovery
DeviceManagementQFolder
eSupportQFolder
Get Yahoo! Messenger
Google Gears
GoToMeeting 5.1.0.880
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HPProductAssistant
IHA_MessageCenter
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
iTunes
Java™ 6 Update 13
Java™ SE Development Kit 6
Java™ SE Runtime Environment 6
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Picasa 3
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
QuickTake Presenter
QuickTime
RealPlayer
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SightSpeed
SigmaTel Audio
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
Vz In Home Agent
WebFldrs XP
WebReg
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows PowerShell™ 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
4/14/2012 10:49:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
4/14/2012 10:49:51 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/14/2012 10:49:51 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/10/2012 6:54:46 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IHA_MessageCenter service to connect.
4/10/2012 6:54:46 AM, error: Service Control Manager [7000] - The IHA_MessageCenter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 AM

Posted 15 April 2012 - 11:46 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Digitalspidey

Digitalspidey
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 16 April 2012 - 11:52 PM

ComboFix gives a message saying that McAfee Anti-virus and Anti-spyware are running.
I checked they are not in the system tray, I also don't see them in the Add/Remove programs in the control panel.
Should I go ahead and run the the combofix?
It is in the warning screen now saying "The above real time scanners are still active, but combofix shall continue to run. Kindly note this is at your own risk "

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 AM

Posted 16 April 2012 - 11:54 PM

go ahead and run it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Digitalspidey

Digitalspidey
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 17 April 2012 - 12:23 AM

ComboFIX ran successfully , did not reboot , log file output below

ComboFix 12-04-16.02 - Sreeram 04/16/2012 22:13:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1548 [GMT -7:00]
Running from: c:\documents and settings\Sreeram\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Sreeram\Application Data\Macromedia\Macromedia\arroibs.dll
c:\documents and settings\Sreeram\g2mdlhlpx.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 05:12 . 2012-04-17 05:12 -------- d-----w- c:\windows\LastGood
2012-04-10 02:05 . 2011-12-19 08:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-10 02:05 . 2011-12-19 08:13 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2012-04-06 04:49 . 2012-04-06 04:49 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2012-04-06 04:49 . 2012-04-06 04:49 256 ----a-w- c:\windows\system32\MSIevent.bat
2012-04-06 04:46 . 2012-04-06 04:49 -------- d-----w- c:\program files\Verizon
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 14:10 . 2004-08-04 10:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 10:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2004-08-04 10:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-05-28 16:57 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-13 04:39 . 2012-04-15 23:19 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\880\g2mstart.exe" [2012-03-03 39816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-03 198160]
"SunJavaUpdateSched"="d:\jre6\bin\jusched.exe" [2009-03-09 148888]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
.
c:\documents and settings\Sreeram\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3306:TCP"= 3306:TCP:MySQL Server
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [12/12/2011 11:03 AM 290832]
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [3/3/2012 8:27 AM 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [3/3/2012 8:28 AM 451960]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-113007714-682003330-1003Core.job
- c:\documents and settings\Sreeram\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-16 23:29]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-113007714-682003330-1003UA.job
- c:\documents and settings\Sreeram\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-16 23:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://ironman.paramount.com/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\documents and settings\Sreeram\Application Data\Mozilla\Firefox\Profiles\h7asqg2k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Creative WebCam Tray - c:\program files\Creative\Shared Files\CamTray.exe
HKU-Default-Run-Update - c:\documents and settings\Sreeram\Application Data\Macromedia\Macromedia\arroibs.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-16 22:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-16 22:19:59
ComboFix-quarantined-files.txt 2012-04-17 05:19
.
Pre-Run: 12,138,299,392 bytes free
Post-Run: 12,556,783,616 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A47FF61227F014AFCB96A23959673818

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 AM

Posted 17 April 2012 - 12:40 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Digitalspidey

Digitalspidey
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 19 April 2012 - 07:53 AM

Both TDSS and ASWMBR Scans completed successfully, logs below.

