Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili ever after...


  • This topic is locked This topic is locked
21 replies to this topic

#1 CalJon

CalJon

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 30 April 2012 - 06:59 PM

NOTE: this is a continuation of this post:
http://www.bleepingcomputer.com/forums/topic452007.html

_____________________________________________

Well this all started when my XP system got hit by Happili.
And knowing enough about this stuff I proceeded to
solve the problem on my own...

Between carefully looking at recent files... and researching it
on the internet I was able to remove Happili... YAY

But in the process of analyzing things I realized there
were other infections as well...

( the computer has been running slow for quite a while )

using HJT... MBAM... and TM ONLINE I found other things.
( Interestingly MBAM quick scan found nothing, MBAM full found 6 things )

So each program found something different and I took care of them.

Then I decided to run Combofix... and of course that found something(s) too !!
EVERBODY ELSE missed regedit.COM !!

The system is running much better now.
I still need to install all the security patches beyond SP3.
As well as update my AV software.

I am attaching the current logs.
Perhaps you can spot something else suspicious
or recommend a next step.

THANKS in advance !!
Jon in California

Attached Files


Edited by CalJon, 30 April 2012 - 07:16 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 01 May 2012 - 12:49 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 CalJon

CalJon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 01 May 2012 - 02:31 PM

Greetings Gringo !!!

I appreciate your help and fast fast reply to my initial post.
I'll be around for the rest of the day so we should be
able to bang this out UNO, DOS, TRES !!!

GRACIAS !!

===========================================

I am defogged (I assume)
The program came back and said FINISHED !!
That's all... just "finished"

NO reboot requested.

NO kind of mention of status,
ie., disabled or CD emulation not found.

===================================================

BTW... I installed all 74 upgrades to SP3 last night
1 bombed out (framework related) as you'll see
4/30/2012 6:58:41 PM, error: Windows Update Agent [20]

========================================================

BTW #2 While I do run SAV it is out of date by 3 years...
still good for something but certainly not current

