Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

happili.com redirect


  • This topic is locked This topic is locked
20 replies to this topic

#1 TSDDoc

TSDDoc

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 26 April 2012 - 06:35 PM

Hello and thanks for all the wonderful tutorials on this site.

I am having an occasional happili.com redirect when using Firefox 12.0 on my Windows XP Pro operating system. This occurs when I click on the results of a google search in Firefox and end up at the Happili.com website. The problem is occasional and occurs only the first time I click on the google link.

I have followed the steps in your "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help"

I tried to run GMER, but in the process, the system spontaneously rebooted?? I will run again and add the results of that log.

Here are the logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Run by Eric at 13:26:21 on 2012-04-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2001.100 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\AVAST Software\Avast Business\AvastNet.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast Business\avastUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intuit\QuickBooks 2008\QBW32.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\Cobian Backup 11\Cobian.exe
C:\Program Files\Cobian Backup 11\cbInterface.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Eric\Desktop\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast business\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast business\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [avast] "c:\program files\avast software\avast business\avastUI.exe" /nogui
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [uigfi] rundll32.exe "c:\docume~1\eric\locals~1\temp\uigfi.dll",GetMCCustomItemDataCount
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2008\QBW32.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/LTOCX14N.cab
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://server-dc-main/connectcomputer/nshelp.dll
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196348707468
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196348982515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC747132-616C-4F7C-8259-AF8F325A3318} - hxxp://hmiweb1/WPP/ActiveX/WebStudyList.ocx
DPF: {DB73726C-2C0B-48CD-889E-1F4A12255B47} - hxxp://hmiweb1/EMR/DXViewWebInterface.ocx
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://portal.yrmc.org/dana-cached/setup/JuniperSetupSP1.cab
TCP: DhcpNameServer = 10.10.1.254
TCP: Interfaces\{89600547-FFD8-49C5-8286-456208734826} : NameServer = 10.10.1.254
TCP: Interfaces\{89600547-FFD8-49C5-8286-456208734826} : DhcpNameServer = 10.10.1.254
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\eric\application data\mozilla\firefox\profiles\qhrbr5t3.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mg2.mail.yahoo.com/dc/launch?.rand=47uu65trnqilp|http://pandora.com/|http://mail.google.com/mail/#inbox
FF - component: c:\documents and settings\dr. nelson's user\application data\mozilla\firefox\profiles\6ml2i6ip.default\extensions\{7378b8c2-fc38-41b8-a8c9-875d1f5b0a24}\components\NativeComponent.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-8 59240]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-7 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-7 314584]
R1 NEOFLTR_550_12029;Juniper Networks TDI Filter Driver (NEOFLTR_550_12029);c:\windows\system32\drivers\NEOFLTR_550_12029.sys [2007-8-23 63008]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\32029\RapportCerberus32_32029.sys [2011-10-18 227312]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-8 169320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-7 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast business\AvastSvc.exe [2011-9-7 44768]
R2 avast! Net Client Service;avast! Net Client Service;c:\program files\avast software\avast business\AvastNet.exe [2011-9-7 189992]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\cobian backup 11\cbVSCService11.exe [2012-4-26 67584]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-1-31 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-4-5 47640]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-8 767208]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\ultidev\cassini web server for asp.net 2.0\UltiDevCassinWebServer2a.exe [2007-2-8 49152]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-11-29 2514944]
S0 jnehigx;jnehigx;c:\windows\system32\drivers\dcukp.sys --> c:\windows\system32\drivers\dcukp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253088]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-7 29744]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 129976]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys --> c:\windows\system32\drivers\radpms.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2007-7-27 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
.
=============== Created Last 30 ================
.
2012-04-26 20:06:17 -------- d-----w- c:\program files\Cobian Backup 11
2012-04-26 15:09:56 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-26 15:09:31 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-26 15:09:31 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-20 19:17:06 -------- d-----w- c:\program files\iPod
2012-04-20 19:16:44 -------- d-----w- c:\program files\iTunes
2012-04-20 19:12:08 -------- d-----w- c:\program files\Bonjour
2012-04-05 19:44:35 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-04-05 19:44:35 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-04-05 19:44:35 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-04-05 19:44:35 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-04-05 19:44:14 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-04-05 18:13:55 -------- d-----w- c:\documents and settings\eric\local settings\application data\{188379A3-7F4B-11E1-826D-B8AC6F996F26}
2012-04-04 16:15:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-17 16:12:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-15 18:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 18:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 18:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:29:29.51 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 26 April 2012 - 11:50 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 TSDDoc

TSDDoc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 27 April 2012 - 09:26 AM

Thank you. Could you please tell me what antivirus programs I am running? I thought I only used Avast.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 27 April 2012 - 12:07 PM

Sorry that was a copy and paste error I made - You only have one


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 TSDDoc

TSDDoc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 27 April 2012 - 06:26 PM

Logs:

