Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Happili" redirects with Google search using Firefox


  • This topic is locked This topic is locked
26 replies to this topic

#1 kg198

kg198

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 18 April 2012 - 10:48 AM

I get redirected to Happili at random times when using Google search and Firefox.

I ran MS security essentials which detected 3 trojans: JS/Medfos.A, Win32/Medfos.B, Java/OpenStream.AR
These 3 trojans were removed, system rebooted but I continue to get random and sporadic redirects to "happili" when doing
a Google search.

Thank you for your help.


.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by paul anthony at 11:26:03 on 2012-04-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1131 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
SVCHOST.EXE
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080229-1700\soffice.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Documents and Settings\paul anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [SODCPreLoad] c:\program files\ibm\lotus\symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080229-1700\preload.exe c:\progra~1\ibm\lotus\symphony\data\.sodc\
mRun: [LaunchApp] Alaunch
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PCMService] "c:\program files\arcade\PCMService.exe"
mRun: [LManager] c:\program files\launch manager\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260454730546
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 149.152.18.41 149.152.18.42
TCP: Interfaces\{1A23E4F7-F993-4D42-80CC-E2D58887BB17} : DhcpNameServer = 149.152.18.41 149.152.18.42
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\paul anthony\application data\mozilla\firefox\profiles\d1ntikji.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJPI141_02.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF
FF - Ext: Translate This!: {61C50B56-7E73-11E1-826D-B8AC6F996F26} - c:\documents and settings\paul anthony\local settings\application data\{61C50B56-7E73-11E1-826D-B8AC6F996F26}
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-7 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-7 337880]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-7 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-7 44768]
R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2011-9-1 1233848]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-17 40776]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [2008-4-22 196409]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S4 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-9-29 102463]
.
=============== Created Last 30 ================
.
2012-04-17 18:48:58 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{749356ac-c853-4a56-a9eb-6633d9cea627}\mpengine.dll
2012-04-17 18:45:11 -------- d-sh--w- C:\Recycled
2012-04-17 18:10:05 -------- d-----w- C:\ComboFix
2012-04-17 16:21:17 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-16 13:40:02 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-04-13 13:17:07 215920 ----a-w- c:\windows\system32\muweb.dll
2012-04-13 13:17:07 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-04-13 13:17:06 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-04-13 13:16:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-11 15:10:27 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-04-11 14:44:23 -------- d-----w- c:\program files\CCleaner
2012-04-11 13:04:17 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{f9f054f0-ec0a-4401-917c-e07c60fac9f3}\mpengine.dll
2012-04-10 22:17:04 98816 ----a-w- c:\windows\sed.exe
2012-04-10 22:17:04 518144 ----a-w- c:\windows\SWREG.exe
2012-04-10 22:17:04 256000 ----a-w- c:\windows\PEV.exe
2012-04-10 22:17:04 208896 ----a-w- c:\windows\MBR.exe
2012-04-04 16:30:06 -------- d-----w- c:\documents and settings\paul anthony\local settings\application data\{61C50B56-7E73-11E1-826D-B8AC6F996F26}
2012-04-03 23:33:48 -------- d-----w- C:\FOUND.005
.
==================== Find3M ====================
.
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15:20 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:52 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2006-12-29 16:29:28 13829648 ----a-w- c:\program files\Real Player.exe
2006-12-20 00:14:56 15001752 ----a-w- c:\program files\GoogleEarthWin.exe
.
============= FINISH: 11:29:07.70 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 18 April 2012 - 11:45 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kg198

kg198
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 19 April 2012 - 09:50 AM

When ran combofix, just before it started there was a warning that "AVG real time scanner was still running" even though I had just prior
downloaded and ran the AVG uninstaller. Here are the security check and combofix logs:


Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware Free Edition
Windows Defender
CCleaner
Java Web Start
Java 2 Runtime Environment, SE v1.4.1_02
Adobe Flash Player 10.3.181.14 Flash Player out of Date!