============================================================



Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Sophos Anti-Virus
Antivirus out of date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java™ 6 Update 31
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Sophos Sophos Anti-Virus SAVAdminService.exe
``````````End of Log````````````


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by xxxx at 11:59:27 on 2012-05-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.501.102 [GMT -7:00]
.
AV: Sophos Anti-Virus *Disabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\WINDOWS\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://finance.yahoo.com/q?s=ATML
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [NWTRAY] NWTRAY.EXE
mRun: [D-Link AirPlus G DWL-G510] c:\program files\d-link\airplus g dwl-g510\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168637952296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6247497F-417E-4F26-A00A-E7ECA05778D6} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C42198F6-B725-4222-82F5-FF677030CBF2} : NameServer = 216.116.96.2,216.116.96.3
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwv1_0
.
============= SERVICES / DRIVERS ===============
.
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2006-10-18 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2006-10-18 38528]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-5-28 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-9-30 98304]
R2 Sophos Agent;Sophos Agent;c:\program files\sophos\remote management system\ManagementAgentNT.exe [2009-4-2 266240]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2009-7-10 172032]
R2 Sophos Message Router;Sophos Message Router;c:\program files\sophos\remote management system\RouterNT.exe [2009-4-2 794624]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2010-2-5 547744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-29 253088]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011\RpcAgentSrv.exe [2012-3-16 93848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-9-30 14976]
.
=============== Created Last 30 ================
.
2012-05-01 02:53:52 -------- d-----w- c:\documents and settings\cumhey\local settings\application data\PCHealth
2012-04-30 19:54:24 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-04-30 19:52:17 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-04-30 19:46:05 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-04-30 19:43:45 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-04-30 19:03:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-04-30 19:03:18 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-04-30 19:03:15 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-04-30 19:03:15 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-30 19:00:28 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-04-30 17:35:19 518144 ----a-w- c:\windows\SWREG.exe
2012-04-30 17:35:19 256000 ----a-w- c:\windows\PEV.exe
2012-04-30 17:35:19 208896 ----a-w- c:\windows\MBR.exe
2012-04-30 17:35:18 98816 ----a-w- c:\windows\sed.exe
2012-04-30 17:35:07 -------- d-----w- C:\ComboFix
2012-04-30 01:17:44 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-30 01:17:44 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-30 01:10:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-30 01:10:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
==================== Find3M ====================
.
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 12:00:58.31 ===============


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/17/2006 5:39:55 PM
System Uptime: 5/1/2012 11:31:47 AM (1 hours ago)
.
Motherboard: Intel Corporation | | D946GZIS
Processor: Intel® Core™2 CPU 6300 @ 1.86GHz | | 1864/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 49.198 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 4/30/2012 11:52:15 AM - System Checkpoint
RP2: 4/30/2012 5:41:14 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe Acrobat 6.0 Professional
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1
AirPlus G DWL-G510
ANIO Service
ANIWZCS2 Service
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
Bonjour
ConneX KeyIC 2.0
CorePLS_Min_QFolder
Critical Update for Windows Media Player 11 (KB959772)
GroupWise
GroupWise Internet Browser Mail Integration
GroupWise Tip of the Day C3PO
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Care Pack Core
HP Care Pack Products
HP LaserJet P2015 Series 1.0
HP Memories Disc
HP Photo and Imaging 2.2 - Scanjet 3970 Series
HP Software Update
hppFonts
hppIOFiles
hppManualsP2015
hppWebRegMM
Image Retriever 7
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections
iTunes
Java Auto Updater
Java™ 6 Update 31
LEARN Microsoft® Excel xp
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Nero Suite
NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)
NMAS Client (3.1.0.8)
Novell Client for Windows
Paint Shop Pro 4.12 Shareware
PaperPort Image Printer
PenSoft Payroll 2006
PenSoft Payroll 2009 V3.09.5.03
PenSoft Payroll Plus 2007
PenSoft Payroll.net 2008 V3.08.5.04
PowerDVD
Product_SF_Min_QFolder
Quicken 2002 Basic
QuickTime
Samsung CLP-310 Series
ScanSoft OmniPage 15
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SigmaTel Audio
SiSoftware Sandra Lite 2011
Sophos Anti-Virus
Sophos AutoUpdate
Sophos Remote Management System
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wcaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wpaiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wpaiper
TurboTax 2011 wrapper
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebEx Meeting Manager for Internet Explorer
WebFldrs XP
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows NT Messaging
Windows XP Service Pack 3
WordPerfect Office 11
.
==== Event Viewer Messages From Past Week ========
.
5/1/2012 11:45:42 AM, error: Service Control Manager [7034] - The Sophos Anti-Virus service terminated unexpectedly. It has done this 2 time(s).
5/1/2012 11:45:37 AM, error: Service Control Manager [7034] - The Sophos Anti-Virus service terminated unexpectedly. It has done this 1 time(s).
5/1/2012 11:45:37 AM, error: SAVOnAccessControl [37] - Driver threads still active when driver is being shutdown.
4/30/2012 6:58:41 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [85] - File [...Virus\zbot-ha.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd270205cafa7e]).
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [85] - File [...Virus\xanib-a.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd270205c89824]).
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [85] - File [...irus\waled-cz.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd270205c3d370]).
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [85] - File [...irus\votera-i.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd270205bf0ebc]).
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [85] - File [...irus\tofsee-d.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd270205b0c0a0]).
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [85] - File [...irus\tiotu-bp.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd270205a99992]).
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [85] - File [...em32\LGNWNT32.DLL]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process lsass.exe, (start check timestamp [ 1cd270205c3d370]).