05:46:33.0062 2100 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
05:46:33.0750 2100 ============================================================
05:46:33.0750 2100 Current date / time: 2012/04/19 05:46:33.0750
05:46:33.0750 2100 SystemInfo:
05:46:33.0750 2100
05:46:33.0750 2100 OS Version: 5.1.2600 ServicePack: 3.0
05:46:33.0750 2100 Product type: Workstation
05:46:33.0750 2100 ComputerName: ANCOMP
05:46:33.0750 2100 UserName: Sreeram
05:46:33.0750 2100 Windows directory: C:\WINDOWS
05:46:33.0750 2100 System windows directory: C:\WINDOWS
05:46:33.0750 2100 Processor architecture: Intel x86
05:46:33.0750 2100 Number of processors: 2
05:46:33.0750 2100 Page size: 0x1000
05:46:33.0750 2100 Boot type: Normal boot
05:46:33.0750 2100 ============================================================
05:46:36.0718 2100 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
05:46:37.0046 2100 Drive \Device\Harddisk5\DR13 - Size: 0x78800000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
05:46:37.0046 2100 \Device\Harddisk0\DR0:
05:46:37.0078 2100 MBR partitions:
05:46:37.0078 2100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x50014A7
05:46:37.0093 2100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5001525, BlocksNum 0x50014A7
05:46:37.0140 2100 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA002A0B, BlocksNum 0x50014A7
05:46:37.0187 2100 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xF003EF1, BlocksNum 0x39FD34A
05:46:37.0187 2100 \Device\Harddisk5\DR13:
05:46:37.0187 2100 MBR partitions:
05:46:37.0343 2100 D: <-> \Device\Harddisk0\DR0\Partition1
05:46:37.0468 2100 E: <-> \Device\Harddisk0\DR0\Partition2
05:46:37.0640 2100 F: <-> \Device\Harddisk0\DR0\Partition3
05:46:37.0734 2100 C: <-> \Device\Harddisk0\DR0\Partition0
05:46:37.0734 2100 Initialize success
05:46:37.0734 2100 ============================================================
05:47:10.0546 3996 ============================================================
05:47:10.0546 3996 Scan started
05:47:10.0546 3996 Mode: Manual;
05:47:10.0546 3996 ============================================================
05:47:11.0562 3996 Abiosdsk - ok
05:47:11.0656 3996 abp480n5 - ok
05:47:11.0703 3996 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:47:11.0718 3996 ACPI - ok
05:47:11.0750 3996 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
05:47:11.0750 3996 ACPIEC - ok
05:47:11.0765 3996 adpu160m - ok
05:47:11.0812 3996 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
05:47:11.0812 3996 aec - ok
05:47:11.0859 3996 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
05:47:11.0859 3996 AFD - ok
05:47:11.0875 3996 Aha154x - ok
05:47:11.0890 3996 aic78u2 - ok
05:47:11.0890 3996 aic78xx - ok
05:47:11.0937 3996 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
05:47:11.0937 3996 Alerter - ok
05:47:11.0968 3996 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
05:47:11.0968 3996 ALG - ok
05:47:12.0015 3996 AliIde - ok
05:47:12.0031 3996 amsint - ok
05:47:12.0140 3996 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
05:47:12.0140 3996 Apple Mobile Device - ok
05:47:12.0187 3996 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
05:47:12.0187 3996 AppMgmt - ok
05:47:12.0203 3996 asc - ok
05:47:12.0218 3996 asc3350p - ok
05:47:12.0234 3996 asc3550 - ok
05:47:12.0343 3996 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
05:47:12.0421 3996 aspnet_state - ok
05:47:12.0703 3996 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:47:12.0703 3996 AsyncMac - ok
05:47:12.0781 3996 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
05:47:12.0781 3996 atapi - ok
05:47:12.0812 3996 Atdisk - ok
05:47:12.0843 3996 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:47:12.0843 3996 Atmarpc - ok
05:47:12.0906 3996 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
05:47:12.0906 3996 AudioSrv - ok
05:47:12.0968 3996 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
05:47:12.0968 3996 audstub - ok
05:47:13.0015 3996 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
05:47:13.0015 3996 Beep - ok
05:47:13.0062 3996 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
05:47:13.0078 3996 BITS - ok
05:47:13.0265 3996 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
05:47:13.0281 3996 Bonjour Service - ok
05:47:13.0437 3996 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
05:47:13.0453 3996 Browser - ok
05:47:13.0578 3996 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
05:47:13.0593 3996 BrScnUsb - ok
05:47:13.0656 3996 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
05:47:13.0671 3996 BrSerIf - ok
05:47:13.0718 3996 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
05:47:13.0718 3996 BrUsbSer - ok
05:47:13.0859 3996 catchme - ok
05:47:13.0890 3996 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
05:47:13.0890 3996 cbidf2k - ok
05:47:13.0953 3996 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
05:47:13.0953 3996 CCDECODE - ok
05:47:13.0984 3996 cd20xrnt - ok
05:47:14.0218 3996 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
05:47:14.0218 3996 Cdaudio - ok
05:47:14.0328 3996 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
05:47:14.0328 3996 Cdfs - ok
05:47:14.0375 3996 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:47:14.0390 3996 Cdrom - ok
05:47:14.0453 3996 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
05:47:14.0453 3996 cercsr6 - ok
05:47:14.0484 3996 Changer - ok
05:47:14.0531 3996 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
05:47:14.0531 3996 CiSvc - ok
05:47:14.0593 3996 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