Mozilla Firefox (3.6.28) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Alwil Software Avast5 AvastSvc.exe
``````````End of Log````````````

===========================================================================

ComboFix 12-04-19.01 - paul anthony 04/19/2012 10:11:17.7.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1421 [GMT -4:00]
Running from: c:\documents and settings\paul anthony\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-19 14:07 . 2012-04-19 14:07 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82E636D6-688D-4849-8AD1-4291ADF1829D}\offreg.dll
2012-04-18 19:43 . 2012-03-13 23:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82E636D6-688D-4849-8AD1-4291ADF1829D}\mpengine.dll
2012-04-17 16:21 . 2012-04-17 16:26 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-16 13:40 . 2012-03-13 23:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-13 13:17 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-04-13 13:17 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-04-13 13:16 . 2012-04-13 13:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-11 15:10 . 2012-04-11 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-04-11 14:44 . 2012-04-11 14:44 -------- d-----w- c:\program files\CCleaner
2012-04-11 13:04 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{F9F054F0-EC0A-4401-917C-E07C60FAC9F3}\mpengine.dll
2012-04-04 16:30 . 2012-04-04 16:30 -------- d-----w- c:\documents and settings\paul anthony\Local Settings\Application Data\{61C50B56-7E73-11E1-826D-B8AC6F996F26}
2012-04-03 23:33 . 2012-04-03 23:33 -------- d-----w- C:\FOUND.005
2012-03-30 15:55 . 2012-03-30 15:55 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2009-03-05 14:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2010-07-07 18:35 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-07-07 18:35 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-03-07 13:45 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2010-07-07 18:35 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2010-07-07 18:35 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2010-07-07 18:35 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-07-07 18:35 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2010-07-07 18:35 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2010-07-07 18:35 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2010-07-07 18:35 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2004-08-04 09:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 09:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 09:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 09:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 09:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 09:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-23 14:18 . 2009-10-05 16:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-08 06:03 . 2009-03-05 14:43 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-03 09:22 . 2004-08-04 10:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2006-12-29 16:29 . 2006-12-29 16:28 13829648 ----a-w- c:\program files\Real Player.exe
2006-12-20 00:14 . 2006-12-20 00:15 15001752 ----a-w- c:\program files\GoogleEarthWin.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\MsPMSNSv.dll
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-09-22 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-09-22 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 09:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SODCPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080229-1700\preload.exe" [2008-05-16 40960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 88363]
"SiSPower"="SiSPower.dll" [2005-02-25 49152]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-10-12 315392]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 385024]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 437008]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 36864]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-09-01 540088]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-1-4 331776]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-9 113664]
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2010-11-17 114688]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IBM\\Lotus\\Symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200801251400\\jre\\bin\\expeditorw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Intel\\Createshare\\VideoPhone\\VP50.exe"=
"c:\\Program Files\\Intel\\Createshare\\iNetcam\\programs\\iws.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/7/2011 9:45 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/7/2010 2:35 PM 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/15/2009 4:17 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 4:17 PM 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/7/2010 2:35 PM 20696]
R2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [9/1/2011 8:22 AM 1233848]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 10:15 AM 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 10:15 AM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/17/2012 12:21 PM 40776]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 7408]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [4/22/2008 11:58 PM 196409]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - INT15.SYS
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-19 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-187330883-1255692340-1359413446-1005Core1cd090444d56aae.job
- c:\documents and settings\paul anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-27 13:47]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:14]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 149.152.18.41 149.152.18.42
FF - ProfilePath - c:\documents and settings\paul anthony\Application Data\Mozilla\Firefox\Profiles\d1ntikji.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Translate This!: {61C50B56-7E73-11E1-826D-B8AC6F996F26} - c:\documents and settings\paul anthony\Local Settings\Application Data\{61C50B56-7E73-11E1-826D-B8AC6F996F26}
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-19 10:19
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1256)
c:\windows\system32\WININET.dll
c:\program files\CyberLink\Shared Files\CLRCEngine.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-04-19 10:20:51
ComboFix-quarantined-files.txt 2012-04-19 14:20
ComboFix2.txt 2012-04-17 18:20
ComboFix3.txt 2012-04-10 22:27
ComboFix4.txt 2012-01-13 13:44
ComboFix5.txt 2012-04-19 14:10
.
Pre-Run: 6,831,964,160 bytes free
Post-Run: 6,945,046,528 bytes free