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Business Protection
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 11
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java version out of date!
Adobe Flash Player 11.2.202.233
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast Business AvastSvc.exe
AVAST Software Avast Business AvastNet.exe
AVAST Software Avast Business avastUI.exe
``````````End of Log````````````


ComboFix 12-04-27.02 - Eric 04/27/2012 9:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2001.1127 [GMT -7:00]
Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Eric\LOCALS~1\Temp\uigfi.dll
c:\documents and settings\Dr. Nelson's User\g2mdlhlpx.exe
c:\documents and settings\Eric\Local Settings\Temp\uigfi.dll
c:\windows\EventSystem.log
c:\windows\system32\1.tmp
c:\windows\system32\PowerToyReadme.htm
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-26 23:54 . 2012-04-27 00:13 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Deployment
2012-04-26 20:06 . 2012-04-26 20:06 -------- d-----w- c:\program files\Cobian Backup 11
2012-04-26 15:09 . 2012-04-26 15:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-26 15:09 . 2012-04-26 15:09 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 15:09 . 2012-04-26 15:09 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-20 19:17 . 2012-04-20 19:17 -------- d-----w- c:\program files\iPod
2012-04-20 19:16 . 2012-04-20 19:17 -------- d-----w- c:\program files\iTunes
2012-04-20 19:13 . 2012-04-20 19:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-04-20 19:12 . 2012-04-20 19:12 -------- d-----w- c:\program files\Bonjour
2012-04-05 19:44 . 2012-02-01 04:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-04-05 19:44 . 2012-02-01 04:30 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-04-05 19:44 . 2012-02-01 04:30 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-04-05 19:44 . 2011-09-16 21:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-04-05 19:44 . 2012-02-01 04:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-04-05 18:13 . 2012-04-05 18:13 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\{188379A3-7F4B-11E1-826D-B8AC6F996F26}
2012-04-04 16:15 . 2012-04-17 16:12 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 16:12 . 2011-06-02 15:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:01 . 2007-07-27 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2007-07-27 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2007-07-27 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2007-07-27 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-15 18:01 . 2011-02-28 18:19 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 18:01 . 2011-02-28 18:19 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2007-07-27 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2008-01-05 00:05 . 2008-01-05 00:05 44360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-01-05 00:05 . 2008-01-05 00:05 107928 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2012-04-26 15:09 . 2011-10-07 17:48 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-08-22 21:42 . 2007-12-07 22:08 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-12-01 12:22 122512 ----a-w- c:\program files\AVAST Software\Avast Business\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-05-23 401408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-06 137752]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-10-13 2215768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"avast"="c:\program files\AVAST Software\Avast Business\avastUI.exe" [2011-12-01 3744552]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-01 296056]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\sunny\Start Menu\Programs\Startup\
mapping.bat [2008-5-9 27]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-9 5911896]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2008\QBW32.EXE [2011-11-9 1178984]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-01 04:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dr. Nelson's User^Start Menu^Programs^Startup^Mozilla Firefox.lnk]
path=c:\documents and settings\Dr. Nelson's User\Start Menu\Programs\Startup\Mozilla Firefox.lnk
backup=c:\windows\pss\Mozilla Firefox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 08:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-08-22 21:42 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 12:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2011-09-16 21:10 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Amazing Charts\\Amazing Backup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"25322:TCP"= 25322:TCP:avast! SBC
"25322:UDP"= 25322:UDP:avast! SBC
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/7/2011 11:52 AM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/7/2011 11:52 AM 314584]
R1 NEOFLTR_550_12029;Juniper Networks TDI Filter Driver (NEOFLTR_550_12029);c:\windows\system32\drivers\NEOFLTR_550_12029.sys [8/23/2007 4:02 PM 63008]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/7/2011 11:52 AM 20568]
R2 avast! Net Client Service;avast! Net Client Service;c:\program files\AVAST Software\Avast Business\AvastNet.exe [9/7/2011 11:51 AM 189992]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [4/26/2012 1:06 PM 67584]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1/31/2012 9:30 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 2:10 PM 12856]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [6/30/2011 1:25 PM 1248256]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2/8/2007 12:06 AM 49152]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [11/29/2007 7:58 AM 2514944]
S0 jnehigx;jnehigx;c:\windows\system32\drivers\dcukp.sys --> c:\windows\system32\drivers\dcukp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 9:15 AM 253088]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/7/2007 3:08 PM 29744]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 8:09 AM 129976]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys --> c:\windows\system32\DRIVERS\radpms.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/27/2007 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 11:56 AM 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 11:56 AM 367456]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:12]
.
2012-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
2012-03-19 c:\windows\Tasks\Eric R Nelson MD PC 1197136931.job
- c:\program files\Intuit\QuickBooks 2008\AutoBackupEXE.exe [2011-11-09 21:38]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188185223-3009797631-1173851212-1142Core.job
- c:\documents and settings\Dr. Nelson's User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-01 15:09]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188185223-3009797631-1173851212-1142UA.job
- c:\documents and settings\Dr. Nelson's User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-01 15:09]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1960408961-839522115-1014Core.job
- c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-27 00:13]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1960408961-839522115-1014UA.job
- c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-27 00:13]
.
2012-04-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4188185223-3009797631-1173851212-1142.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 23:14]
.
2012-04-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4188185223-3009797631-1173851212-1142.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 23:14]
.
2012-03-01 c:\windows\Tasks\SyncBack Eric-MyDocs.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-09-04 19:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.10.1.254
TCP: Interfaces\{89600547-FFD8-49C5-8286-456208734826}: NameServer = 10.10.1.254
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/LTOCX14N.cab
DPF: {CC747132-616C-4F7C-8259-AF8F325A3318} - hxxp://hmiweb1/WPP/ActiveX/WebStudyList.ocx
DPF: {DB73726C-2C0B-48CD-889E-1F4A12255B47} - hxxp://hmiweb1/EMR/DXViewWebInterface.ocx
FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\qhrbr5t3.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mg2.mail.yahoo.com/dc/launch?.rand=47uu65trnqilp|http://pandora.com/|http://mail.google.com/mail/#inbox
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-27 16:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(544)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast Business\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-04-27 16:22:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-27 23:22
.
Pre-Run: 27,663,118,336 bytes free
Post-Run: 28,261,519,360 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 18F909ACF22BAEDD48A964306E7B373E


I have not had a chance to test the computer yet. Will do some searched and update.

#6 TSDDoc

TSDDoc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 27 April 2012 - 06:49 PM

Okay, I did a bunch of searches and am still being re-directed on about one our of ten when I pick google's top recommendation, whether it is a google ad or not.