05:47:14.0593 3996 ClipSrv - ok
05:47:14.0734 3996 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:47:14.0906 3996 clr_optimization_v2.0.50727_32 - ok
05:47:15.0203 3996 CmdIde - ok
05:47:15.0265 3996 COMSysApp - ok
05:47:15.0296 3996 Cpqarray - ok
05:47:15.0359 3996 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
05:47:15.0359 3996 CryptSvc - ok
05:47:15.0406 3996 dac2w2k - ok
05:47:15.0453 3996 dac960nt - ok
05:47:15.0515 3996 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
05:47:15.0515 3996 DcomLaunch - ok
05:47:15.0578 3996 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
05:47:15.0578 3996 Dhcp - ok
05:47:15.0671 3996 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
05:47:15.0671 3996 Disk - ok
05:47:15.0718 3996 dmadmin - ok
05:47:15.0828 3996 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
05:47:16.0093 3996 dmboot - ok
05:47:16.0296 3996 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
05:47:16.0312 3996 dmio - ok
05:47:16.0375 3996 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
05:47:16.0390 3996 dmload - ok
05:47:16.0437 3996 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
05:47:16.0453 3996 dmserver - ok
05:47:16.0468 3996 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
05:47:16.0468 3996 DMusic - ok
05:47:16.0515 3996 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
05:47:16.0515 3996 Dnscache - ok
05:47:16.0562 3996 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
05:47:16.0578 3996 Dot3svc - ok
05:47:16.0609 3996 dpti2o - ok
05:47:16.0640 3996 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
05:47:16.0640 3996 drmkaud - ok
05:47:16.0703 3996 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
05:47:16.0718 3996 E100B - ok
05:47:16.0781 3996 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
05:47:16.0781 3996 EapHost - ok
05:47:16.0828 3996 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
05:47:16.0828 3996 ERSvc - ok
05:47:17.0000 3996 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
05:47:17.0000 3996 Eventlog - ok
05:47:17.0140 3996 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
05:47:17.0156 3996 EventSystem - ok
05:47:17.0281 3996 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
05:47:17.0281 3996 Fastfat - ok
05:47:17.0359 3996 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
05:47:17.0375 3996 FastUserSwitchingCompatibility - ok
05:47:17.0437 3996 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
05:47:17.0453 3996 Fdc - ok
05:47:17.0500 3996 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
05:47:17.0500 3996 Fips - ok
05:47:17.0546 3996 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
05:47:17.0546 3996 Flpydisk - ok
05:47:17.0593 3996 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
05:47:17.0625 3996 FltMgr - ok
05:47:17.0765 3996 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
05:47:17.0765 3996 FontCache3.0.0.0 - ok
05:47:17.0859 3996 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:47:17.0859 3996 Fs_Rec - ok
05:47:17.0953 3996 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:47:17.0953 3996 Ftdisk - ok
05:47:18.0015 3996 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
05:47:18.0015 3996 GEARAspiWDM - ok
05:47:18.0093 3996 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:47:18.0093 3996 Gpc - ok
05:47:18.0234 3996 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
05:47:18.0250 3996 gusvc - ok
05:47:18.0343 3996 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
05:47:18.0343 3996 HDAudBus - ok
05:47:18.0421 3996 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
05:47:18.0421 3996 helpsvc - ok
05:47:18.0500 3996 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
05:47:18.0500 3996 HidServ - ok
05:47:18.0609 3996 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:47:18.0625 3996 hidusb - ok
05:47:18.0781 3996 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
05:47:18.0812 3996 hkmsvc - ok
05:47:18.0906 3996 hpn - ok
05:47:19.0062 3996 hpqcxs08 (58d4765ab87347db835d5693adf652c1) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
05:47:19.0062 3996 hpqcxs08 - ok
05:47:19.0156 3996 hpqddsvc (99ed733f614660eb32199bf889dfb7e2) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
05:47:19.0171 3996 hpqddsvc - ok
05:47:19.0234 3996 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
05:47:19.0234 3996 HPZid412 - ok
05:47:19.0296 3996 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
05:47:19.0296 3996 HPZipr12 - ok
05:47:19.0359 3996 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
05:47:19.0359 3996 HPZius12 - ok
05:47:19.0453 3996 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
05:47:19.0453 3996 HSFHWBS2 - ok
05:47:19.0593 3996 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
05:47:19.0671 3996 HSF_DP - ok
05:47:19.0796 3996 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
05:47:19.0812 3996 HTTP - ok
05:47:19.0890 3996 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
05:47:19.0890 3996 HTTPFilter - ok
05:47:19.0906 3996 i2omgmt - ok
05:47:19.0921 3996 i2omp - ok
05:47:19.0968 3996 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
05:47:19.0968 3996 i8042prt - ok
05:47:20.0093 3996 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
05:47:20.0171 3996 ialm - ok
05:47:20.0468 3996 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
05:47:20.0562 3996 idsvc - ok
05:47:20.0734 3996 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
05:47:20.0734 3996 IHA_MessageCenter - ok