.
- - End Of File - - 10C032EC4A5B00085A945B91DF9BC6AD

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 19 April 2012 - 10:10 AM

Greetings

I would like to know which browsers are still redirecting after you run these tests - Check all that are installed

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kg198

kg198
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 20 April 2012 - 02:31 PM

Thank you for your response.

I have random re-directions via Google searches in Firefox and IE, but not in Opera browser.

Here is the tdss log and the aswMBR log (with one infection i saw):

14:51:10.0406 2212 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
14:51:10.0750 2212 ============================================================
14:51:10.0750 2212 Current date / time: 2012/04/20 14:51:10.0750
14:51:10.0750 2212 SystemInfo:
14:51:10.0750 2212
14:51:10.0750 2212 OS Version: 5.1.2600 ServicePack: 3.0
14:51:10.0750 2212 Product type: Workstation
14:51:10.0750 2212 ComputerName: ACER-2E68C49B20
14:51:10.0750 2212 UserName: paul anthony
14:51:10.0750 2212 Windows directory: C:\WINDOWS
14:51:10.0750 2212 System windows directory: C:\WINDOWS
14:51:10.0750 2212 Processor architecture: Intel x86
14:51:10.0750 2212 Number of processors: 1
14:51:10.0750 2212 Page size: 0x1000
14:51:10.0750 2212 Boot type: Normal boot
14:51:10.0750 2212 ============================================================
14:51:11.0093 2212 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:51:11.0093 2212 \Device\Harddisk0\DR0:
14:51:11.0093 2212 MBR partitions:
14:51:11.0093 2212 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x5DA3FE, BlocksNum 0x471E7A2
14:51:11.0093 2212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x4CF8BA0, BlocksNum 0x4815921
14:51:11.0109 2212 C: <-> \Device\Harddisk0\DR0\Partition0
14:51:11.0125 2212 D: <-> \Device\Harddisk0\DR0\Partition1
14:51:11.0125 2212 Initialize success
14:51:11.0125 2212 ============================================================
14:51:12.0625 1888 ============================================================
14:51:12.0625 1888 Scan started
14:51:12.0625 1888 Mode: Manual;
14:51:12.0625 1888 ============================================================
14:51:13.0953 1888 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
14:51:13.0953 1888 Aavmker4 - ok
14:51:17.0828 1888 Abiosdsk - ok
14:51:22.0609 1888 abp480n5 - ok
14:51:25.0625 1888 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:51:25.0640 1888 ACPI - ok
14:51:26.0718 1888 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:51:26.0718 1888 ACPIEC - ok
14:51:29.0812 1888 adpu160m - ok
14:51:30.0812 1888 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:51:30.0812 1888 aec - ok
14:51:33.0375 1888 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:51:33.0375 1888 AFD - ok
14:51:34.0656 1888 AgereSoftModem (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:51:34.0671 1888 AgereSoftModem - ok
14:51:37.0734 1888 Aha154x - ok
14:51:40.0796 1888 aic78u2 - ok
14:51:43.0875 1888 aic78xx - ok
14:51:46.0453 1888 ALCXWDM (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
14:51:46.0468 1888 ALCXWDM - ok
14:51:54.0656 1888 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:51:54.0671 1888 Alerter - ok
14:52:03.0281 1888 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:52:03.0281 1888 ALG - ok
14:52:06.0375 1888 AliIde - ok
14:52:08.0078 1888 AmdK8 (a2d5f093f9cb160c183c77015704f156) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:52:08.0078 1888 AmdK8 - ok
14:52:11.0187 1888 amsint - ok
14:52:11.0203 1888 anbmService - ok
14:52:32.0640 1888 AppMgmt - ok
14:52:35.0734 1888 asc - ok
14:52:38.0781 1888 asc3350p - ok
14:52:41.0953 1888 asc3550 - ok
14:52:44.0437 1888 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:52:44.0437 1888 aswFsBlk - ok
14:52:45.0328 1888 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
14:52:45.0328 1888 aswMon2 - ok
14:52:47.0781 1888 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
14:52:47.0781 1888 aswRdr - ok
14:52:50.0437 1888 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
14:52:50.0453 1888 aswSnx - ok
14:52:52.0953 1888 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
14:52:52.0953 1888 aswSP - ok
14:52:55.0234 1888 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
14:52:55.0234 1888 aswTdi - ok
14:52:55.0968 1888 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:52:55.0968 1888 AsyncMac - ok
14:52:56.0984 1888 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:52:56.0984 1888 atapi - ok
14:53:00.0031 1888 Atdisk - ok
14:53:00.0953 1888 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:53:00.0953 1888 Atmarpc - ok
14:53:21.0500 1888 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:53:21.0515 1888 AudioSrv - ok
14:53:23.0359 1888 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:53:23.0359 1888 audstub - ok
14:53:24.0328 1888 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
14:53:24.0328 1888 avast! Antivirus - ok
14:53:26.0390 1888 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:53:26.0390 1888 BCM43XX - ok
14:53:26.0734 1888 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:53:26.0734 1888 Beep - ok
14:53:39.0687 1888 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:53:39.0703 1888 BITS - ok
14:54:00.0468 1888 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:54:00.0515 1888 Browser - ok
14:54:01.0046 1888 catchme - ok
14:54:01.0453 1888 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:54:01.0453 1888 cbidf2k - ok
14:54:02.0453 1888 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:54:02.0453 1888 CCDECODE - ok
14:54:06.0609 1888 cd20xrnt - ok
14:54:06.0921 1888 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:54:06.0921 1888 Cdaudio - ok
14:54:08.0046 1888 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:54:08.0046 1888 Cdfs - ok
14:54:10.0578 1888 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:54:10.0593 1888 Cdrom - ok
14:54:15.0609 1888 Changer - ok
14:54:43.0140 1888 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:54:43.0156 1888 CiSvc - ok
14:55:07.0859 1888 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:55:07.0859 1888 ClipSrv - ok
14:55:08.0718 1888 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:55:08.0718 1888 CmBatt - ok
14:55:23.0687 1888 CmdIde - ok
14:55:29.0984 1888 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:55:29.0984 1888 Compbatt - ok
14:55:50.0578 1888 COMSysApp - ok
14:55:53.0375 1888 Cpqarray - ok
14:56:13.0093 1888 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:56:13.0109 1888 CryptSvc - ok