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [85] - File [...-Virus\vb-ehe.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd270205bf0ebc]).
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [85] - File [...-Virus\vb-egn.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd270205bcac62]).
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [85] - File [...-Virus\vb-egg.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd270205b58554]).
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd2700a001b684]) filename continues: "...olume1\WINDOWS\system32\config\SAM"
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd2700a001b684]) filename continues: "....tmp"
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd27009fe51a4c]) filename continues: "...olume1\Program Files\Sophos\Sophos"
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd27009fe51a4c]) filename continues: "... Anti-Virus\tedroo-a.ide"
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [81] - The on-access scan of file "\Device\HarddiskV ..." of process ManagementAgent, start check timestamp [ 1cd27009fe51a4c] did not complete in time: file was not scanned.
4/30/2012 11:49:50 AM, error: SAVOnAccessControl [81] - The on-access scan of file "\Device\HarddiskV ..." of process ERDNT.EXE, start check timestamp [ 1cd2700a001b684] did not complete in time: file was not scanned.
4/30/2012 11:39:49 AM, error: SAVOnAccessControl [85] - File [...WS\erdnt\subs\SAM]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ERDNT.EXE, (start check timestamp [ 1cd27009fc61bba]).
4/30/2012 11:39:49 AM, error: SAVOnAccessControl [85] - File [...irus\swizzr-a.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd27009fd92e8a]).
4/30/2012 11:39:49 AM, error: SAVOnAccessControl [85] - File [...irus\swfexp-r.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd27009fc61bba]).
4/30/2012 11:39:49 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd26ff3a22fd60]) filename continues: "...olume1\WINDOWS\system32\config\def"
4/30/2012 11:39:49 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd26ff3a22fd60]) filename continues: "...ault.tmp"
4/30/2012 11:39:49 AM, error: SAVOnAccessControl [81] - The on-access scan of file "\Device\HarddiskV ..." of process ERDNT.EXE, start check timestamp [ 1cd26ff3a22fd60] did not complete in time: file was not scanned.
4/30/2012 11:29:49 AM, error: SAVOnAccessControl [85] - File [...rdnt\subs\default]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ERDNT.EXE, (start check timestamp [ 1cd26ff3a1bd652]).
4/30/2012 11:29:49 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd26fdd46ccc36]) filename continues: "...tem.tmp"
4/30/2012 11:29:49 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd26fdd46ccc36]) filename continues: "...olume1\WINDOWS\system32\config\sys"
4/30/2012 11:29:49 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd26fdd46ccc36]) filename continues: "...olume1\Program Files\Sophos\Sophos"
4/30/2012 11:29:49 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd26fdd46ccc36]) filename continues: "... Anti-Virus\swfexp-q.ide"
4/30/2012 11:29:49 AM, error: SAVOnAccessControl [81] - The on-access scan of file "\Device\HarddiskV ..." of process ManagementAgent, start check timestamp [ 1cd26fdd46ccc36] did not complete in time: file was not scanned.
4/30/2012 11:29:49 AM, error: SAVOnAccessControl [81] - The on-access scan of file "\Device\HarddiskV ..." of process ERDNT.EXE, start check timestamp [ 1cd26fdd46ccc36] did not complete in time: file was not scanned.
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [85] - File [...irus\kolabc-j.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fdce89fe06]).
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [85] - File [...irus\killa-gb.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fdce794d90]).
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [85] - File [...irus\keylo-lr.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fdce722682]).
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [85] - File [...irus\jsdown-q.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fdce6aff74]).
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [85] - File [...irus\jsdown-o.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fdce689d1a]).
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [85] - File [...irus\injec-jm.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fdce61760c]).
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [85] - File [...irus\injec-jk.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fdce5cb158]).
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [85] - File [...irus\injec-jh.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fdce558a4a]).
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [85] - File [...irus\injec-jb.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fdce4c00e2]).
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [85] - File [...E1.DIR\XMLCPP.DLL]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ALUpdate.exe, (start check timestamp [ 1cd26fdce499e88]).
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd26fc6876d126]) filename continues: "...tware.tmp"
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd26fc6876d126]) filename continues: "...olume1\WINDOWS\system32\config\sof"
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd26fc68746ecc]) filename continues: "...olume1\WINDOWS\TEMP\SOPHOS_AUTOUPD"
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd26fc68746ecc]) filename continues: "...ATE1.DIR\RETAILER.DLL"
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [81] - The on-access scan of file "\Device\HarddiskV ..." of process ERDNT.EXE, start check timestamp [ 1cd26fc6876d126] did not complete in time: file was not scanned.
4/30/2012 11:19:39 AM, error: SAVOnAccessControl [81] - The on-access scan of file "\Device\HarddiskV ..." of process ALUpdate.exe, start check timestamp [ 1cd26fc68746ecc] did not complete in time: file was not scanned.
4/30/2012 11:09:32 AM, error: SAVOnAccessControl [85] - File [...irus\agen-kvq.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fc645dc676]).
4/30/2012 11:09:32 AM, error: SAVOnAccessControl [85] - File [...irus\agen-kvp.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fc644d1600]).
4/30/2012 11:09:32 AM, error: SAVOnAccessControl [85] - File [...irus\agen-kvm.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fc642bb514]).
4/30/2012 11:09:32 AM, error: SAVOnAccessControl [85] - File [...C04FC295EE}\catdb]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1cd26fc6234a4e6]).
4/30/2012 11:09:31 AM, error: SAVOnAccessControl [85] - File [...irus\agen-kvk.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fc640cb682]).
4/30/2012 11:09:31 AM, error: SAVOnAccessControl [85] - File [...irus\agen-kvj.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fc64032d1a]).
4/30/2012 11:09:31 AM, error: SAVOnAccessControl [85] - File [...irus\agen-kvb.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fc63e8f33c]).
4/30/2012 11:09:31 AM, error: SAVOnAccessControl [85] - File [...irus\agen-kup.ide]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process ManagementAgent, (start check timestamp [ 1cd26fc63d5e06c]).