05:47:20.0875 3996 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
05:47:20.0875 3996 Imapi - ok
05:47:20.0921 3996 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
05:47:20.0953 3996 ImapiService - ok
05:47:20.0984 3996 ini910u - ok
05:47:21.0015 3996 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
05:47:21.0015 3996 IntelIde - ok
05:47:21.0093 3996 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:47:21.0093 3996 intelppm - ok
05:47:21.0156 3996 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
05:47:21.0156 3996 Ip6Fw - ok
05:47:21.0203 3996 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:47:21.0203 3996 IpFilterDriver - ok
05:47:21.0265 3996 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:47:21.0265 3996 IpInIp - ok
05:47:21.0296 3996 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:47:21.0296 3996 IpNat - ok
05:47:21.0406 3996 iPod Service (ca9d4b998bff311a539604ed87318fa0) C:\Program Files\iPod\bin\iPodService.exe
05:47:21.0546 3996 iPod Service - ok
05:47:21.0718 3996 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:47:21.0734 3996 IPSec - ok
05:47:21.0828 3996 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
05:47:21.0828 3996 IRENUM - ok
05:47:21.0875 3996 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:47:21.0890 3996 isapnp - ok
05:47:22.0109 3996 JavaQuickStarterService (890369aed0dde1a98f09f7dc239ca2bd) D:\jre6\bin\jqs.exe
05:47:22.0140 3996 JavaQuickStarterService - ok
05:47:22.0218 3996 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:47:22.0234 3996 Kbdclass - ok
05:47:22.0468 3996 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
05:47:22.0468 3996 kbdhid - ok
05:47:22.0625 3996 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
05:47:22.0625 3996 kmixer - ok
05:47:22.0703 3996 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
05:47:22.0718 3996 KSecDD - ok
05:47:22.0890 3996 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
05:47:22.0906 3996 lanmanserver - ok
05:47:23.0046 3996 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
05:47:23.0062 3996 lanmanworkstation - ok
05:47:23.0156 3996 lbrtfdc - ok
05:47:23.0250 3996 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
05:47:23.0265 3996 LmHosts - ok
05:47:23.0359 3996 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
05:47:23.0375 3996 mdmxsdk - ok
05:47:23.0578 3996 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
05:47:23.0593 3996 Messenger - ok
05:47:23.0734 3996 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
05:47:23.0750 3996 mferkdk - ok
05:47:23.0906 3996 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
05:47:23.0921 3996 mfesmfk - ok
05:47:24.0125 3996 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
05:47:24.0140 3996 Microsoft Office Groove Audit Service - ok
05:47:24.0312 3996 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
05:47:24.0343 3996 mnmdd - ok
05:47:24.0468 3996 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
05:47:24.0500 3996 mnmsrvc - ok
05:47:24.0656 3996 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
05:47:24.0671 3996 Modem - ok
05:47:24.0843 3996 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
05:47:24.0875 3996 MODEMCSA - ok
05:47:25.0031 3996 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:47:25.0062 3996 Mouclass - ok
05:47:25.0234 3996 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:47:25.0250 3996 mouhid - ok
05:47:25.0453 3996 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
05:47:25.0468 3996 MountMgr - ok
05:47:25.0625 3996 mraid35x - ok
05:47:25.0718 3996 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:47:25.0734 3996 MRxDAV - ok
05:47:25.0984 3996 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:47:26.0046 3996 MRxSmb - ok
05:47:26.0218 3996 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
05:47:26.0218 3996 MSDTC - ok
05:47:26.0453 3996 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
05:47:26.0468 3996 Msfs - ok
05:47:26.0562 3996 MSIServer - ok
05:47:26.0734 3996 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:47:26.0750 3996 MSKSSRV - ok
05:47:26.0921 3996 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:47:26.0937 3996 MSPCLOCK - ok
05:47:27.0046 3996 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
05:47:27.0078 3996 MSPQM - ok
05:47:27.0328 3996 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:47:27.0343 3996 mssmbios - ok
05:47:27.0515 3996 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
05:47:27.0531 3996 MSTEE - ok
05:47:27.0781 3996 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
05:47:27.0796 3996 Mup - ok
05:47:27.0953 3996 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
05:47:28.0000 3996 NABTSFEC - ok
05:47:28.0250 3996 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
05:47:28.0281 3996 napagent - ok
05:47:28.0546 3996 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
05:47:28.0578 3996 NDIS - ok
05:47:28.0671 3996 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
05:47:28.0671 3996 NdisIP - ok
05:47:28.0718 3996 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:47:28.0718 3996 NdisTapi - ok
05:47:28.0765 3996 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:47:28.0765 3996 Ndisuio - ok
05:47:28.0796 3996 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:47:28.0812 3996 NdisWan - ok
05:47:28.0890 3996 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
05:47:28.0890 3996 NDProxy - ok
05:47:29.0000 3996 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
05:47:29.0000 3996 Net Driver HPZ12 - ok
05:47:29.0156 3996 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