14:56:15.0296 1888 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
14:56:15.0296 1888 CVirtA - ok
14:56:18.0015 1888 dac2w2k - ok
14:56:20.0796 1888 dac960nt - ok
14:56:25.0531 1888 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:56:25.0531 1888 DcomLaunch - ok
14:56:27.0562 1888 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:56:27.0562 1888 Dhcp - ok
14:56:28.0375 1888 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:56:28.0375 1888 Disk - ok
14:56:30.0421 1888 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\Drivers\DKbFltr.sys
14:56:30.0421 1888 DKbFltr - ok
14:56:50.0062 1888 dmadmin - ok
14:56:51.0578 1888 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:56:51.0578 1888 dmboot - ok
14:56:52.0375 1888 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:56:52.0375 1888 dmio - ok
14:56:52.0609 1888 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:56:52.0609 1888 dmload - ok
14:57:00.0687 1888 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:57:00.0687 1888 dmserver - ok
14:57:02.0484 1888 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
14:57:02.0484 1888 DMusic - ok
14:57:16.0875 1888 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:57:16.0875 1888 Dnscache - ok
14:57:42.0218 1888 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:57:42.0234 1888 Dot3svc - ok
14:57:45.0718 1888 dpti2o - ok
14:57:47.0515 1888 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
14:57:47.0515 1888 drmkaud - ok
14:57:56.0718 1888 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:57:56.0734 1888 EapHost - ok
14:58:15.0000 1888 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:58:15.0015 1888 ERSvc - ok
14:58:20.0656 1888 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:58:20.0656 1888 Eventlog - ok
14:58:26.0609 1888 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:58:26.0625 1888 EventSystem - ok
14:58:27.0343 1888 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:58:27.0343 1888 Fastfat - ok
14:58:29.0203 1888 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:58:29.0218 1888 FastUserSwitchingCompatibility - ok
14:58:42.0500 1888 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
14:58:42.0515 1888 Fax - ok
14:58:42.0875 1888 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:58:42.0875 1888 Fdc - ok
14:58:43.0578 1888 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:58:43.0578 1888 Fips - ok
14:58:44.0140 1888 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:58:44.0140 1888 Flpydisk - ok
14:58:45.0437 1888 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:58:45.0437 1888 FltMgr - ok
14:58:45.0687 1888 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:58:45.0703 1888 Fs_Rec - ok
14:58:45.0921 1888 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:58:45.0921 1888 Ftdisk - ok
14:58:47.0187 1888 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
14:58:47.0187 1888 gagp30kx - ok
14:58:49.0937 1888 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:58:49.0937 1888 Gpc - ok
14:58:50.0765 1888 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:58:50.0765 1888 gupdate - ok
14:58:50.0812 1888 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:58:50.0812 1888 gupdatem - ok
14:58:51.0359 1888 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:58:51.0359 1888 helpsvc - ok
14:59:10.0359 1888 HidServ - ok
14:59:11.0062 1888 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:59:11.0062 1888 HidUsb - ok
14:59:25.0437 1888 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:59:25.0437 1888 hkmsvc - ok
14:59:28.0187 1888 hpn - ok
14:59:30.0296 1888 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:59:30.0312 1888 HTTP - ok
14:59:41.0250 1888 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:59:41.0265 1888 HTTPFilter - ok
14:59:44.0000 1888 i2omgmt - ok
14:59:46.0734 1888 i2omp - ok
14:59:48.0078 1888 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:59:48.0078 1888 i8042prt - ok
14:59:50.0281 1888 ICAM3NT5 (673962b31666f877c283a81392eab199) C:\WINDOWS\system32\Drivers\ICAM3D2.SYS
14:59:50.0296 1888 ICAM3NT5 - ok
14:59:50.0843 1888 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:59:50.0843 1888 Imapi - ok
15:00:07.0218 1888 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:00:07.0390 1888 ImapiService - ok
15:00:10.0171 1888 ini910u - ok
15:00:10.0203 1888 int15.sys - ok
15:00:12.0906 1888 IntelIde - ok
15:00:14.0156 1888 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:00:14.0218 1888 Ip6Fw - ok
15:00:14.0656 1888 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:00:14.0687 1888 IpFilterDriver - ok
15:00:15.0218 1888 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:00:15.0250 1888 IpInIp - ok
15:00:15.0593 1888 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:00:15.0656 1888 IpNat - ok
15:00:15.0921 1888 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:00:16.0000 1888 IPSec - ok
15:00:16.0203 1888 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:00:16.0234 1888 IRENUM - ok
15:00:18.0171 1888 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:00:18.0171 1888 isapnp - ok
15:00:20.0421 1888 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:00:20.0453 1888 Kbdclass - ok
15:00:23.0218 1888 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:00:23.0234 1888 kmixer - ok
15:00:25.0218 1888 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:00:25.0218 1888 KSecDD - ok
15:00:30.0718 1888 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:00:30.0750 1888 lanmanserver - ok
15:00:40.0796 1888 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:00:40.0843 1888 lanmanworkstation - ok
15:00:43.0593 1888 lbrtfdc - ok
15:00:49.0312 1888 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:00:49.0312 1888 LmHosts - ok
15:00:50.0187 1888 McAfeeFramework - ok
15:00:56.0203 1888 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:00:56.0234 1888 Messenger - ok
15:00:56.0875 1888 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:00:56.0890 1888 mnmdd - ok
15:01:03.0687 1888 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:01:03.0765 1888 mnmsrvc - ok
15:01:06.0515 1888 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:01:06.0546 1888 Modem - ok
15:01:07.0953 1888 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:01:07.0984 1888 Mouclass - ok
15:01:10.0140 1888 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:01:10.0140 1888 mouhid - ok
15:01:12.0859 1888 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:01:12.0859 1888 MountMgr - ok
15:01:15.0109 1888 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:01:15.0140 1888 MpFilter - ok