4/30/2012 11:09:28 AM, error: SAVOnAccessControl [85] - File [...vers\etc\services]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process spoolsv.exe, (start check timestamp [ 1cd26fc6251411e]).
4/30/2012 11:09:28 AM, error: SAVOnAccessControl [85] - File [...C04FC295EE}\catdb]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1cd26fb12aff782]).
4/30/2012 11:09:28 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd26fafc7c1162]) filename continues: "...URITY.tmp"
4/30/2012 11:09:28 AM, error: SAVOnAccessControl [82] - Scan failure (start check timestamp [ 1cd26fafc7c1162]) filename continues: "...olume1\WINDOWS\system32\config\SEC"
4/30/2012 11:09:28 AM, error: SAVOnAccessControl [81] - The on-access scan of file "\Device\HarddiskV ..." of process ERDNT.EXE, start check timestamp [ 1cd26fafc7c1162] did not complete in time: file was not scanned.
4/29/2012 6:51:10 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MACBOOKPRO-0368 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6247497F-417. The master browser is stopping or an election is being forced.
4/29/2012 5:54:05 PM, error: Service Control Manager [7034] - The ANIWZCSd Service service terminated unexpectedly. It has done this 1 time(s).
4/28/2012 6:16:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SAVOnAccessControl SAVOnAccessFilter
4/28/2012 6:07:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/28/2012 5:44:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/28/2012 5:43:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/28/2012 5:43:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/28/2012 5:43:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVOnAccessControl SAVOnAccessFilter Tcpip
4/28/2012 5:43:24 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 5:43:24 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 5:43:24 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 5:43:24 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/27/2012 9:05:48 PM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
4/27/2012 9:05:48 PM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
4/25/2012 7:39:49 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 01 May 2012 - 09:54 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 CalJon

CalJon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 01 May 2012 - 10:36 PM

Gringo:

I will run CF again and post a report manana...
when I ran it the other day it gave me a bunch of
ACCESS IS DENIED messages
see orig post: http://www.bleepingcomputer.com/forums/topic452007.html

Can you explain this ??

Computer seems to be running fine . . .
certainly not as fast as a freshly striped drive
but much better than it has in many months.

NO evidence of Happili.

But having found 10 other malicious files I cannot
help but wonder if there are a few others lurking.

- Jon

Edited by CalJon, 02 May 2012 - 08:45 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 01 May 2012 - 11:21 PM

Hello

Can you explain this ??


Most of the time when I have seen this it has been because it was not run as admin



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 CalJon

CalJon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 02 May 2012 - 07:39 PM

Hi Gringo:

Still lots (6?) of access denied messages
when running CF even tho I am logged in as admin...
also NIRCMD not found messages...

Computer seems to be doing ok.

Here's the log:

( thanks :thumbup2: )

=====================================

ComboFix 12-04-29.02 - xxxx 05/02/2012 16:51:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.501.107 [GMT -7:00]
Running from: c:\documents and settings\xxx\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Enabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
* Resident AV is active
.
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))))
.
.
2012-05-01 02:53 . 2012-05-01 02:53 -------- d-----w- c:\documents and settings\xxx\Local Settings\Application Data\PCHealth
2012-04-30 19:54 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-04-30 19:52 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-04-30 19:46 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-04-30 19:43 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-04-30 19:03 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-04-30 19:03 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-04-30 19:03 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-04-30 19:03 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-30 19:00 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-04-30 01:17 . 2012-04-30 01:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-30 01:17 . 2012-04-30 01:17 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-30 01:11 . 2012-04-30 01:11 -------- d-----w- c:\program files\Common Files\Java
2012-04-30 01:10 . 2012-04-30 01:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-30 01:10 . 2012-04-30 01:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="c:\program files\Scansoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"D-Link AirPlus G DWL-G510"="c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe" [2007-10-24 1552384]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"SigmatelSysTrayApp"="sttray.exe" [2006-05-26 282624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Retriever.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Retriever.lnk
backup=c:\windows\pss\Image Retriever.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^cumhey^Start Menu^Programs^Startup^ThreatMon.lnk]
path=c:\documents and settings\cumhey\Start Menu\Programs\Startup\ThreatMon.lnk
backup=c:\windows\pss\ThreatMon.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-06-23 04:44 86016 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
2007-12-24 05:47 618496 ----a-w- c:\program files\HP\DfaWep\bin\hpbdfawep.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-06-23 04:41 98304 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-06-27 18:15 46368 ----a-w- c:\program files\Scansoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-10-02 02:57 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 23:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 23:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-01-13 21:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]
2002-03-12 18:37 28672 ----a-r- c:\windows\system32\nwtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpAgent]
2007-06-26 01:10 943392 ----a-w- c:\program files\Nuance\OmniPage15\OpAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware15]
2007-06-26 01:10 79136 ----a-w- c:\program files\Nuance\OmniPage15\OpWare15.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-06-27 18:17 29984 ----a-w- c:\program files\Scansoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-06-23 04:40 81920 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2004-03-22 23:37 77887 ----a-w- c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 23:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 10:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 18:42 69632 ----a-w- c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-05-26 14:58 282624 ----a-w- c:\windows\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 16:03 210472 ----a-w- c:\program files\Common Files\scansoft shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"STacSV"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"cusrvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"IntuitUpdateServiceV4"=2 (0x2)