I am no longer being redirected to happili.com though, they were both different sites:

http://fasthealthy.tend.com

http://compare.us.com/search/security/

Both are re-directs.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 27 April 2012 - 08:38 PM

Greetings

I would like to know which browsers are redirecting you - check all that are installed


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 TSDDoc

TSDDoc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 28 April 2012 - 01:55 PM

I only use Firefox, so that is the only place I note re-directs.

Logs:

11:05:59.0750 0772 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
11:06:00.0296 0772 ============================================================
11:06:00.0296 0772 Current date / time: 2012/04/28 11:06:00.0296
11:06:00.0296 0772 SystemInfo:
11:06:00.0296 0772
11:06:00.0296 0772 OS Version: 5.1.2600 ServicePack: 3.0
11:06:00.0296 0772 Product type: Workstation
11:06:00.0296 0772 ComputerName: WS06
11:06:00.0296 0772 UserName: Eric
11:06:00.0296 0772 Windows directory: C:\WINDOWS
11:06:00.0296 0772 System windows directory: C:\WINDOWS
11:06:00.0296 0772 Processor architecture: Intel x86
11:06:00.0296 0772 Number of processors: 2
11:06:00.0296 0772 Page size: 0x1000
11:06:00.0296 0772 Boot type: Normal boot
11:06:00.0296 0772 ============================================================
11:06:02.0859 0772 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:06:02.0859 0772 ============================================================
11:06:02.0859 0772 \Device\Harddisk0\DR0:
11:06:02.0859 0772 MBR partitions:
11:06:02.0859 0772 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
11:06:02.0859 0772 ============================================================
11:06:02.0890 0772 C: <-> \Device\Harddisk0\DR0\Partition0
11:06:02.0906 0772 ============================================================
11:06:02.0906 0772 Initialize success
11:06:02.0906 0772 ============================================================
11:06:05.0109 4432 ============================================================
11:06:05.0109 4432 Scan started
11:06:05.0109 4432 Mode: Manual;
11:06:05.0109 4432 ============================================================
11:06:06.0406 4432 Aavmker4 (16106a0a1d338fd43672dc6824949a25) C:\WINDOWS\system32\drivers\Aavmker4.sys
11:06:06.0421 4432 Aavmker4 - ok
11:06:06.0421 4432 Abiosdsk - ok
11:06:06.0421 4432 abp480n5 - ok
11:06:06.0515 4432 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:06:06.0562 4432 ACPI - ok
11:06:06.0625 4432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:06:06.0625 4432 ACPIEC - ok
11:06:06.0781 4432 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:06:06.0843 4432 AdobeFlashPlayerUpdateSvc - ok
11:06:06.0859 4432 adpu160m - ok
11:06:06.0937 4432 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:06:06.0953 4432 aec - ok
11:06:07.0015 4432 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:06:07.0046 4432 AFD - ok
11:06:07.0046 4432 Aha154x - ok
11:06:07.0062 4432 aic78u2 - ok
11:06:07.0062 4432 aic78xx - ok
11:06:07.0093 4432 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:06:07.0093 4432 Alerter - ok
11:06:07.0125 4432 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:06:07.0125 4432 ALG - ok
11:06:07.0125 4432 AliIde - ok
11:06:07.0125 4432 amsint - ok
11:06:07.0390 4432 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:06:07.0406 4432 Apple Mobile Device - ok
11:06:07.0484 4432 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:06:07.0531 4432 AppMgmt - ok
11:06:07.0593 4432 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:06:07.0609 4432 Arp1394 - ok
11:06:07.0609 4432 asc - ok
11:06:07.0609 4432 asc3350p - ok
11:06:07.0609 4432 asc3550 - ok
11:06:08.0187 4432 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:06:08.0203 4432 aspnet_state - ok
11:06:08.0265 4432 aswFsBlk (9bd7fc828e474ac5bbb190a105d5ea04) C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:06:08.0265 4432 aswFsBlk - ok
11:06:08.0312 4432 aswMon2 (d7517621c673d7c66d73943e0051a803) C:\WINDOWS\system32\drivers\aswMon2.sys
11:06:08.0343 4432 aswMon2 - ok
11:06:08.0375 4432 aswRdr (eaadbaca2c3d7c27d22c96cb99cd1ad8) C:\WINDOWS\system32\drivers\aswRdr.sys
11:06:08.0375 4432 aswRdr - ok
11:06:08.0500 4432 aswSnx (405c5ef26fbe945d6bd5f5e6553c32bd) C:\WINDOWS\system32\drivers\aswSnx.sys
11:06:08.0609 4432 aswSnx - ok
11:06:08.0703 4432 aswSP (f959f333b760d6d6d85acff46517000c) C:\WINDOWS\system32\drivers\aswSP.sys
11:06:08.0796 4432 aswSP - ok
11:06:08.0828 4432 aswTdi (a5c57f7c159947ca2d00fe1bb80cfbf6) C:\WINDOWS\system32\drivers\aswTdi.sys
11:06:08.0843 4432 aswTdi - ok
11:06:08.0859 4432 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:06:08.0859 4432 AsyncMac - ok
11:06:08.0906 4432 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:06:08.0906 4432 atapi - ok
11:06:09.0062 4432 atchksrv (f98c190e0596b75158592eac55fc2466) C:\Program Files\Intel\AMT\atchksrv.exe
11:06:09.0109 4432 atchksrv - ok
11:06:09.0109 4432 Atdisk - ok
11:06:09.0156 4432 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:06:09.0171 4432 Atmarpc - ok
11:06:09.0218 4432 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:06:09.0218 4432 AudioSrv - ok
11:06:09.0250 4432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:06:09.0250 4432 audstub - ok
11:06:09.0328 4432 avast! Antivirus (6dd86d6d27b8fb69d5ad0bd5a42b3cb8) C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe
11:06:09.0328 4432 avast! Antivirus - ok
11:06:09.0390 4432 avast! Net Client Service (217bb12ee277242a20c97ec45f1e1283) C:\Program Files\AVAST Software\Avast Business\AvastNet.exe
11:06:09.0437 4432 avast! Net Client Service - ok
11:06:09.0484 4432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:06:09.0484 4432 Beep - ok
11:06:09.0625 4432 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:06:09.0750 4432 BITS - ok
11:06:09.0921 4432 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:06:10.0015 4432 Bonjour Service - ok
11:06:10.0078 4432 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:06:10.0093 4432 Browser - ok
11:06:10.0093 4432 catchme - ok
11:06:10.0171 4432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:06:10.0171 4432 cbidf2k - ok
11:06:10.0265 4432 cbVSCService11 (58bf7714a312698108a96d0de2bb6825) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
11:06:10.0281 4432 cbVSCService11 - ok
11:06:10.0390 4432 CCALib8 (20f89e232173985a455bc9a5f70d1166) C:\Program Files\Canon\CAL\CALMAIN.exe
11:06:10.0421 4432 CCALib8 - ok
11:06:10.0421 4432 cd20xrnt - ok
11:06:10.0453 4432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:06:10.0453 4432 Cdaudio - ok
11:06:10.0515 4432 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:06:10.0515 4432 Cdfs - ok
11:06:10.0531 4432 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:06:10.0546 4432 Cdrom - ok
11:06:10.0546 4432 Changer - ok
11:06:10.0578 4432 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:06:10.0578 4432 CiSvc - ok
11:06:10.0593 4432 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:06:10.0609 4432 ClipSrv - ok
11:06:10.0843 4432 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:06:10.0906 4432 clr_optimization_v2.0.50727_32 - ok
11:06:11.0281 4432 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:06:11.0359 4432 clr_optimization_v4.0.30319_32 - ok
11:06:11.0359 4432 CmdIde - ok
11:06:11.0359 4432 COMSysApp - ok
11:06:11.0359 4432 Cpqarray - ok
11:06:11.0406 4432 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:06:11.0421 4432 CryptSvc - ok
11:06:11.0421 4432 dac2w2k - ok
11:06:11.0421 4432 dac960nt - ok
11:06:11.0562 4432 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:06:11.0671 4432 DcomLaunch - ok
11:06:11.0734 4432 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:06:11.0781 4432 Dhcp - ok
11:06:11.0812 4432 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:06:11.0812 4432 Disk - ok
11:06:11.0812 4432 dmadmin - ok
11:06:12.0046 4432 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:06:12.0234 4432 dmboot - ok
11:06:12.0296 4432 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:06:12.0328 4432 dmio - ok
11:06:12.0359 4432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:06:12.0359 4432 dmload - ok
11:06:12.0406 4432 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:06:12.0406 4432 dmserver - ok
11:06:12.0437 4432 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:06:12.0453 4432 DMusic - ok
11:06:12.0484 4432 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:06:12.0484 4432 Dnscache - ok
11:06:12.0546 4432 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:06:12.0609 4432 Dot3svc - ok
11:06:12.0609 4432 dpti2o - ok
11:06:12.0640 4432 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:06:12.0640 4432 drmkaud - ok
11:06:12.0640 4432 dwshd - ok
11:06:12.0750 4432 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:06:12.0812 4432 e1express - ok
11:06:12.0859 4432 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:06:12.0859 4432 EapHost - ok
11:06:12.0906 4432 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:06:12.0906 4432 ERSvc - ok