15:01:15.0734 1888 MpKslb6cd0bb6 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{971C6F9B-2627-44E5-B18E-2C8F759C0DA9}\MpKslb6cd0bb6.sys
15:01:15.0734 1888 MpKslb6cd0bb6 - ok
15:01:18.0500 1888 mraid35x - ok
15:01:21.0250 1888 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:01:21.0250 1888 MRxDAV - ok
15:01:23.0953 1888 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:01:24.0015 1888 MRxSmb - ok
15:01:37.0734 1888 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:01:37.0765 1888 MSDTC - ok
15:01:40.0437 1888 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:01:40.0437 1888 Msfs - ok
15:01:59.0375 1888 MSIServer - ok
15:02:02.0078 1888 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:02:02.0093 1888 MSKSSRV - ok
15:02:03.0031 1888 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
15:02:03.0031 1888 MsMpSvc - ok
15:02:05.0734 1888 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:02:05.0765 1888 MSPCLOCK - ok
15:02:08.0406 1888 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:02:08.0421 1888 MSPQM - ok
15:02:09.0671 1888 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:02:09.0687 1888 mssmbios - ok
15:02:12.0312 1888 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:02:12.0328 1888 MSTEE - ok
15:02:14.0234 1888 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:02:14.0234 1888 Mup - ok
15:02:16.0937 1888 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:02:16.0984 1888 NABTSFEC - ok
15:02:17.0843 1888 NACAgent (72dd381229bca8961e826ba73afe60bc) C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
15:02:18.0140 1888 NACAgent - ok
15:02:36.0640 1888 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:02:36.0812 1888 napagent - ok
15:02:39.0562 1888 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:02:39.0578 1888 NDIS - ok
15:02:42.0203 1888 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:02:42.0234 1888 NdisIP - ok
15:02:44.0156 1888 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:02:44.0187 1888 NdisTapi - ok
15:02:46.0812 1888 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:02:46.0843 1888 Ndisuio - ok
15:02:49.0484 1888 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:02:49.0593 1888 NdisWan - ok
15:02:51.0734 1888 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:02:51.0781 1888 NDProxy - ok
15:02:53.0812 1888 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:02:53.0812 1888 NetBIOS - ok
15:02:55.0921 1888 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:02:56.0015 1888 NetBT - ok
15:03:05.0515 1888 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:03:05.0640 1888 NetDDE - ok
15:03:05.0703 1888 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:03:05.0703 1888 NetDDEdsdm - ok
15:03:14.0656 1888 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:03:14.0656 1888 Netlogon - ok
15:03:24.0156 1888 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:03:24.0218 1888 Netman - ok
15:03:37.0375 1888 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:03:37.0421 1888 Nla - ok
15:03:38.0031 1888 nosGetPlusHelper (9865516d33bc66fddac9db4087d4b6aa) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
15:03:38.0578 1888 nosGetPlusHelper - ok
15:03:41.0265 1888 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:03:41.0265 1888 Npfs - ok
15:03:44.0109 1888 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:03:44.0296 1888 Ntfs - ok
15:03:46.0187 1888 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
15:03:46.0203 1888 NTIDrvr - ok
15:03:55.0140 1888 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:03:55.0140 1888 NtLmSsp - ok
15:04:12.0421 1888 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:04:12.0578 1888 NtmsSvc - ok
15:04:12.0937 1888 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:04:12.0953 1888 Null - ok
15:04:13.0390 1888 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:04:13.0406 1888 NwlnkFlt - ok
15:04:13.0843 1888 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:04:13.0875 1888 NwlnkFwd - ok
15:04:14.0828 1888 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:04:15.0078 1888 odserv - ok
15:04:16.0937 1888 osaio (b270a30ae97524e7edb5eca7b2afb846) C:\WINDOWS\system32\drivers\osaio.sys
15:04:16.0968 1888 osaio - ok
15:04:18.0578 1888 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
15:04:18.0593 1888 osanbm - ok
15:04:19.0125 1888 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:04:19.0218 1888 ose - ok
15:04:21.0859 1888 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:04:21.0921 1888 Parport - ok
15:04:24.0640 1888 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:04:24.0640 1888 PartMgr - ok
15:04:24.0968 1888 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:04:24.0984 1888 ParVdm - ok
15:04:27.0015 1888 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:04:27.0015 1888 PCI - ok
15:04:29.0734 1888 PCIDump - ok
15:04:30.0390 1888 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:04:30.0390 1888 PCIIde - ok
15:04:32.0453 1888 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:04:32.0453 1888 Pcmcia - ok
15:04:35.0203 1888 PDCOMP - ok
15:04:37.0921 1888 PDFRAME - ok
15:04:40.0640 1888 PDRELI - ok
15:04:43.0343 1888 PDRFRAME - ok
15:04:46.0093 1888 perc2 - ok
15:04:48.0796 1888 perc2hib - ok
15:04:50.0265 1888 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
15:04:50.0281 1888 pfc - ok
15:04:55.0937 1888 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:04:55.0937 1888 PlugPlay - ok
15:05:04.0828 1888 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:05:04.0843 1888 PolicyAgent - ok
15:05:07.0421 1888 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:05:07.0468 1888 PptpMiniport - ok
15:05:34.0468 1888 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:05:34.0468 1888 ProtectedStorage - ok
15:05:37.0156 1888 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:05:37.0218 1888 PSched - ok
15:05:37.0437 1888 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:05:37.0468 1888 Ptilink - ok
15:05:41.0046 1888 ql1080 - ok
15:05:43.0796 1888 Ql10wnt - ok
15:05:46.0531 1888 ql12160 - ok
15:05:49.0281 1888 ql1240 - ok
15:05:51.0984 1888 ql1280 - ok
15:05:52.0296 1888 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:05:52.0328 1888 RasAcd - ok
15:06:02.0734 1888 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:06:02.0796 1888 RasAuto - ok
15:06:05.0359 1888 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:06:05.0406 1888 Rasl2tp - ok
15:06:16.0421 1888 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:06:16.0468 1888 RasMan - ok