05:47:29.0171 3996 NetBIOS - ok
05:47:29.0406 3996 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
05:47:29.0421 3996 NetBT - ok
05:47:29.0593 3996 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
05:47:29.0609 3996 NetDDE - ok
05:47:29.0625 3996 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
05:47:29.0625 3996 NetDDEdsdm - ok
05:47:29.0812 3996 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:47:29.0812 3996 Netlogon - ok
05:47:30.0000 3996 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
05:47:30.0031 3996 Netman - ok
05:47:30.0187 3996 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:47:30.0218 3996 NetTcpPortSharing - ok
05:47:30.0515 3996 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
05:47:30.0515 3996 Nla - ok
05:47:30.0765 3996 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
05:47:30.0781 3996 Npfs - ok
05:47:31.0156 3996 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
05:47:31.0218 3996 Ntfs - ok
05:47:31.0484 3996 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:47:31.0500 3996 NtLmSsp - ok
05:47:31.0984 3996 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
05:47:32.0125 3996 NtmsSvc - ok
05:47:32.0562 3996 NuidFltr (e8717d9b0d1919cadafd8896a8e23e17) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
05:47:32.0562 3996 NuidFltr - ok
05:47:32.0968 3996 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
05:47:32.0984 3996 Null - ok
05:47:33.0328 3996 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:47:33.0359 3996 NwlnkFlt - ok
05:47:33.0781 3996 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:47:33.0796 3996 NwlnkFwd - ok
05:47:34.0062 3996 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
05:47:34.0296 3996 odserv - ok
05:47:34.0703 3996 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
05:47:34.0828 3996 ose - ok
05:47:35.0218 3996 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
05:47:35.0234 3996 Parport - ok
05:47:35.0671 3996 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
05:47:35.0687 3996 PartMgr - ok
05:47:36.0031 3996 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
05:47:36.0031 3996 ParVdm - ok
05:47:36.0390 3996 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
05:47:36.0437 3996 PCI - ok
05:47:36.0875 3996 PCIDump - ok
05:47:37.0234 3996 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
05:47:37.0234 3996 PCIIde - ok
05:47:37.0312 3996 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
05:47:37.0312 3996 Pcmcia - ok
05:47:37.0406 3996 PD0620VID (ea296b87ba381c640b441d95f90785f8) C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
05:47:37.0406 3996 PD0620VID - ok
05:47:37.0453 3996 PDCOMP - ok
05:47:37.0609 3996 PDFRAME - ok
05:47:37.0687 3996 PDRELI - ok
05:47:37.0718 3996 PDRFRAME - ok
05:47:37.0765 3996 perc2 - ok
05:47:37.0796 3996 perc2hib - ok
05:47:37.0906 3996 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
05:47:37.0906 3996 PlugPlay - ok
05:47:37.0953 3996 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
05:47:37.0953 3996 Pml Driver HPZ12 - ok
05:47:38.0000 3996 Point32 (cf7c1868b90c90a265fc3f60ce46265b) C:\WINDOWS\system32\DRIVERS\point32.sys
05:47:38.0000 3996 Point32 - ok
05:47:38.0046 3996 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:47:38.0046 3996 PolicyAgent - ok
05:47:38.0093 3996 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:47:38.0093 3996 PptpMiniport - ok
05:47:38.0109 3996 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:47:38.0109 3996 ProtectedStorage - ok
05:47:38.0156 3996 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
05:47:38.0171 3996 PSched - ok
05:47:38.0203 3996 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:47:38.0203 3996 Ptilink - ok
05:47:38.0218 3996 ql1080 - ok
05:47:38.0234 3996 Ql10wnt - ok
05:47:38.0250 3996 ql12160 - ok
05:47:38.0265 3996 ql1240 - ok
05:47:38.0281 3996 ql1280 - ok
05:47:38.0312 3996 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:47:38.0312 3996 RasAcd - ok
05:47:38.0359 3996 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
05:47:38.0359 3996 RasAuto - ok
05:47:38.0390 3996 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:47:38.0390 3996 Rasl2tp - ok
05:47:40.0812 3996 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
05:47:40.0828 3996 RasMan - ok
05:47:40.0890 3996 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:47:40.0890 3996 RasPppoe - ok
05:47:40.0937 3996 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
05:47:40.0937 3996 Raspti - ok
05:47:40.0953 3996 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:47:40.0968 3996 Rdbss - ok
05:47:41.0031 3996 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:47:41.0031 3996 RDPCDD - ok
05:47:41.0390 3996 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:47:41.0390 3996 rdpdr - ok
05:47:41.0453 3996 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
05:47:41.0453 3996 RDPWD - ok
05:47:41.0484 3996 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
05:47:41.0500 3996 RDSessMgr - ok
05:47:41.0531 3996 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
05:47:41.0531 3996 redbook - ok
05:47:41.0578 3996 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
05:47:41.0578 3996 RemoteAccess - ok
05:47:41.0609 3996 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
05:47:41.0625 3996 RemoteRegistry - ok
05:47:41.0656 3996 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
05:47:41.0656 3996 RpcLocator - ok
05:47:41.0703 3996 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