11:06:12.0953 4432 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:06:12.0968 4432 Eventlog - ok
11:06:13.0062 4432 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:06:13.0125 4432 EventSystem - ok
11:06:13.0187 4432 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:06:13.0218 4432 Fastfat - ok
11:06:13.0281 4432 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:06:13.0296 4432 FastUserSwitchingCompatibility - ok
11:06:13.0328 4432 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:06:13.0328 4432 Fdc - ok
11:06:13.0359 4432 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:06:13.0375 4432 Fips - ok
11:06:13.0390 4432 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:06:13.0406 4432 Flpydisk - ok
11:06:13.0484 4432 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:06:13.0500 4432 FltMgr - ok
11:06:13.0734 4432 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:06:13.0750 4432 FontCache3.0.0.0 - ok
11:06:13.0796 4432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:06:13.0796 4432 Fs_Rec - ok
11:06:13.0828 4432 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:06:13.0843 4432 Ftdisk - ok
11:06:13.0890 4432 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
11:06:13.0890 4432 GEARAspiWDM - ok
11:06:14.0062 4432 GoogleDesktopManager-061008-081103 (6542dc2e93bce4d4289fa70a4d367dc2) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
11:06:14.0078 4432 GoogleDesktopManager-061008-081103 - ok
11:06:14.0125 4432 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:06:14.0125 4432 Gpc - ok
11:06:14.0203 4432 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:06:14.0234 4432 gusvc - ok
11:06:14.0281 4432 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:06:14.0328 4432 HDAudBus - ok
11:06:14.0375 4432 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys
11:06:14.0375 4432 HECI - ok
11:06:14.0484 4432 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:06:14.0484 4432 helpsvc - ok
11:06:14.0515 4432 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
11:06:14.0515 4432 HidServ - ok
11:06:14.0562 4432 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:06:14.0562 4432 hidusb - ok
11:06:14.0593 4432 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:06:14.0625 4432 hkmsvc - ok
11:06:14.0625 4432 hpn - ok
11:06:14.0703 4432 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:06:14.0781 4432 HTTP - ok
11:06:14.0812 4432 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:06:14.0812 4432 HTTPFilter - ok
11:06:14.0812 4432 i2omgmt - ok
11:06:14.0828 4432 i2omp - ok
11:06:14.0843 4432 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
11:06:14.0843 4432 i8042prt - ok
11:06:16.0468 4432 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:06:17.0796 4432 ialm - ok
11:06:17.0953 4432 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:06:17.0968 4432 IDriverT - ok
11:06:18.0843 4432 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:06:19.0093 4432 idsvc - ok
11:06:19.0421 4432 IISADMIN (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
11:06:19.0437 4432 IISADMIN - ok
11:06:19.0515 4432 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:06:19.0515 4432 Imapi - ok
11:06:19.0578 4432 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:06:19.0609 4432 ImapiService - ok
11:06:19.0625 4432 ini910u - ok
11:06:20.0828 4432 IntcAzAudAddService (b1a809e7fe19becd5aca61f0e7088c8c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:06:21.0921 4432 IntcAzAudAddService - ok
11:06:22.0609 4432 IntelIde - ok
11:06:22.0656 4432 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:06:22.0671 4432 intelppm - ok
11:06:22.0859 4432 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
11:06:22.0859 4432 IntuitUpdateService - ok
11:06:22.0937 4432 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
11:06:22.0937 4432 IntuitUpdateServiceV4 - ok
11:06:22.0968 4432 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:06:22.0968 4432 Ip6Fw - ok
11:06:23.0000 4432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:06:23.0000 4432 IpFilterDriver - ok
11:06:23.0046 4432 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:06:23.0046 4432 IpInIp - ok
11:06:23.0109 4432 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:06:23.0140 4432 IpNat - ok
11:06:23.0375 4432 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
11:06:23.0562 4432 iPod Service - ok
11:06:23.0609 4432 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:06:23.0609 4432 IPSec - ok
11:06:23.0640 4432 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:06:23.0640 4432 IRENUM - ok
11:06:23.0687 4432 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:06:23.0687 4432 isapnp - ok
11:06:23.0812 4432 JavaQuickStarterService (32192b4ebe8720ed8d49a455c962cb91) C:\Program Files\Java\jre6\bin\jqs.exe
11:06:23.0859 4432 JavaQuickStarterService - ok
11:06:23.0859 4432 jnehigx - ok
11:06:23.0890 4432 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:06:23.0890 4432 Kbdclass - ok
11:06:23.0906 4432 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:06:23.0906 4432 kbdhid - ok
11:06:24.0000 4432 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:06:24.0046 4432 kmixer - ok
11:06:24.0093 4432 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:06:24.0109 4432 KSecDD - ok
11:06:24.0156 4432 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:06:24.0171 4432 lanmanserver - ok
11:06:24.0234 4432 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:06:24.0265 4432 lanmanworkstation - ok
11:06:24.0265 4432 lbrtfdc - ok
11:06:24.0296 4432 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:06:24.0296 4432 LmHosts - ok
11:06:24.0546 4432 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
11:06:24.0640 4432 LMIGuardianSvc - ok
11:06:24.0671 4432 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
11:06:24.0687 4432 LMIInfo - ok
11:06:24.0734 4432 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe
11:06:24.0765 4432 LMIMaint - ok
11:06:24.0812 4432 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
11:06:24.0812 4432 lmimirr - ok
11:06:24.0812 4432 LMIRfsClientNP - ok
11:06:24.0859 4432 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
11:06:24.0875 4432 LMIRfsDriver - ok
11:06:24.0937 4432 LMS (37d3c351995f2bec0c6c35e73f8f11af) C:\Program Files\Intel\AMT\LMS.exe
11:06:24.0968 4432 LMS - ok
11:06:25.0109 4432 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
11:06:25.0218 4432 LogMeIn - ok
11:06:25.0218 4432 MEMSWEEP2 - ok
11:06:25.0250 4432 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:06:25.0265 4432 Messenger - ok
11:06:25.0312 4432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:06:25.0312 4432 mnmdd - ok
11:06:25.0484 4432 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:06:25.0484 4432 mnmsrvc - ok
11:06:25.0546 4432 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:06:25.0546 4432 Modem - ok
11:06:25.0562 4432 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:06:25.0562 4432 Mouclass - ok
11:06:25.0609 4432 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:06:25.0609 4432 mouhid - ok
11:06:25.0640 4432 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:06:25.0656 4432 MountMgr - ok
11:06:25.0703 4432 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:06:25.0734 4432 MozillaMaintenance - ok
11:06:25.0734 4432 mraid35x - ok
11:06:25.0796 4432 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:06:25.0828 4432 MRxDAV - ok
11:06:25.0984 4432 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:06:26.0078 4432 MRxSmb - ok
11:06:26.0093 4432 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:06:26.0093 4432 MSDTC - ok
11:06:26.0140 4432 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:06:26.0140 4432 Msfs - ok
11:06:26.0140 4432 MSIServer - ok
11:06:26.0171 4432 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:06:26.0171 4432 MSKSSRV - ok
11:06:26.0187 4432 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:06:26.0187 4432 MSPCLOCK - ok
11:06:26.0203 4432 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:06:26.0203 4432 MSPQM - ok
11:06:26.0234 4432 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:06:26.0234 4432 mssmbios - ok
11:06:26.0343 4432 MSSQL$SQLEXPRESS - ok
11:06:26.0437 4432 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
11:06:26.0453 4432 MSSQLServerADHelper100 - ok
11:06:26.0500 4432 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:06:26.0515 4432 Mup - ok
11:06:26.0625 4432 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:06:26.0718 4432 napagent - ok
11:06:26.0781 4432 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:06:26.0812 4432 NDIS - ok
11:06:26.0843 4432 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:06:26.0843 4432 NdisTapi - ok
11:06:26.0875 4432 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:06:26.0890 4432 Ndisuio - ok
11:06:26.0921 4432 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:06:26.0937 4432 NdisWan - ok
11:06:26.0968 4432 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:06:26.0968 4432 NDProxy - ok