15:06:19.0203 1888 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:06:19.0250 1888 RasPppoe - ok
15:06:19.0500 1888 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:06:19.0515 1888 Raspti - ok
15:06:21.0687 1888 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:06:21.0687 1888 Rdbss - ok
15:06:22.0000 1888 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:06:22.0015 1888 RDPCDD - ok
15:06:23.0953 1888 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:06:24.0046 1888 RDPWD - ok
15:06:29.0937 1888 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:06:30.0062 1888 RDSessMgr - ok
15:06:32.0187 1888 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:06:32.0234 1888 redbook - ok
15:06:49.0953 1888 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:06:50.0015 1888 RemoteAccess - ok
15:07:00.0093 1888 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:07:00.0156 1888 RpcLocator - ok
15:07:04.0718 1888 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
15:07:04.0718 1888 RpcSs - ok
15:07:08.0875 1888 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:07:08.0953 1888 RSVP - ok
15:07:17.0968 1888 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:07:17.0968 1888 SamSs - ok
15:07:18.0843 1888 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:07:18.0937 1888 SASDIFSV - ok
15:07:19.0828 1888 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
15:07:19.0843 1888 SASENUM - ok
15:07:20.0625 1888 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
15:07:20.0671 1888 SASKUTIL - ok
15:07:36.0109 1888 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:07:36.0187 1888 SCardSvr - ok
15:07:43.0390 1888 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:07:43.0437 1888 Schedule - ok
15:07:45.0703 1888 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:07:45.0734 1888 Secdrv - ok
15:08:03.0687 1888 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:08:03.0703 1888 seclogon - ok
15:08:20.0671 1888 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:08:20.0687 1888 SENS - ok
15:08:23.0296 1888 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:08:23.0406 1888 Serial - ok
15:08:26.0031 1888 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:08:26.0046 1888 Sfloppy - ok
15:08:35.0093 1888 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:08:35.0171 1888 SharedAccess - ok
15:08:37.0031 1888 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:08:37.0031 1888 ShellHWDetection - ok
15:08:39.0781 1888 Simbad - ok
15:08:41.0656 1888 SiS315 (8b3cdb4b1453b3a2e6e7300aabe50d0e) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
15:08:41.0796 1888 SiS315 - ok
15:08:43.0218 1888 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
15:08:43.0218 1888 SISAGP - ok
15:08:45.0109 1888 SiSkp (87a5176a3762b1341619ce63152c1da9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
15:08:45.0140 1888 SiSkp - ok
15:08:46.0656 1888 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
15:08:46.0687 1888 SISNICXP - ok
15:08:47.0390 1888 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
15:08:47.0640 1888 SkypeUpdate - ok
15:08:50.0359 1888 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:08:50.0375 1888 SLIP - ok
15:08:52.0968 1888 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
15:08:53.0000 1888 SONYPVU1 - ok
15:08:55.0796 1888 Sparrow - ok
15:08:58.0218 1888 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:08:58.0250 1888 splitter - ok
15:09:07.0921 1888 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:09:07.0937 1888 Spooler - ok
15:09:10.0031 1888 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:09:10.0031 1888 sr - ok
15:09:22.0843 1888 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:09:23.0046 1888 srservice - ok
15:09:25.0687 1888 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:09:25.0968 1888 Srv - ok
15:09:38.0890 1888 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:09:38.0921 1888 SSDPSRV - ok
15:09:50.0906 1888 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:09:50.0984 1888 stisvc - ok
15:09:53.0515 1888 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:09:53.0531 1888 streamip - ok
15:09:55.0968 1888 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:09:55.0984 1888 swenum - ok
15:09:57.0859 1888 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
15:09:57.0906 1888 swmidi - ok
15:10:16.0937 1888 SwPrv - ok
15:10:19.0703 1888 symc810 - ok
15:10:22.0437 1888 symc8xx - ok
15:10:25.0171 1888 sym_hi - ok
15:10:27.0906 1888 sym_u3 - ok
15:10:29.0593 1888 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:10:29.0718 1888 SynTP - ok
15:10:31.0484 1888 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
15:10:31.0531 1888 sysaudio - ok
15:10:43.0828 1888 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:10:43.0921 1888 SysmonLog - ok
15:10:54.0656 1888 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:10:54.0734 1888 TapiSrv - ok
15:10:56.0765 1888 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:10:56.0906 1888 Tcpip - ok
15:10:59.0312 1888 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:10:59.0328 1888 TDPIPE - ok
15:11:01.0718 1888 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:11:01.0750 1888 TDTCP - ok
15:11:03.0828 1888 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:11:03.0890 1888 TermDD - ok
15:11:21.0671 1888 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:11:21.0765 1888 TermService - ok
15:11:23.0640 1888 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:11:23.0640 1888 Themes - ok
15:11:27.0015 1888 TosIde - ok
15:11:50.0296 1888 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:11:50.0328 1888 TrkWks - ok
15:11:52.0140 1888 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
15:11:52.0156 1888 UBHelper - ok
15:11:54.0593 1888 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:11:54.0640 1888 Udfs - ok
15:11:58.0218 1888 ultra - ok
15:11:59.0437 1888 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:11:59.0546 1888 Update - ok
15:12:10.0593 1888 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:12:10.0656 1888 upnphost - ok
15:12:29.0109 1888 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:12:29.0203 1888 UPS - ok
15:12:30.0671 1888 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:12:30.0703 1888 usbehci - ok
15:12:33.0125 1888 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:12:33.0187 1888 usbhub - ok
15:12:35.0671 1888 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:12:35.0703 1888 usbohci - ok
15:12:37.0937 1888 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:12:37.0968 1888 usbscan - ok