05:47:41.0703 3996 RpcSs - ok
05:47:41.0750 3996 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
05:47:41.0750 3996 RSVP - ok
05:47:41.0781 3996 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:47:41.0781 3996 SamSs - ok
05:47:41.0812 3996 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
05:47:41.0828 3996 SCardSvr - ok
05:47:41.0859 3996 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
05:47:41.0859 3996 Schedule - ok
05:47:41.0906 3996 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:47:41.0906 3996 Secdrv - ok
05:47:41.0937 3996 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
05:47:41.0937 3996 seclogon - ok
05:47:41.0984 3996 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
05:47:41.0984 3996 SENS - ok
05:47:42.0031 3996 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
05:47:42.0046 3996 Serial - ok
05:47:42.0125 3996 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
05:47:42.0125 3996 Sfloppy - ok
05:47:42.0218 3996 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
05:47:42.0234 3996 SharedAccess - ok
05:47:42.0296 3996 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
05:47:42.0296 3996 ShellHWDetection - ok
05:47:42.0312 3996 Simbad - ok
05:47:42.0328 3996 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
05:47:42.0328 3996 SLIP - ok
05:47:42.0343 3996 Sparrow - ok
05:47:42.0375 3996 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
05:47:42.0375 3996 splitter - ok
05:47:42.0421 3996 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
05:47:42.0421 3996 Spooler - ok
05:47:42.0437 3996 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
05:47:42.0437 3996 sr - ok
05:47:42.0484 3996 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
05:47:42.0500 3996 srservice - ok
05:47:42.0531 3996 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
05:47:42.0562 3996 Srv - ok
05:47:42.0609 3996 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
05:47:42.0609 3996 SSDPSRV - ok
05:47:42.0671 3996 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
05:47:42.0671 3996 STHDA - ok
05:47:42.0734 3996 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
05:47:42.0734 3996 stisvc - ok
05:47:42.0765 3996 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
05:47:42.0765 3996 streamip - ok
05:47:42.0781 3996 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
05:47:42.0781 3996 swenum - ok
05:47:42.0812 3996 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
05:47:42.0812 3996 swmidi - ok
05:47:42.0828 3996 SwPrv - ok
05:47:42.0953 3996 symc810 - ok
05:47:43.0093 3996 symc8xx - ok
05:47:43.0171 3996 sym_hi - ok
05:47:43.0218 3996 sym_u3 - ok
05:47:43.0296 3996 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
05:47:43.0328 3996 sysaudio - ok
05:47:43.0375 3996 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
05:47:43.0406 3996 SysmonLog - ok
05:47:43.0734 3996 TabletServicePen (1ff41723b6cf6ef0d2456691b75131bb) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
05:47:43.0875 3996 TabletServicePen - ok
05:47:43.0968 3996 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
05:47:43.0968 3996 TapiSrv - ok
05:47:44.0062 3996 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:47:44.0078 3996 Tcpip - ok
05:47:44.0125 3996 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
05:47:44.0125 3996 TDPIPE - ok
05:47:44.0156 3996 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
05:47:44.0156 3996 TDTCP - ok
05:47:44.0203 3996 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
05:47:44.0203 3996 TermDD - ok
05:47:44.0265 3996 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
05:47:44.0281 3996 TermService - ok
05:47:44.0328 3996 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
05:47:44.0328 3996 Themes - ok
05:47:44.0375 3996 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
05:47:44.0375 3996 TlntSvr - ok
05:47:44.0437 3996 TosIde - ok
05:47:44.0578 3996 TouchServicePen (c17ea46c3326a951dc3b8e883d661e0c) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
05:47:44.0593 3996 TouchServicePen - ok
05:47:44.0640 3996 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
05:47:44.0640 3996 TrkWks - ok
05:47:44.0671 3996 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
05:47:44.0671 3996 Udfs - ok
05:47:44.0703 3996 ultra - ok
05:47:44.0734 3996 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
05:47:44.0750 3996 Update - ok
05:47:44.0812 3996 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
05:47:44.0812 3996 upnphost - ok
05:47:44.0890 3996 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
05:47:44.0906 3996 UPS - ok
05:47:44.0968 3996 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
05:47:44.0968 3996 USBAAPL - ok
05:47:45.0000 3996 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:47:45.0000 3996 usbccgp - ok
05:47:45.0046 3996 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:47:45.0046 3996 usbehci - ok
05:47:45.0078 3996 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:47:45.0078 3996 usbhub - ok
05:47:45.0140 3996 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
05:47:45.0140 3996 usbprint - ok
05:47:45.0187 3996 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
05:47:45.0187 3996 usbscan - ok
05:47:45.0234 3996 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:47:45.0234 3996 USBSTOR - ok
05:47:45.0265 3996 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
05:47:45.0265 3996 usbuhci - ok
05:47:45.0281 3996 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
05:47:45.0281 3996 VgaSave - ok
05:47:45.0281 3996 ViaIde - ok