11:06:27.0015 4432 NEOFLTR_550_12029 (548bc150c8d660365414375312598362) C:\WINDOWS\system32\Drivers\NEOFLTR_550_12029.SYS
11:06:27.0031 4432 NEOFLTR_550_12029 - ok
11:06:27.0078 4432 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:06:27.0078 4432 NetBIOS - ok
11:06:27.0140 4432 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:06:27.0187 4432 NetBT - ok
11:06:27.0250 4432 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:06:27.0281 4432 NetDDE - ok
11:06:27.0281 4432 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:06:27.0281 4432 NetDDEdsdm - ok
11:06:27.0312 4432 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:06:27.0312 4432 Netlogon - ok
11:06:27.0375 4432 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:06:27.0421 4432 Netman - ok
11:06:27.0906 4432 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:06:27.0984 4432 NetTcpPortSharing - ok
11:06:28.0015 4432 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:06:28.0015 4432 NIC1394 - ok
11:06:28.0109 4432 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:06:28.0171 4432 Nla - ok
11:06:28.0406 4432 NMIndexingService - ok
11:06:28.0453 4432 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:06:28.0453 4432 Npfs - ok
11:06:28.0609 4432 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:06:28.0750 4432 Ntfs - ok
11:06:28.0781 4432 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:06:28.0781 4432 NtLmSsp - ok
11:06:28.0906 4432 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:06:29.0015 4432 NtmsSvc - ok
11:06:29.0062 4432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:06:29.0062 4432 Null - ok
11:06:29.0125 4432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:06:29.0125 4432 NwlnkFlt - ok
11:06:29.0140 4432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:06:29.0140 4432 NwlnkFwd - ok
11:06:29.0390 4432 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:06:29.0500 4432 odserv - ok
11:06:29.0531 4432 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:06:29.0546 4432 ohci1394 - ok
11:06:29.0609 4432 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:06:29.0640 4432 ose - ok
11:06:29.0687 4432 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
11:06:29.0687 4432 PalmUSBD - ok
11:06:29.0718 4432 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:06:29.0734 4432 Parport - ok
11:06:29.0750 4432 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:06:29.0750 4432 PartMgr - ok
11:06:29.0812 4432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:06:29.0812 4432 ParVdm - ok
11:06:29.0843 4432 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:06:29.0843 4432 PCI - ok
11:06:29.0843 4432 PCIDump - ok
11:06:29.0906 4432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:06:29.0906 4432 PCIIde - ok
11:06:29.0953 4432 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:06:29.0968 4432 Pcmcia - ok
11:06:29.0968 4432 PDCOMP - ok
11:06:29.0968 4432 PDFRAME - ok
11:06:29.0968 4432 PDRELI - ok
11:06:29.0984 4432 PDRFRAME - ok
11:06:29.0984 4432 perc2 - ok
11:06:29.0984 4432 perc2hib - ok
11:06:30.0031 4432 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:06:30.0031 4432 PlugPlay - ok
11:06:30.0062 4432 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:06:30.0062 4432 PolicyAgent - ok
11:06:30.0093 4432 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:06:30.0093 4432 PptpMiniport - ok
11:06:30.0093 4432 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:06:30.0093 4432 ProtectedStorage - ok
11:06:30.0125 4432 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:06:30.0140 4432 PSched - ok
11:06:30.0187 4432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:06:30.0187 4432 Ptilink - ok
11:06:30.0234 4432 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:06:30.0234 4432 PxHelp20 - ok
11:06:30.0328 4432 QBCFMonitorService (91195091f449699b176fe1305dad40da) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
11:06:30.0343 4432 QBCFMonitorService - ok
11:06:30.0421 4432 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
11:06:30.0437 4432 QBFCService - ok
11:06:30.0921 4432 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
11:06:31.0265 4432 QBVSS - ok
11:06:31.0921 4432 ql1080 - ok
11:06:31.0937 4432 Ql10wnt - ok
11:06:31.0937 4432 ql12160 - ok
11:06:31.0937 4432 ql1240 - ok
11:06:31.0937 4432 ql1280 - ok
11:06:31.0937 4432 radpms - ok
11:06:32.0000 4432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:06:32.0000 4432 RasAcd - ok
11:06:32.0062 4432 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:06:32.0093 4432 RasAuto - ok
11:06:32.0109 4432 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:06:32.0125 4432 Rasl2tp - ok
11:06:32.0187 4432 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:06:32.0234 4432 RasMan - ok
11:06:32.0250 4432 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:06:32.0265 4432 RasPppoe - ok
11:06:32.0296 4432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:06:32.0296 4432 Raspti - ok
11:06:32.0359 4432 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:06:32.0390 4432 Rdbss - ok
11:06:32.0406 4432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:06:32.0406 4432 RDPCDD - ok
11:06:32.0484 4432 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:06:32.0515 4432 rdpdr - ok
11:06:32.0593 4432 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:06:32.0625 4432 RDPWD - ok
11:06:32.0687 4432 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:06:32.0734 4432 RDSessMgr - ok
11:06:32.0765 4432 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:06:32.0765 4432 redbook - ok
11:06:32.0796 4432 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:06:32.0812 4432 RemoteAccess - ok
11:06:32.0843 4432 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:06:32.0859 4432 RemoteRegistry - ok
11:06:32.0890 4432 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:06:32.0921 4432 RpcLocator - ok
11:06:33.0046 4432 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
11:06:33.0046 4432 RpcSs - ok
11:06:33.0140 4432 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys
11:06:33.0203 4432 RsFx0150 - ok
11:06:33.0281 4432 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:06:33.0312 4432 RSVP - ok
11:06:33.0359 4432 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:06:33.0359 4432 SamSs - ok
11:06:33.0390 4432 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:06:33.0421 4432 SCardSvr - ok
11:06:33.0500 4432 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:06:33.0562 4432 Schedule - ok
11:06:33.0609 4432 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:06:33.0609 4432 Secdrv - ok
11:06:33.0625 4432 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:06:33.0640 4432 seclogon - ok
11:06:33.0687 4432 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:06:33.0703 4432 SENS - ok
11:06:33.0765 4432 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
11:06:33.0781 4432 Sentinel - ok
11:06:33.0796 4432 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:06:33.0796 4432 serenum - ok
11:06:33.0828 4432 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:06:33.0828 4432 Serial - ok
11:06:33.0875 4432 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:06:33.0875 4432 Sfloppy - ok
11:06:34.0000 4432 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:06:34.0093 4432 SharedAccess - ok
11:06:34.0156 4432 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:06:34.0156 4432 ShellHWDetection - ok
11:06:34.0156 4432 Simbad - ok
11:06:34.0156 4432 Sparrow - ok
11:06:34.0187 4432 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:06:34.0187 4432 splitter - ok
11:06:34.0234 4432 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:06:34.0234 4432 Spooler - ok
11:06:34.0515 4432 SQLAgent$SQLEXPRESS (37761f6be2ebaed72cc0d43bd4c8c2a6) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
11:06:34.0625 4432 SQLAgent$SQLEXPRESS - ok
11:06:34.0812 4432 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:06:34.0875 4432 SQLBrowser - ok
11:06:34.0921 4432 SQLWriter (8e6e5cfa06769a417b03fd6faa29e010) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:06:34.0953 4432 SQLWriter - ok
11:06:35.0000 4432 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:06:35.0000 4432 sr - ok
11:06:35.0078 4432 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:06:35.0125 4432 srservice - ok
11:06:35.0265 4432 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:06:35.0343 4432 Srv - ok
11:06:35.0406 4432 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:06:35.0421 4432 SSDPSRV - ok
11:06:35.0531 4432 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:06:35.0625 4432 stisvc - ok
11:06:35.0640 4432 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:06:35.0640 4432 swenum - ok
11:06:35.0671 4432 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:06:35.0687 4432 swmidi - ok
11:06:35.0687 4432 SwPrv - ok
11:06:35.0687 4432 symc810 - ok
11:06:35.0687 4432 symc8xx - ok
11:06:35.0687 4432 sym_hi - ok
11:06:35.0703 4432 sym_u3 - ok
11:06:35.0734 4432 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:06:35.0734 4432 sysaudio - ok