15:12:40.0312 1888 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:12:40.0343 1888 USBSTOR - ok
15:12:41.0359 1888 usnsvc (6efccef1a131caad05fa29e82809dfd7) C:\Program Files\MSN Messenger\usnsvc.dll
15:12:41.0453 1888 usnsvc - ok
15:12:43.0828 1888 V0060VID (b70abf0aeb47c1301a69b5d06b3079ca) C:\WINDOWS\system32\DRIVERS\V0060Vid.sys
15:12:43.0890 1888 V0060VID - ok
15:12:46.0015 1888 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:12:46.0046 1888 VgaSave - ok
15:12:48.0765 1888 ViaIde - ok
15:12:50.0703 1888 VNUSB (c48e230878ea1946f0c4026a9d8e9a61) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
15:12:50.0781 1888 VNUSB - ok
15:12:53.0125 1888 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:12:53.0125 1888 VolSnap - ok
15:13:12.0437 1888 vsdatant - ok
15:13:35.0171 1888 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:13:35.0609 1888 VSS - ok
15:13:41.0906 1888 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:13:41.0968 1888 W32Time - ok
15:13:45.0156 1888 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:13:45.0250 1888 Wanarp - ok
15:13:49.0140 1888 WDICA - ok
15:13:51.0625 1888 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:13:51.0703 1888 wdmaud - ok
15:14:02.0953 1888 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:14:02.0984 1888 WebClient - ok
15:14:03.0906 1888 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
15:14:03.0937 1888 WinDefend - ok
15:14:04.0968 1888 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:14:05.0000 1888 winmgmt - ok
15:14:20.0937 1888 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:14:21.0000 1888 WmdmPmSN - ok
15:14:22.0078 1888 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:14:22.0171 1888 WmiApSrv - ok
15:14:22.0812 1888 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:14:23.0390 1888 WMPNetworkSvc - ok
15:14:24.0031 1888 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:14:24.0078 1888 WS2IFSL - ok
15:14:35.0406 1888 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:14:35.0437 1888 wscsvc - ok
15:14:37.0765 1888 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:14:37.0796 1888 WSTCODEC - ok
15:14:57.0203 1888 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:14:57.0218 1888 wuauserv - ok
15:14:59.0531 1888 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:14:59.0593 1888 WudfPf - ok
15:15:01.0859 1888 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:15:01.0937 1888 WudfRd - ok
15:15:17.0750 1888 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:15:17.0796 1888 WudfSvc - ok
15:15:29.0125 1888 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:15:29.0250 1888 WZCSVC - ok
15:15:47.0625 1888 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:15:47.0703 1888 xmlprov - ok
15:15:47.0765 1888 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
15:15:51.0656 1888 \Device\Harddisk0\DR0 - ok
15:15:51.0687 1888 Boot (0x1200) (7ad7e2789989a3e2deb66df47049bdb7) \Device\Harddisk0\DR0\Partition0
15:15:51.0687 1888 \Device\Harddisk0\DR0\Partition0 - ok
15:15:51.0718 1888 Boot (0x1200) (dc4a2efdae0cf5c89c991d7f33ede924) \Device\Harddisk0\DR0\Partition1
15:15:51.0718 1888 \Device\Harddisk0\DR0\Partition1 - ok
15:15:51.0734 1888 ============================================================
15:15:51.0734 1888 Scan finished
15:15:51.0734 1888 ============================================================
15:15:51.0765 1876 Detected object count: 0
15:15:51.0765 1876 Actual detected object count: 0

======================================================================================================================================


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-20 15:18:23
-----------------------------
15:18:23.781 OS Version: Windows 5.1.2600 Service Pack 3
15:18:23.781 Number of processors: 1 586 0x2402
15:18:23.781 ComputerName: ACER-2E68C49B20 UserName: paul anthony
15:18:25.718 Initialize success
15:18:32.218 AVAST engine defs: 12042000
15:19:15.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:19:15.250 Disk 0 Vendor: HTS421280H9AT00 HA3OA70S Size: 76319MB BusType: 3
15:19:15.281 Disk 0 MBR read successfully
15:19:15.281 Disk 0 MBR scan
15:19:15.421 Disk 0 unknown MBR code
15:19:15.421 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 2996 MB offset 63
15:19:15.437 Disk 0 Partition 2 80 (A) 0C FAT32 LBA MSWIN4.1 36412 MB offset 6136830
15:19:15.453 Disk 0 Partition 3 00 0C FAT32 LBA MSWIN4.1 36907 MB offset 80710560
15:19:15.468 Disk 0 scanning sectors +156296385
15:19:15.515 Disk 0 PE file @ sector 156296385 !
15:19:15.546 Disk 0 scanning C:\WINDOWS\system32\drivers
15:19:45.968 Service scanning
15:20:02.609 Service int15.sys C:\Acer\Empowering Technology\eRecovery\int15.sys **INFECTED** Win32:Zeroot-B [Rtk]
15:20:05.718 Service MpKslb6cd0bb6 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{971C6F9B-2627-44E5-B18E-2C8F759C0DA9}\MpKslb6cd0bb6.sys **LOCKED** 32
15:20:23.421 Modules scanning
15:20:38.093 Disk 0 trace - called modules:
15:20:38.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
15:20:38.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a98fab8]
15:20:38.125 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8a99f210]
15:20:38.125 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a992940]
15:20:39.531 AVAST engine scan C:\WINDOWS
15:21:04.390 AVAST engine scan C:\WINDOWS\system32
15:25:48.921 AVAST engine scan C:\WINDOWS\system32\drivers
15:26:10.359 AVAST engine scan C:\Documents and Settings\paul anthony
15:27:07.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\paul anthony\Desktop\MBR.dat"
15:27:07.625 The log file has been saved successfully to "C:\Documents and Settings\paul anthony\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 20 April 2012 - 02:43 PM

Hello


Uninstall firefox and if asked about user data or settings remove that also

reinstall firefox and see if it redirects


go here and press the fixit button - http://support.microsoft.com/kb/923737


check if ie still redirects


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 23 April 2012 - 12:06 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 kg198

kg198
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 24 April 2012 - 08:05 AM

Yes, please give me a little more time. Thank you

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 24 April 2012 - 08:30 AM

No problem
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 kg198

kg198
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 26 April 2012 - 08:54 AM

Thank you for your help. For the past day i have not been redirected. Looks like you've solved the problem here.