05:47:45.0312 3996 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
05:47:45.0328 3996 VolSnap - ok
05:47:45.0328 3996 vpnva - ok
05:47:45.0359 3996 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
05:47:45.0375 3996 VSS - ok
05:47:45.0406 3996 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
05:47:45.0421 3996 W32Time - ok
05:47:45.0453 3996 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
05:47:45.0453 3996 wacommousefilter - ok
05:47:45.0484 3996 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
05:47:45.0484 3996 wacomvhid - ok
05:47:45.0515 3996 WacomVKHid - ok
05:47:45.0531 3996 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:47:45.0531 3996 Wanarp - ok
05:47:45.0578 3996 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
05:47:45.0593 3996 Wdf01000 - ok
05:47:45.0593 3996 WDICA - ok
05:47:45.0703 3996 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
05:47:45.0703 3996 wdmaud - ok
05:47:45.0796 3996 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
05:47:45.0796 3996 WebClient - ok
05:47:45.0843 3996 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
05:47:45.0875 3996 winachsf - ok
05:47:45.0937 3996 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
05:47:45.0937 3996 winmgmt - ok
05:47:45.0984 3996 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
05:47:46.0000 3996 WmdmPmSN - ok
05:47:46.0156 3996 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
05:47:46.0218 3996 Wmi - ok
05:47:46.0281 3996 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
05:47:46.0296 3996 WmiApSrv - ok
05:47:46.0390 3996 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
05:47:46.0421 3996 WMPNetworkSvc - ok
05:47:46.0484 3996 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
05:47:46.0515 3996 WpdUsb - ok
05:47:46.0562 3996 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
05:47:46.0562 3996 WS2IFSL - ok
05:47:46.0593 3996 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
05:47:46.0593 3996 wscsvc - ok
05:47:46.0625 3996 WSearch - ok
05:47:46.0656 3996 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
05:47:46.0671 3996 WSTCODEC - ok
05:47:46.0703 3996 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
05:47:46.0703 3996 wuauserv - ok
05:47:46.0812 3996 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
05:47:46.0828 3996 WudfPf - ok
05:47:46.0875 3996 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
05:47:46.0875 3996 WudfRd - ok
05:47:46.0890 3996 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
05:47:46.0906 3996 WudfSvc - ok
05:47:47.0031 3996 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
05:47:47.0046 3996 WZCSVC - ok
05:47:47.0093 3996 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
05:47:47.0109 3996 xmlprov - ok
05:47:47.0140 3996 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
05:47:47.0343 3996 \Device\Harddisk0\DR0 - ok
05:47:47.0343 3996 MBR (0x1B8) (2101561ac068e7c4f3078c0d71f9b28b) \Device\Harddisk5\DR13
05:47:49.0406 3996 \Device\Harddisk5\DR13 - ok
05:47:49.0421 3996 Boot (0x1200) (2d729341f9cfd0ad247119d92e7f03ff) \Device\Harddisk0\DR0\Partition0
05:47:49.0437 3996 \Device\Harddisk0\DR0\Partition0 - ok
05:47:49.0468 3996 Boot (0x1200) (e6b7bc3829a755f5f44c04a3f90b2364) \Device\Harddisk0\DR0\Partition1
05:47:49.0484 3996 \Device\Harddisk0\DR0\Partition1 - ok
05:47:49.0515 3996 Boot (0x1200) (2ee00ae0ef11a9f796ed897c20b29434) \Device\Harddisk0\DR0\Partition2
05:47:49.0531 3996 \Device\Harddisk0\DR0\Partition2 - ok
05:47:49.0562 3996 Boot (0x1200) (d9103fc82b7ff33df5d8607691203a26) \Device\Harddisk0\DR0\Partition3
05:47:49.0593 3996 \Device\Harddisk0\DR0\Partition3 - ok
05:47:49.0593 3996 ============================================================
05:47:49.0593 3996 Scan finished
05:47:49.0593 3996 ============================================================
05:47:49.0609 3984 Detected object count: 0
05:47:49.0609 3984 Actual detected object count: 0
05:49:14.0296 2084 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 05:49:23
-----------------------------
05:49:23.156 OS Version: Windows 5.1.2600 Service Pack 3
05:49:23.156 Number of processors: 2 586 0x409
05:49:23.156 ComputerName: ANCOMP UserName:
05:49:23.531 Initialize success
05:49:34.796 AVAST engine download error: 0
05:49:56.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
05:49:56.937 Disk 0 Vendor: WDC_WD1600JS-75NCB3 10.02E04 Size: 152587MB BusType: 3
05:49:56.953 Disk 0 MBR read successfully
05:49:56.953 Disk 0 MBR scan
05:49:56.953 Disk 0 Windows XP default MBR code
05:49:56.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 40962 MB offset 63
05:49:56.953 Disk 0 Partition - 00 0F Extended LBA 111615 MB offset 83891430
05:49:56.968 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 40962 MB offset 83891493
05:49:56.968 Disk 0 Partition - 00 05 Extended 40962 MB offset 167782860
05:49:57.000 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40962 MB offset 167782923
05:49:57.000 Disk 0 Partition - 00 05 Extended 29690 MB offset 335565720
05:49:57.015 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29690 MB offset 251674353
05:49:57.015 Disk 0 scanning sectors +312480315
05:49:57.093 Disk 0 scanning C:\WINDOWS\system32\drivers
05:50:03.140 Service scanning
05:50:13.062 Modules scanning
05:50:16.843 Disk 0 trace - called modules:
05:50:16.843
05:50:16.843 Scan finished successfully
05:50:40.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sreeram\Desktop\MBR.dat"
05:50:40.578 The log file has been saved successfully to "C:\Documents and Settings\Sreeram\Desktop\aswMBR.txt"