11:06:35.0781 4432 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:06:35.0828 4432 SysmonLog - ok
11:06:35.0906 4432 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:06:35.0968 4432 TapiSrv - ok
11:06:36.0140 4432 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:06:36.0234 4432 Tcpip - ok
11:06:36.0265 4432 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:06:36.0265 4432 TDPIPE - ok
11:06:36.0281 4432 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:06:36.0281 4432 TDTCP - ok
11:06:36.0328 4432 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:06:36.0328 4432 TermDD - ok
11:06:36.0468 4432 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:06:36.0562 4432 TermService - ok
11:06:36.0625 4432 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:06:36.0625 4432 Themes - ok
11:06:36.0671 4432 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
11:06:36.0703 4432 TlntSvr - ok
11:06:36.0703 4432 TosIde - ok
11:06:36.0734 4432 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:06:36.0765 4432 TrkWks - ok
11:06:36.0812 4432 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:06:36.0812 4432 Udfs - ok
11:06:36.0953 4432 UltiDev Cassini Web Server for ASP.NET 2.0 (bee8c1f7838a1d69d5e5a36a3efbd722) C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
11:06:36.0968 4432 UltiDev Cassini Web Server for ASP.NET 2.0 - ok
11:06:36.0968 4432 ultra - ok
11:06:37.0718 4432 UNS (c82b4bf309113c4d71288f6d938dda6e) C:\Program Files\Intel\AMT\UNS.exe
11:06:38.0500 4432 UNS - ok
11:06:39.0796 4432 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:06:39.0875 4432 Update - ok
11:06:39.0953 4432 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:06:40.0031 4432 upnphost - ok
11:06:40.0406 4432 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:06:40.0437 4432 UPS - ok
11:06:40.0593 4432 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:06:40.0593 4432 USBAAPL - ok
11:06:40.0640 4432 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:06:40.0640 4432 usbccgp - ok
11:06:40.0687 4432 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:06:40.0687 4432 usbehci - ok
11:06:40.0718 4432 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:06:40.0718 4432 usbhub - ok
11:06:40.0734 4432 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:06:40.0734 4432 usbscan - ok
11:06:40.0765 4432 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:06:40.0765 4432 USBSTOR - ok
11:06:40.0812 4432 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:06:40.0812 4432 usbuhci - ok
11:06:40.0828 4432 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:06:40.0828 4432 VgaSave - ok
11:06:40.0828 4432 ViaIde - ok
11:06:40.0875 4432 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:06:40.0875 4432 VolSnap - ok
11:06:40.0968 4432 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:06:41.0062 4432 VSS - ok
11:06:41.0109 4432 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:06:41.0156 4432 W32Time - ok
11:06:41.0234 4432 W3SVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
11:06:41.0234 4432 W3SVC - ok
11:06:41.0265 4432 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:06:41.0265 4432 Wanarp - ok
11:06:41.0265 4432 WDICA - ok
11:06:41.0312 4432 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:06:41.0312 4432 wdmaud - ok
11:06:41.0359 4432 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:06:41.0375 4432 WebClient - ok
11:06:41.0500 4432 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:06:41.0546 4432 winmgmt - ok
11:06:41.0843 4432 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
11:06:42.0171 4432 WinRM - ok
11:06:42.0265 4432 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:06:42.0265 4432 WmdmPmSN - ok
11:06:42.0703 4432 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
11:06:42.0875 4432 Wmi - ok
11:06:43.0312 4432 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:06:43.0390 4432 WmiApSrv - ok
11:06:43.0921 4432 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:06:44.0140 4432 WMPNetworkSvc - ok
11:06:44.0859 4432 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:06:45.0468 4432 WPFFontCache_v0400 - ok
11:06:45.0890 4432 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:06:45.0890 4432 WS2IFSL - ok
11:06:45.0937 4432 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:06:45.0953 4432 wscsvc - ok
11:06:45.0953 4432 WSearch - ok
11:06:45.0984 4432 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:06:45.0984 4432 wuauserv - ok
11:06:46.0031 4432 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:06:46.0031 4432 WudfPf - ok
11:06:46.0046 4432 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:06:46.0062 4432 WudfRd - ok
11:06:46.0093 4432 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:06:46.0109 4432 WudfSvc - ok
11:06:46.0500 4432 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:06:46.0734 4432 WZCSVC - ok
11:06:46.0843 4432 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:06:46.0906 4432 xmlprov - ok
11:06:46.0953 4432 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:06:47.0687 4432 \Device\Harddisk0\DR0 - ok
11:06:47.0718 4432 Boot (0x1200) (e636f043a2d9e505a4bd1c61ed09bf2b) \Device\Harddisk0\DR0\Partition0
11:06:47.0734 4432 \Device\Harddisk0\DR0\Partition0 - ok
11:06:47.0734 4432 ============================================================
11:06:47.0734 4432 Scan finished
11:06:47.0734 4432 ============================================================
11:06:47.0734 0612 Detected object count: 0
11:06:47.0734 0612 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-28 11:07:38
-----------------------------
11:07:38.984 OS Version: Windows 5.1.2600 Service Pack 3
11:07:38.984 Number of processors: 2 586 0xF0B
11:07:38.984 ComputerName: WS06 UserName: Eric
11:07:42.296 Initialize success
11:07:42.359 AVAST engine defs: 12042801
11:07:50.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-14
11:07:50.671 Disk 0 Vendor: ST3160815AS 3.AAD Size: 152627MB BusType: 3
11:07:50.687 Disk 0 MBR read successfully
11:07:50.687 Disk 0 MBR scan
11:07:50.687 Disk 0 Windows XP default MBR code
11:07:50.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
11:07:50.703 Disk 0 scanning sectors +312560640
11:07:50.796 Disk 0 scanning C:\WINDOWS\system32\drivers
11:08:05.531 Service scanning
11:09:04.640 Modules scanning
11:09:18.765 Disk 0 trace - called modules:
11:09:18.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
11:09:18.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a72cab8]
11:09:18.781 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8a6dc948]
11:09:18.796 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-14[0x8a731d98]
11:09:20.531 AVAST engine scan C:\WINDOWS
11:09:35.875 AVAST engine scan C:\WINDOWS\system32
11:17:51.125 AVAST engine scan C:\WINDOWS\system32\drivers
11:18:12.828 AVAST engine scan C:\Documents and Settings\Eric
11:41:22.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eric\Desktop\MBR.dat"
11:41:23.828 The log file has been saved successfully to "C:\Documents and Settings\Eric\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 28 April 2012 - 02:09 PM

Greetings

I want you to uninstall firefox and reinstall it -if asked about user data or settings remove that also

bookmarks you may backup (but that is all) - http://support.mozilla.org/en-US/kb/Backing-up-restoring-bookmarks

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 TSDDoc

TSDDoc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 28 April 2012 - 05:04 PM

I prematurely cancelled aswMBR. I ran it again and here is the complete log.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-28 11:56:29
-----------------------------
11:56:29.437 OS Version: Windows 5.1.2600 Service Pack 3
11:56:29.437 Number of processors: 2 586 0xF0B
11:56:29.437 ComputerName: WS06 UserName: Eric
11:58:06.625 Initialize success
11:58:30.875 AVAST engine defs: 12042801
11:58:45.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-14
11:58:45.687 Disk 0 Vendor: ST3160815AS 3.AAD Size: 152627MB BusType: 3
11:58:45.718 Disk 0 MBR read successfully
11:58:45.718 Disk 0 MBR scan
11:58:45.718 Disk 0 Windows XP default MBR code
11:58:45.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
11:58:45.765 Disk 0 scanning sectors +312560640
11:58:46.000 Disk 0 scanning C:\WINDOWS\system32\drivers
12:00:10.703 Service scanning
12:02:18.718 Modules scanning
12:03:14.453 Disk 0 trace - called modules:
12:03:14.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
12:03:14.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6f9ab8]
12:03:14.484 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8a6a99e8]
12:03:14.484 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-14[0x8a6a9b00]
12:03:42.984 AVAST engine scan C:\WINDOWS
12:04:41.578 AVAST engine scan C:\WINDOWS\system32
12:12:16.765 AVAST engine scan C:\WINDOWS\system32\drivers
12:12:42.093 AVAST engine scan C:\Documents and Settings\Eric
12:32:18.625 AVAST engine scan C:\Documents and Settings\All Users
12:39:32.078 Scan finished successfully
14:54:14.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eric\Desktop\MBR.dat"