Thank you again! Much apprecaited

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 26 April 2012 - 12:50 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\documents and settings\paul anthony\Application Data\Mozilla\Firefox\Profiles\d1ntikji.default\
FF - Ext: Translate This!: {61C50B56-7E73-11E1-826D-B8AC6F996F26} - c:\documents and settings\paul anthony\Local Settings\Application Data\{61C50B56-7E73-11E1-826D-B8AC6F996F26}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 kg198

kg198
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 27 April 2012 - 09:08 AM

I have not been redirected in a couple days; seems ok. Here is the log. Thank you

ComboFix 12-04-19.01 - paul anthony 04/27/2012 9:59.8.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1384 [GMT -4:00]
Running from: c:\documents and settings\paul anthony\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\paul anthony\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\paul anthony\Local Settings\Application Data\{61C50B56-7E73-11E1-826D-B8AC6F996F26}
c:\documents and settings\paul anthony\Local Settings\Application Data\{61C50B56-7E73-11E1-826D-B8AC6F996F26}\chrome.manifest
c:\documents and settings\paul anthony\Local Settings\Application Data\{61C50B56-7E73-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul
c:\documents and settings\paul anthony\Local Settings\Application Data\{61C50B56-7E73-11E1-826D-B8AC6F996F26}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-27 13:54 . 2012-04-27 13:54 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0FC1B54-EA58-4ADD-BEBD-0C84EA7FF62D}\offreg.dll
2012-04-27 13:54 . 2012-04-27 13:54 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0FC1B54-EA58-4ADD-BEBD-0C84EA7FF62D}\MpKsl949efc02.sys
2012-04-27 13:04 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0FC1B54-EA58-4ADD-BEBD-0C84EA7FF62D}\mpengine.dll
2012-04-23 23:19 . 2012-04-23 23:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-04-16 13:40 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-13 13:17 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-04-13 13:17 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-04-13 13:16 . 2012-04-13 13:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-11 15:10 . 2012-04-11 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-04-11 14:44 . 2012-04-11 14:44 -------- d-----w- c:\program files\CCleaner
2012-04-11 13:04 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{F9F054F0-EC0A-4401-917C-E07C60FAC9F3}\mpengine.dll
2012-04-03 23:33 . 2012-04-03 23:33 -------- d-----w- C:\FOUND.005
2012-03-30 15:55 . 2012-03-30 15:55 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2009-03-05 14:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2010-07-07 18:35 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-07-07 18:35 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-03-07 13:45 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2010-07-07 18:35 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2010-07-07 18:35 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2010-07-07 18:35 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-07-07 18:35 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2010-07-07 18:35 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2010-07-07 18:35 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2010-07-07 18:35 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2004-08-04 09:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 09:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 09:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 09:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 09:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 09:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-23 14:18 . 2009-10-05 16:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-08 06:03 . 2009-03-05 14:43 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-03 09:22 . 2004-08-04 10:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2006-12-29 16:29 . 2006-12-29 16:28 13829648 ----a-w- c:\program files\Real Player.exe
2006-12-20 00:14 . 2006-12-20 00:15 15001752 ----a-w- c:\program files\GoogleEarthWin.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\MsPMSNSv.dll
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-09-22 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-09-22 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 09:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SODCPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080229-1700\preload.exe" [2008-05-16 40960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 88363]
"SiSPower"="SiSPower.dll" [2005-02-25 49152]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-10-12 315392]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 385024]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 437008]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 36864]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-09-01 540088]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-1-4 331776]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-9 113664]
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2010-11-17 114688]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IBM\\Lotus\\Symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200801251400\\jre\\bin\\expeditorw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Intel\\Createshare\\VideoPhone\\VP50.exe"=
"c:\\Program Files\\Intel\\Createshare\\iNetcam\\programs\\iws.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/7/2011 9:45 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/7/2010 2:35 PM 337880]
R1 MpKsl949efc02;MpKsl949efc02;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0FC1B54-EA58-4ADD-BEBD-0C84EA7FF62D}\MpKsl949efc02.sys [4/27/2012 9:54 AM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/15/2009 4:17 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 4:17 PM 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/7/2010 2:35 PM 20696]
R2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [9/1/2011 8:22 AM 1233848]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 10:15 AM 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 10:15 AM 135664]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 7408]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [4/22/2008 11:58 PM 196409]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - INT15.SYS
*NewlyCreated* - MPKSL949EFC02
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-187330883-1255692340-1359413446-1005Core1cd090444d56aae.job
- c:\documents and settings\paul anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-27 13:47]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:14]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 149.152.18.41 149.152.18.42
FF - ProfilePath - c:\documents and settings\paul anthony\Application Data\Mozilla\Firefox\Profiles\d1ntikji.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-27 10:01
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2012-04-27 10:03:18
ComboFix-quarantined-files.txt 2012-04-27 14:03
ComboFix2.txt 2012-04-19 14:20
ComboFix3.txt 2012-04-17 18:20
ComboFix4.txt 2012-04-10 22:27
ComboFix5.txt 2012-04-27 13:57
.
Pre-Run: 6,780,682,240 bytes free
Post-Run: 6,811,648,000 bytes free
.
- - End Of File - - EBDC064A2407A20FD2E2BD125D390496

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 27 April 2012 - 12:20 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 7.0
Adobe Reader 7.0.9
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 30 April 2012 - 02:57 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kg198

kg198
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 30 April 2012 - 08:14 AM

Yes, I need some more time please. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users