"IntuitUpdateService"=2 (0x2)
"idsvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Novell\\GroupWise\\GrpWise.exe"=
"c:\\Novell\\GroupWise\\Notify.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011\\WNt500x86\\RpcSandraSrv.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 253088]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2009-08-18 93848]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2008-09-30 14976]
S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys [2009-02-26 110848]
S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys [2009-02-26 38528]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2009-05-28 80936]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2008-09-30 98304]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2007-05-24 547744]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 01:17]
.
2012-03-16 c:\windows\Tasks\New scan (1).job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-02-26 20:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://finance.yahoo.com/q?s=ATML
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C42198F6-B725-4222-82F5-FF677030CBF2}: NameServer = 216.116.96.2,216.116.96.3
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-02 17:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\sxs.dll
.
- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
.
- - - - - - - > 'Explorer.exe'(3480)
c:\windows\system32\WININET.dll
c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Completion time: 2012-05-02 17:17:50
ComboFix-quarantined-files.txt 2012-05-03 00:17
ComboFix2.txt 2012-04-30 23:48
.
Pre-Run: 53,437,501,440 bytes free
Post-Run: 53,495,250,944 bytes free
.
- - End Of File - - 5EFF97A62DDD0153242A65C636A2FB7F

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 02 May 2012 - 08:46 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 CalJon

CalJon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 03 May 2012 - 05:42 PM

backatcha....

(computer still looking ok)



09:58:59.0531 0668 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
09:59:00.0000 0668 ============================================================
09:59:00.0000 0668 Current date / time: 2012/05/03 09:59:00.0000
09:59:00.0000 0668 SystemInfo:
09:59:00.0000 0668
09:59:00.0000 0668 OS Version: 5.1.2600 ServicePack: 3.0
09:59:00.0000 0668 Product type: Workstation
09:59:00.0125 0668 ComputerName: xxxx
09:59:00.0125 0668 UserName: xxxx
09:59:00.0125 0668 Windows directory: C:\WINDOWS
09:59:00.0125 0668 System windows directory: C:\WINDOWS
09:59:00.0125 0668 Processor architecture: Intel x86
09:59:00.0125 0668 Number of processors: 2
09:59:00.0125 0668 Page size: 0x1000
09:59:00.0125 0668 Boot type: Normal boot
09:59:00.0125 0668 ============================================================
09:59:01.0562 0668 Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:59:01.0562 0668 ============================================================
09:59:01.0562 0668 \Device\Harddisk0\DR0:
09:59:01.0562 0668 MBR partitions:
09:59:01.0562 0668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
09:59:01.0562 0668 ============================================================
09:59:01.0593 0668 C: <-> \Device\Harddisk0\DR0\Partition0
09:59:01.0593 0668 ============================================================
09:59:01.0593 0668 Initialize success
09:59:01.0593 0668 ============================================================
09:59:13.0000 0208 ============================================================
09:59:13.0000 0208 Scan started
09:59:13.0000 0208 Mode: Manual;
09:59:13.0000 0208 ============================================================
09:59:13.0390 0208 A3AB (21af8e9c727c6d7643ad497268f55bf1) C:\WINDOWS\system32\DRIVERS\A3AB.sys
09:59:13.0593 0208 A3AB - ok
09:59:13.0593 0208 Abiosdsk - ok
09:59:13.0593 0208 abp480n5 - ok
09:59:13.0640 0208 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:59:13.0750 0208 ACPI - ok
09:59:13.0781 0208 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:59:13.0828 0208 ACPIEC - ok
09:59:13.0921 0208 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:59:14.0078 0208 AdobeFlashPlayerUpdateSvc - ok
09:59:14.0078 0208 adpu160m - ok
09:59:14.0109 0208 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:59:14.0171 0208 aec - ok
09:59:14.0218 0208 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:59:14.0281 0208 AFD - ok
09:59:14.0312 0208 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
09:59:14.0328 0208 AFS2K - ok
09:59:14.0343 0208 Aha154x - ok
09:59:14.0343 0208 aic78u2 - ok
09:59:14.0343 0208 aic78xx - ok
09:59:14.0390 0208 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:59:14.0437 0208 Alerter - ok
09:59:14.0453 0208 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:59:14.0468 0208 ALG - ok
09:59:14.0468 0208 AliIde - ok
09:59:14.0468 0208 amsint - ok
09:59:14.0515 0208 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
09:59:14.0578 0208 ANIO - ok
09:59:14.0640 0208 ANIWZCSdService (aa3d68f26b2a27f660afc46039b061a4) C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
09:59:14.0687 0208 ANIWZCSdService - ok
09:59:14.0765 0208 Apple Mobile Device (b8e865d24f2753a35cc2a9a6a3ce1ad4) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
09:59:14.0968 0208 Apple Mobile Device - ok
09:59:15.0000 0208 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:59:15.0093 0208 AppMgmt - ok
09:59:15.0109 0208 asc - ok
09:59:15.0109 0208 asc3350p - ok
09:59:15.0109 0208 asc3550 - ok
09:59:15.0187 0208 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:59:15.0312 0208 aspnet_state - ok
09:59:15.0328 0208 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:59:15.0359 0208 AsyncMac - ok
09:59:15.0390 0208 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:59:15.0390 0208 atapi - ok
09:59:15.0390 0208 Atdisk - ok
09:59:15.0390 0208 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:59:15.0453 0208 Atmarpc - ok
09:59:15.0468 0208 ATNT40K (a9a124c15b5f2fe1ffd1ea238bd5aeed) C:\WINDOWS\SYSTEM32\DRIVERS\ATNT40K.SYS
09:59:15.0546 0208 ATNT40K - ok
09:59:15.0593 0208 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:59:15.0593 0208 AudioSrv - ok
09:59:15.0640 0208 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:59:15.0656 0208 audstub - ok
09:59:15.0703 0208 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:59:15.0750 0208 Beep - ok
09:59:15.0781 0208 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:59:16.0046 0208 BITS - ok
09:59:16.0078 0208 Bonjour Service (9efe4236f8670846b6e7c5b0eff6e715) C:\Program Files\Bonjour\mDNSResponder.exe
09:59:16.0687 0208 Bonjour Service - ok
09:59:16.0718 0208 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:59:16.0718 0208 Browser - ok
09:59:16.0875 0208 catchme - ok
09:59:16.0890 0208 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:59:16.0968 0208 cbidf2k - ok
09:59:16.0984 0208 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:59:17.0031 0208 CCDECODE - ok
09:59:17.0031 0208 cd20xrnt - ok
09:59:17.0046 0208 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:59:17.0062 0208 Cdaudio - ok
09:59:17.0109 0208 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:59:17.0125 0208 Cdfs - ok