14:54:14.953 The log file has been saved successfully to "C:\Documents and Settings\Eric\Desktop\aswMBR.txt"




I am working on the Firefox re-install now.

#11 TSDDoc

TSDDoc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 28 April 2012 - 06:13 PM

Combofix log:

ComboFix 12-04-27.02 - Eric 04/28/2012 15:46:05.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2001.1342 [GMT -7:00]
Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Eric\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dr. Nelson's User\WINDOWS
c:\documents and settings\sunny\Application Data\FunWebProducts
c:\windows\system32\Cache
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-28 22:37 . 2012-04-28 22:40 -------- d-----w- C:\32788R22FWJFW
2012-04-28 22:31 . 2012-04-28 22:31 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-26 23:54 . 2012-04-27 00:13 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Deployment
2012-04-26 20:06 . 2012-04-26 20:06 -------- d-----w- c:\program files\Cobian Backup 11
2012-04-20 19:17 . 2012-04-20 19:17 -------- d-----w- c:\program files\iPod
2012-04-20 19:16 . 2012-04-20 19:17 -------- d-----w- c:\program files\iTunes
2012-04-20 19:13 . 2012-04-20 19:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-04-20 19:12 . 2012-04-20 19:12 -------- d-----w- c:\program files\Bonjour
2012-04-05 19:44 . 2012-02-01 04:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-04-05 19:44 . 2012-02-01 04:30 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-04-05 19:44 . 2012-02-01 04:30 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-04-05 19:44 . 2011-09-16 21:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-04-05 19:44 . 2012-02-01 04:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-04-05 18:13 . 2012-04-05 18:13 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\{188379A3-7F4B-11E1-826D-B8AC6F996F26}
2012-04-04 16:15 . 2012-04-17 16:12 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 16:12 . 2011-06-02 15:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-02-29 14:10 . 2007-07-27 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2007-07-27 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-15 18:01 . 2011-02-28 18:19 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 18:01 . 2011-02-28 18:19 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2007-07-27 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2008-01-05 00:05 . 2008-01-05 00:05 44360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-01-05 00:05 . 2008-01-05 00:05 107928 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2012-04-21 01:19 . 2012-04-28 22:30 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-08-22 21:42 . 2007-12-07 22:08 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-27_23.11.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-28 22:19 . 2012-04-28 22:19 16384 c:\windows\Temp\Perflib_Perfdata_af4.dat
+ 2007-07-27 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
+ 2007-07-27 12:00 . 2007-08-14 01:01 48128 c:\windows\system32\mshtmler.dll
- 2007-07-27 12:00 . 2009-03-08 11:31 48128 c:\windows\system32\mshtmler.dll
- 2007-07-27 12:00 . 2009-03-08 11:31 45568 c:\windows\system32\mshta.exe
+ 2007-07-27 12:00 . 2007-08-14 01:32 45568 c:\windows\system32\mshta.exe
+ 2007-08-14 01:36 . 2007-08-14 01:36 12288 c:\windows\system32\msfeedssync.exe
+ 2007-08-14 01:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-07-27 12:00 . 2007-08-14 01:44 40960 c:\windows\system32\licmgr10.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
+ 2007-07-27 12:00 . 2007-08-14 01:39 92672 c:\windows\system32\inseng.dll
+ 2007-07-27 12:00 . 2007-08-14 01:36 36352 c:\windows\system32\imgutil.dll
+ 2007-07-27 12:00 . 2007-08-14 01:39 55296 c:\windows\system32\iesetup.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
+ 2009-05-19 16:22 . 2009-02-20 18:09 78336 c:\windows\system32\ieencode.dll
+ 2007-07-27 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-14 01:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-07-27 12:00 . 2007-08-14 01:01 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2007-07-27 12:00 . 2009-03-08 11:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-07-27 12:00 . 2007-08-14 01:32 45568 c:\windows\system32\dllcache\mshta.exe
- 2007-07-27 12:00 . 2009-03-08 11:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2008-05-13 14:46 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-07-27 12:00 . 2007-08-14 01:44 40960 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-07-27 12:00 . 2007-08-14 01:39 92672 c:\windows\system32\dllcache\inseng.dll
+ 2007-07-27 12:00 . 2007-08-14 01:36 36352 c:\windows\system32\dllcache\imgutil.dll
+ 2007-07-27 12:00 . 2007-08-14 01:39 55296 c:\windows\system32\dllcache\iesetup.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-05-19 16:22 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-07-27 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-05-13 14:46 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-11-28 23:50 . 2007-08-14 01:18 60416 c:\windows\system32\dllcache\hmmapi.dll
+ 2007-07-27 12:00 . 2007-08-14 01:39 71680 c:\windows\system32\dllcache\admparse.dll
+ 2007-07-27 12:00 . 2008-04-14 00:11 35328 c:\windows\system32\corpol.dll
+ 2007-07-27 12:00 . 2007-08-14 01:39 71680 c:\windows\system32\admparse.dll
+ 2007-07-27 12:00 . 2009-03-03 00:18 826368 c:\windows\system32\wininet.dll
+ 2007-08-14 01:45 . 2007-08-14 01:45 206336 c:\windows\system32\winfxdocobj.exe
+ 2007-07-27 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
+ 2007-07-27 12:00 . 2008-05-09 10:53 430080 c:\windows\system32\vbscript.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
- 2007-07-27 12:00 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
- 2007-07-27 12:00 . 2009-03-08 11:22 156160 c:\windows\system32\msls31.dll
+ 2007-07-27 12:00 . 2007-08-14 01:54 156160 c:\windows\system32\msls31.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-14 01:54 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
+ 2007-07-27 12:00 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
+ 2011-09-02 21:02 . 2012-04-28 22:23 212957 c:\windows\system32\inetsrv\MetaBase.bin
+ 2007-08-14 01:54 . 2007-08-14 01:54 180736 c:\windows\system32\ieui.dll
+ 2007-08-14 01:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2007-07-27 12:00 . 2007-08-14 01:54 191488 c:\windows\system32\iepeers.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 19:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
+ 2007-07-27 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
+ 2007-07-27 12:00 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-11-28 23:50 . 2007-07-12 23:31 765952 c:\windows\system32\dllcache\vgx.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
- 2007-07-27 12:00 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-07-27 12:00 . 2009-03-08 11:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-07-27 12:00 . 2007-08-14 01:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-05-13 14:46 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
+ 2007-11-28 23:50 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe
+ 2008-05-13 14:46 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-07-27 12:00 . 2007-08-14 01:54 191488 c:\windows\system32\dllcache\iepeers.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-05-13 14:46 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-07-27 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
+ 2009-05-19 16:22 . 2006-09-07 00:43 213216 c:\windows\ie7\spuninst\spuninst.exe
+ 2007-07-27 12:00 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
+ 2007-08-14 01:54 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
+ 2007-02-12 23:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
+ 2007-07-27 12:00 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2007-07-27 12:00 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2008-05-13 14:46 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2008-05-13 14:46 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-12-01 12:22 122512 ----a-w- c:\program files\AVAST Software\Avast Business\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-05-23 401408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-06 137752]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-10-13 2215768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"avast"="c:\program files\AVAST Software\Avast Business\avastUI.exe" [2011-12-01 3744552]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-01 296056]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\sunny\Start Menu\Programs\Startup\
mapping.bat [2008-5-9 27]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-9 5911896]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2008\QBW32.EXE [2011-11-9 1178984]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-01 04:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dr. Nelson's User^Start Menu^Programs^Startup^Mozilla Firefox.lnk]
path=c:\documents and settings\Dr. Nelson's User\Start Menu\Programs\Startup\Mozilla Firefox.lnk