#11 Digitalspidey

Digitalspidey
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 19 April 2012 - 08:15 AM

I don't get redirected now, but I get the error from Firefox
"Firefox has determined that the following add-ons are known to cause stability or security problems"
"Java™ Platform SE 6 U13 6.0.130.3"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 AM

Posted 19 April 2012 - 08:41 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 13
Java™ SE Development Kit 6
Java™ SE Runtime Environment 6
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Digitalspidey

Digitalspidey
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 20 April 2012 - 09:37 PM

MBAM Log
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.21.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Sreeram :: ANCOMP [administrator]

4/20/2012 7:29:06 PM
mbam-log-2012-04-20 (19-29-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190695
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 Digitalspidey

Digitalspidey
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 20 April 2012 - 09:40 PM

Report from Hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:39:50 PM, on 4/20/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\GoToMeeting\880\g2mstart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Citrix\GoToMeeting\880\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\880\g2mlauncher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files\Citrix\GoToMeeting\880\g2mstart.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://ironman.paramount.com/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230224710359
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe

--
End of file - 8555 bytes

#15 Digitalspidey

Digitalspidey
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 20 April 2012 - 09:43 PM

Computer seems to be doing fine, links are not getting redirected.
Also I use to get an error whenever I shut down waiting for "rundll32.exe" to stop and would not close. I had to force close it. This was before the cleanup process started. Now it is gone.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users