09:59:17.0140 0208 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:59:17.0171 0208 Cdrom - ok
09:59:17.0171 0208 Changer - ok
09:59:17.0203 0208 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:59:17.0593 0208 CiSvc - ok
09:59:17.0625 0208 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:59:17.0703 0208 ClipSrv - ok
09:59:17.0781 0208 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:59:17.0875 0208 clr_optimization_v2.0.50727_32 - ok
09:59:17.0937 0208 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:59:18.0046 0208 clr_optimization_v4.0.30319_32 - ok
09:59:18.0062 0208 CmdIde - ok
09:59:18.0062 0208 COMSysApp - ok
09:59:18.0078 0208 Cpqarray - ok
09:59:18.0109 0208 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:59:18.0109 0208 CryptSvc - ok
09:59:18.0156 0208 cusrvc (5fcd3a21a155beb3c7f75ed1a4ef4ec2) C:\WINDOWS\system32\cusrvc.exe
09:59:18.0218 0208 cusrvc - ok
09:59:18.0218 0208 dac2w2k - ok
09:59:18.0218 0208 dac960nt - ok
09:59:18.0265 0208 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:59:18.0312 0208 DcomLaunch - ok
09:59:18.0312 0208 DgiVecp - ok
09:59:18.0359 0208 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:59:18.0359 0208 Dhcp - ok
09:59:18.0390 0208 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:59:18.0437 0208 Disk - ok
09:59:18.0437 0208 dmadmin - ok
09:59:18.0484 0208 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:59:18.0937 0208 dmboot - ok
09:59:18.0984 0208 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:59:19.0140 0208 dmio - ok
09:59:19.0171 0208 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:59:19.0250 0208 dmload - ok
09:59:19.0312 0208 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:59:19.0312 0208 dmserver - ok
09:59:19.0328 0208 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:59:19.0343 0208 DMusic - ok
09:59:19.0375 0208 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:59:19.0375 0208 Dnscache - ok
09:59:19.0421 0208 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:59:19.0421 0208 Dot3svc - ok
09:59:19.0437 0208 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
09:59:19.0796 0208 Dot4 - ok
09:59:19.0812 0208 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
09:59:19.0843 0208 Dot4Print - ok
09:59:19.0843 0208 dpti2o - ok
09:59:19.0875 0208 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:59:19.0890 0208 drmkaud - ok
09:59:19.0937 0208 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:59:20.0046 0208 E100B - ok
09:59:20.0109 0208 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:59:20.0109 0208 EapHost - ok
09:59:20.0125 0208 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:59:20.0125 0208 ERSvc - ok
09:59:20.0156 0208 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:59:20.0156 0208 Eventlog - ok
09:59:20.0203 0208 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:59:20.0250 0208 EventSystem - ok
09:59:20.0296 0208 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:59:20.0359 0208 Fastfat - ok
09:59:20.0390 0208 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:59:20.0390 0208 FastUserSwitchingCompatibility - ok
09:59:20.0406 0208 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:59:20.0437 0208 Fdc - ok
09:59:20.0453 0208 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
09:59:20.0500 0208 FilterService - ok
09:59:20.0515 0208 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:59:20.0593 0208 Fips - ok
09:59:20.0609 0208 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:59:20.0671 0208 Flpydisk - ok
09:59:20.0718 0208 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:59:20.0781 0208 FltMgr - ok
09:59:20.0859 0208 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:59:20.0906 0208 FontCache3.0.0.0 - ok
09:59:20.0921 0208 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:59:20.0953 0208 Fs_Rec - ok
09:59:20.0984 0208 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:59:21.0031 0208 Ftdisk - ok
09:59:21.0078 0208 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:59:21.0093 0208 GEARAspiWDM - ok
09:59:21.0187 0208 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:59:21.0281 0208 Gpc - ok
09:59:21.0296 0208 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:59:21.0484 0208 HDAudBus - ok
09:59:21.0531 0208 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:59:21.0531 0208 helpsvc - ok
09:59:21.0562 0208 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:59:21.0578 0208 HidServ - ok
09:59:21.0593 0208 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:59:21.0625 0208 HidUsb - ok
09:59:21.0671 0208 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:59:21.0734 0208 hkmsvc - ok
09:59:21.0781 0208 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
09:59:21.0812 0208 HPFXBULK - ok
09:59:21.0812 0208 hpn - ok
09:59:21.0859 0208 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:59:21.0921 0208 HTTP - ok
09:59:21.0953 0208 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:59:22.0000 0208 HTTPFilter - ok
09:59:22.0000 0208 i2omgmt - ok
09:59:22.0000 0208 i2omp - ok
09:59:22.0046 0208 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:59:22.0078 0208 i8042prt - ok
09:59:22.0171 0208 ialm (88164ba0e3fc4172ff3a1bd82b756454) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:59:22.0390 0208 ialm - ok
09:59:22.0531 0208 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:59:22.0562 0208 IDriverT - ok
09:59:22.0687 0208 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:59:22.0843 0208 idsvc - ok
09:59:22.0875 0208 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:59:22.0937 0208 Imapi - ok
09:59:22.0968 0208 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:59:23.0062 0208 ImapiService - ok
09:59:23.0078 0208 ini910u - ok
09:59:23.0078 0208 IntelIde - ok
09:59:23.0125 0208 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:59:23.0140 0208 intelppm - ok
09:59:23.0218 0208 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
09:59:23.0296 0208 IntuitUpdateService - ok
09:59:23.0328 0208 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
09:59:23.0343 0208 IntuitUpdateServiceV4 - ok
09:59:23.0359 0208 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:59:23.0390 0208 Ip6Fw - ok
09:59:23.0406 0208 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:59:23.0453 0208 IpFilterDriver - ok
09:59:23.0468 0208 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:59:23.0515 0208 IpInIp - ok
09:59:23.0531 0208 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:59:23.0593 0208 IpNat - ok
09:59:23.0656 0208 iPod Service (d2e8efb8af35fcf5a7af22f5a0ce1a82) C:\Program Files\iPod\bin\iPodService.exe
09:59:24.0156 0208 iPod Service - ok
09:59:24.0187 0208 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:59:24.0218 0208 IPSec - ok
09:59:24.0234 0208 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:59:24.0250 0208 IRENUM - ok
09:59:24.0281 0208 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:59:24.0312 0208 isapnp - ok
09:59:24.0453 0208 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
09:59:24.0453 0208 JavaQuickStarterService - ok
09:59:24.0468 0208 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:59:24.0531 0208 Kbdclass - ok
09:59:24.0562 0208 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:59:24.0609 0208 kbdhid - ok