backup=c:\windows\pss\Mozilla Firefox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 08:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-08-22 21:42 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 12:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2011-09-16 21:10 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Amazing Charts\\Amazing Backup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"25322:TCP"= 25322:TCP:avast! SBC
"25322:UDP"= 25322:UDP:avast! SBC
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/7/2011 11:52 AM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/7/2011 11:52 AM 314584]
R1 NEOFLTR_550_12029;Juniper Networks TDI Filter Driver (NEOFLTR_550_12029);c:\windows\system32\drivers\NEOFLTR_550_12029.sys [8/23/2007 4:02 PM 63008]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/7/2011 11:52 AM 20568]
R2 avast! Net Client Service;avast! Net Client Service;c:\program files\AVAST Software\Avast Business\AvastNet.exe [9/7/2011 11:51 AM 189992]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1/31/2012 9:30 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 2:10 PM 12856]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [6/30/2011 1:25 PM 1248256]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2/8/2007 12:06 AM 49152]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [11/29/2007 7:58 AM 2514944]
S0 jnehigx;jnehigx;c:\windows\system32\drivers\dcukp.sys --> c:\windows\system32\drivers\dcukp.sys [?]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [4/26/2012 1:06 PM 67584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 9:15 AM 253088]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/7/2007 3:08 PM 29744]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/28/2012 3:31 PM 129976]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys --> c:\windows\system32\DRIVERS\radpms.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/27/2007 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 11:56 AM 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 11:56 AM 367456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:12]
.
2012-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
2012-03-19 c:\windows\Tasks\Eric R Nelson MD PC 1197136931.job
- c:\program files\Intuit\QuickBooks 2008\AutoBackupEXE.exe [2011-11-09 21:38]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188185223-3009797631-1173851212-1142Core.job
- c:\documents and settings\Dr. Nelson's User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-01 15:09]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188185223-3009797631-1173851212-1142UA.job
- c:\documents and settings\Dr. Nelson's User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-01 15:09]
.
2012-04-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4188185223-3009797631-1173851212-1142.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 23:14]
.
2012-04-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4188185223-3009797631-1173851212-1142.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 23:14]
.
2012-03-01 c:\windows\Tasks\SyncBack Eric-MyDocs.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-09-04 19:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.10.1.254
TCP: Interfaces\{89600547-FFD8-49C5-8286-456208734826}: NameServer = 10.10.1.254
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/LTOCX14N.cab
DPF: {CC747132-616C-4F7C-8259-AF8F325A3318} - hxxp://hmiweb1/WPP/ActiveX/WebStudyList.ocx
DPF: {DB73726C-2C0B-48CD-889E-1F4A12255B47} - hxxp://hmiweb1/EMR/DXViewWebInterface.ocx
FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\tua4yn35.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-28 16:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\LMIinit.dll
.
Completion time: 2012-04-28 16:09:50
ComboFix-quarantined-files.txt 2012-04-28 23:09
ComboFix2.txt 2012-04-27 23:22
.
Pre-Run: 28,448,280,576 bytes free
Post-Run: 28,452,220,928 bytes free
.
- - End Of File - - DD278D0064BC22C3D4CDF5EBA036D24C


I will use the computer and let you know how it goes.

Start up while in the process of doing all this has been glacial. I had many stalled tabs before getting Firefox re-installed, but it seems to be better now.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 28 April 2012 - 06:34 PM

Hello


I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do



I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 TSDDoc

TSDDoc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 30 April 2012 - 01:59 PM

I had trouble and could not run the scripts, but did reset DMA manually according to your link.

Here is the report:


2007 Microsoft Office system
ACPrerequisites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.4
Amazing Charts V6.1.2
Amazon MP3 Downloader 1.0.10
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Business Protection
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Cobian Backup 11 Gravity
Critical Update for Windows Media Player 11 (KB959772)
Google Desktop
High Definition Audio Driver Package - KB888111
Horizon DX View
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Image Resizer Powertoy for Windows XP
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.12.0
Intel® Active Management Technology
Intel® Management Engine Interface
iTunes
J2SE Runtime Environment 5.0 Update 5
Java™ 6 Update 11
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Juniper Networks Secure Application Manager
LogMeIn
MDGUSB Drivers
Media Player Classic
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
MobileMe Control Panel
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
neroxml
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
palmOne
Picasa 3
QuickBooks
QuickBooks Pro 2011
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Safari
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sentinel System Driver 5.41.1 (32-bit)
Shadow Copy Client
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
Sql Server Customer Experience Improvement Program
SyncBack
TOSHIBA e-STUDIO205 Series Client
TurboTax 2008
TurboTax 2008 waziper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 waziper
TurboTax 2009 WinBizFedFormset
TurboTax 2009 WinBizReleaseEngine
TurboTax 2009 WinBizTaxSupport
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wazcbpm
TurboTax 2010 waziper
TurboTax 2010 WinBizFedFormset
TurboTax 2010 WinBizReleaseEngine
TurboTax 2010 WinBizTaxSupport
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 waziper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax Business 2009
TurboTax Business 2010
TurboTax Deluxe 2007
UltiDev Cassini Web Server Explorer
UltiDev Cassini Web Server for ASP.NET 2.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebEx
WebFldrs XP
Windows Essentials Media Codec Pack 2.3d
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 30 April 2012 - 03:12 PM

Greetings

How are things running now?


Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 8.1.4
J2SE Runtime Environment 5.0 Update 5
Java™ 6 Update 11
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 TSDDoc

TSDDoc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 01 May 2012 - 12:38 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Eric :: WS06 [administrator]

5/1/2012 10:11:44 AM
mbam-log-2012-05-01 (10-11-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 321504
Time elapsed: 15 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:35:57 AM, on 5/1/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\AVAST Software\Avast Business\AvastNet.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVAST Software\Avast Business\avastUI.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intuit\QuickBooks 2008\QBW32.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast Business\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2008\QBW32.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - file:///D:/LTOCX14N.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://server-dc-main/connectcomputer/nshelp.dll
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} (LogMeIn Rescue Applet Downloader) - https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196348707468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196348982515
O16 - DPF: {CC747132-616C-4F7C-8259-AF8F325A3318} (WebStudyList Control) - http://hmiweb1/WPP/ActiveX/WebStudyList.ocx
O16 - DPF: {DB73726C-2C0B-48CD-889E-1F4A12255B47} (DXViewWebCtrl Class) - http://hmiweb1/EMR/DXViewWebInterface.ocx
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://portal.yrmc.org/dana-cached/setup/JuniperSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89600547-FFD8-49C5-8286-456208734826}: NameServer = 10.10.1.254
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = smallbusiness.local
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe
O23 - Service: avast! Net Client Service - AVAST Software - C:\Program Files\AVAST Software\Avast Business\AvastNet.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 11\cbVSCService11.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 12418 bytes


Everything seems to be running normally.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users