09:59:24.0640 0208 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:59:24.0671 0208 kmixer - ok
09:59:24.0718 0208 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:59:24.0734 0208 KSecDD - ok
09:59:24.0781 0208 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:59:24.0781 0208 lanmanserver - ok
09:59:24.0828 0208 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:59:24.0828 0208 lanmanworkstation - ok
09:59:24.0828 0208 lbrtfdc - ok
09:59:24.0875 0208 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:59:24.0875 0208 LmHosts - ok
09:59:24.0984 0208 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
09:59:25.0656 0208 LVcKap - ok
09:59:25.0734 0208 LVCOMSer (9e41266c68c11d7101a2d18cd1f7553e) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
09:59:25.0875 0208 LVCOMSer - ok
09:59:26.0046 0208 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
09:59:26.0203 0208 LVMVDrv - ok
09:59:26.0359 0208 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
09:59:26.0531 0208 lvpopflt - ok
09:59:26.0609 0208 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
09:59:26.0625 0208 LVPr2Mon - ok
09:59:26.0687 0208 LVPrcSrv (85c2e84bc1224c75a20b5560d5a15db9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
09:59:26.0875 0208 LVPrcSrv - ok
09:59:26.0921 0208 LVSrvLauncher (656180e9c0c5199520972426c44bc2f0) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
09:59:27.0015 0208 LVSrvLauncher - ok
09:59:27.0046 0208 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
09:59:27.0062 0208 LVUSBSta - ok
09:59:27.0234 0208 LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
09:59:28.0390 0208 LVUVC - ok
09:59:28.0484 0208 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
09:59:28.0906 0208 MDM - ok
09:59:28.0984 0208 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:59:29.0031 0208 Messenger - ok
09:59:29.0046 0208 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:59:29.0078 0208 mnmdd - ok
09:59:29.0109 0208 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:59:29.0453 0208 mnmsrvc - ok
09:59:29.0484 0208 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:59:29.0515 0208 Modem - ok
09:59:29.0562 0208 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:59:29.0578 0208 Mouclass - ok
09:59:29.0609 0208 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:59:29.0625 0208 mouhid - ok
09:59:29.0671 0208 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:59:29.0703 0208 MountMgr - ok
09:59:29.0718 0208 mraid35x - ok
09:59:29.0734 0208 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:59:29.0859 0208 MRxDAV - ok
09:59:29.0906 0208 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:59:29.0953 0208 MRxSmb - ok
09:59:29.0984 0208 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:59:30.0031 0208 MSDTC - ok
09:59:30.0046 0208 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:59:30.0125 0208 Msfs - ok
09:59:30.0125 0208 MSIServer - ok
09:59:30.0156 0208 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:59:30.0171 0208 MSKSSRV - ok
09:59:30.0218 0208 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:59:30.0265 0208 MSPCLOCK - ok
09:59:30.0296 0208 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:59:30.0312 0208 MSPQM - ok
09:59:30.0359 0208 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:59:30.0406 0208 mssmbios - ok
09:59:30.0421 0208 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:59:30.0468 0208 MSTEE - ok
09:59:30.0500 0208 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:59:30.0531 0208 Mup - ok
09:59:30.0578 0208 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:59:30.0640 0208 NABTSFEC - ok
09:59:30.0718 0208 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:59:30.0906 0208 napagent - ok
09:59:30.0906 0208 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:59:30.0968 0208 NDIS - ok
09:59:30.0984 0208 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:59:31.0015 0208 NdisIP - ok
09:59:31.0046 0208 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:59:31.0078 0208 NdisTapi - ok
09:59:31.0093 0208 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:59:31.0109 0208 Ndisuio - ok
09:59:31.0140 0208 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:59:31.0187 0208 NdisWan - ok
09:59:31.0203 0208 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:59:31.0218 0208 NDProxy - ok
09:59:31.0234 0208 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:59:31.0250 0208 NetBIOS - ok
09:59:31.0281 0208 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:59:31.0312 0208 NetBT - ok
09:59:31.0359 0208 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:59:31.0484 0208 NetDDE - ok
09:59:31.0484 0208 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:59:31.0484 0208 NetDDEdsdm - ok
09:59:31.0531 0208 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:59:31.0531 0208 Netlogon - ok
09:59:31.0562 0208 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:59:31.0578 0208 Netman - ok
09:59:31.0687 0208 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:59:31.0718 0208 NetTcpPortSharing - ok
09:59:31.0796 0208 NetwareWorkstation (71d3d223bd48834b2f5847b82cf63712) C:\WINDOWS\system32\NetWare\nwfs.sys
09:59:31.0921 0208 NetwareWorkstation - ok
09:59:31.0953 0208 NICM (a44f0bcf8abdba07b49b12712deeed9c) C:\WINDOWS\system32\drivers\nicm.sys
09:59:32.0000 0208 NICM - ok
09:59:32.0031 0208 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:59:32.0078 0208 Nla - ok
09:59:32.0109 0208 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:59:32.0156 0208 Npfs - ok
09:59:32.0218 0208 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:59:32.0296 0208 Ntfs - ok
09:59:32.0296 0208 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:59:32.0296 0208 NtLmSsp - ok
09:59:32.0343 0208 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:59:32.0500 0208 NtmsSvc - ok
09:59:32.0546 0208 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:59:32.0578 0208 Null - ok
09:59:32.0578 0208 NWDHCP (1947eb59a1ae3539cd24a87062a4aa2c) C:\WINDOWS\system32\NetWare\nwdhcp.sys
09:59:32.0625 0208 NWDHCP - ok
09:59:32.0625 0208 NWDNS (0dbdcdc7855ddd64fb5d0af168d7c0b2) C:\WINDOWS\system32\NetWare\nwdns.sys
09:59:32.0656 0208 NWDNS - ok
09:59:32.0671 0208 NWFILTER (7bbf493e2b4979312fa5b350fcf5a4c4) C:\WINDOWS\system32\NetWare\nwfilter.sys
09:59:32.0703 0208 NWFILTER - ok
09:59:32.0718 0208 NWHOST (b5e3e1e6f837a5f51a2e12234b4a6b85) C:\WINDOWS\system32\NetWare\NWHOST.sys
09:59:32.0734 0208 NWHOST - ok
09:59:32.0765 0208 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:59:32.0781 0208 NwlnkFlt - ok
09:59:32.0796 0208 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:59:32.0859 0208 NwlnkFwd - ok
09:59:32.0890 0208 NWSAP (2726a6792bbb080ff345ed9a8111360f) C:\WINDOWS\system32\NetWare\NWSAP.sys
09:59:32.0937 0208 NWSAP - ok
09:59:32.0953 0208 NWSIPX32 (ce2c767909949f370505db1f366fb4fd) C:\WINDOWS\system32\NetWare\nwsipx32.sys
09:59:33.0000 0208 NWSIPX32 - ok
09:59:33.0000 0208 NWSLP (0b5c354bebc5381b59a196bd7e517814) C:\WINDOWS\system32\NetWare\nwslp.sys
09:59:33.0062 0208 NWSLP - ok
09:59:33.0078 0208 NWSNS (451ee45b1e7705678001598e14229e20) C:\WINDOWS\system32\NetWare\NWSNS.sys
09:59:33.0093 0208 NWSNS - ok
09:59:33.0171 0208 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:59:33.0265 0208 ose - ok
09:59:33.0312 0208 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:59:33.0359 0208 Parport - ok
09:59:33.0375 0208 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:59:33.0421 0208 PartMgr - ok
09:59:33.0437 0208 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:59:33.0500 0208 ParVdm - ok
09:59:33.0515 0208 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:59:33.0562 0208 PCI - ok
09:59:33.0562 0208 PCIDump - ok
09:59:33.0593 0208 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:59:33.0609 0208 PCIIde - ok
09:59:33.0640 0208 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:59:33.0687 0208 Pcmcia - ok
09:59:33.0687 0208 PDCOMP - ok
09:59:33.0703 0208 PDFRAME - ok
09:59:33.0703 0208 PDRELI - ok
09:59:33.0703 0208 PDRFRAME - ok
09:59:33.0718 0208 perc2 - ok
09:59:33.0718 0208 perc2hib - ok
09:59:33.0750 0208 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:59:33.0750 0208 PlugPlay - ok
09:59:33.0781 0208 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:59:33.0781 0208 PolicyAgent - ok
09:59:33.0796 0208 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:59:33.0828 0208 PptpMiniport - ok
09:59:33.0843 0208 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:59:33.0843 0208 ProtectedStorage - ok
09:59:33.0843 0208 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:59:33.0875 0208 PSched - ok
09:59:33.0890 0208 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:59:33.0953 0208 Ptilink - ok
09:59:33.0953 0208 ql1080 - ok
09:59:33.0953 0208 Ql10wnt - ok
09:59:33.0953 0208 ql12160 - ok
09:59:33.0968 0208 ql1240 - ok
09:59:33.0968 0208 ql1280 - ok
09:59:34.0000 0208 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:59:34.0015 0208 RasAcd - ok
09:59:34.0062 0208 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:59:34.0375 0208 RasAuto - ok
09:59:34.0390 0208 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:59:34.0437 0208 Rasl2tp - ok
09:59:34.0484 0208 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:59:34.0500 0208 RasMan - ok
09:59:34.0515 0208 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:59:34.0531 0208 RasPppoe - ok
09:59:34.0531 0208 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:59:34.0562 0208 Raspti - ok
09:59:34.0578 0208 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:59:34.0609 0208 Rdbss - ok
09:59:34.0625 0208 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:59:34.0640 0208 RDPCDD - ok
09:59:34.0671 0208 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:59:34.0703 0208 rdpdr - ok
09:59:34.0734 0208 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:59:34.0765 0208 RDPWD - ok
09:59:34.0796 0208 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:59:35.0046 0208 RDSessMgr - ok
09:59:35.0078 0208 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:59:35.0343 0208 redbook - ok
09:59:35.0375 0208 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:59:35.0421 0208 RemoteAccess - ok
09:59:35.0468 0208 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:59:35.0468 0208 RemoteRegistry - ok
09:59:35.0531 0208 RESMGR (16c27d650113b0aa0c8255c561a71cd4) C:\WINDOWS\system32\NetWare\resmgr.sys
09:59:35.0578 0208 RESMGR - ok
09:59:35.0609 0208 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:59:35.0640 0208 RpcLocator - ok
09:59:35.0687 0208 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
09:59:35.0687 0208 RpcSs - ok
09:59:35.0718 0208 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:59:35.0828 0208 RSVP - ok
09:59:35.0843 0208 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:59:35.0859 0208 SamSs - ok
09:59:35.0953 0208 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\Sandra.sys
09:59:36.0000 0208 SANDRA - ok
09:59:36.0031 0208 SandraAgentSrv (46ddc984860a694d1ca838a773ff1974) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe
09:59:36.0093 0208 SandraAgentSrv - ok
09:59:36.0203 0208 SAVAdminService (05034c07b7fe3a659d78011a8e59308b) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
09:59:36.0218 0208 SAVAdminService - ok
09:59:36.0250 0208 SAVOnAccessControl (e8fa00e75ef670122a25ee361b1075e0) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
09:59:36.0281 0208 SAVOnAccessControl - ok
09:59:36.0296 0208 SAVOnAccessFilter (184d53b4dc51808d7cceda51bf0f5440) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
09:59:36.0312 0208 SAVOnAccessFilter - ok
09:59:36.0343 0208 SAVService (2e83ad127667aa4e704011f71aa1351b) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
09:59:36.0390 0208 SAVService - ok
09:59:36.0390 0208 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:59:36.0453 0208 SCardSvr - ok
09:59:36.0484 0208 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:59:36.0484 0208 Schedule - ok
09:59:36.0515 0208 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:59:36.0562 0208 Secdrv - ok
09:59:36.0609 0208 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:59:36.0609 0208 seclogon - ok
09:59:36.0640 0208 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:59:36.0640 0208 SENS - ok
09:59:36.0687 0208 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:59:36.0734 0208 serenum - ok
09:59:36.0750 0208 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:59:36.0796 0208 Serial - ok
09:59:36.0828 0208 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:59:36.0843 0208 Sfloppy - ok
09:59:36.0890 0208 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys
09:59:36.0906 0208 sfng32 - ok
09:59:36.0953 0208 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:59:37.0000 0208 SharedAccess - ok
09:59:37.0031 0208 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:59:37.0046 0208 ShellHWDetection - ok
09:59:37.0046 0208 Simbad - ok
09:59:37.0078 0208 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:59:37.0093 0208 SLIP - ok
09:59:37.0156 0208 Sophos Agent (f33b53cfc7f1e366ec00cad02d7d64bb) C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
09:59:37.0156 0208 Sophos Agent - ok
09:59:37.0250 0208 Sophos AutoUpdate Service (eee9e1702e8d20f532776c88b3818a8c) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
09:59:37.0250 0208 Sophos AutoUpdate Service - ok
09:59:37.0312 0208 Sophos Message Router (8941dd79f5700fb6a05cdbab15481962) C:\Program Files\Sophos\Remote Management System\RouterNT.exe
09:59:37.0343 0208 Sophos Message Router - ok
09:59:37.0437 0208 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
09:59:37.0468 0208 SophosBootDriver - ok
09:59:37.0468 0208 Sparrow - ok
09:59:37.0500 0208 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:59:37.0515 0208 splitter - ok
09:59:37.0562 0208 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:59:37.0562 0208 Spooler - ok
09:59:37.0593 0208 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:59:37.0625 0208 sr - ok
09:59:37.0687 0208 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:59:37.0703 0208 srservice - ok
09:59:37.0750 0208 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:59:37.0781 0208 Srv - ok
09:59:37.0843 0208 SRVLOC (95670059a852bb0633db7b096e6c8333) C:\WINDOWS\system32\NetWare\srvloc.sys
09:59:37.0953 0208 SRVLOC - ok
09:59:38.0000 0208 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:59:38.0000 0208 SSDPSRV - ok
09:59:38.0000 0208 SSPORT - ok
09:59:38.0140 0208 STacSV (719286ecee2241b5c2f0799d61cfc3a2) C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
09:59:38.0187 0208 STacSV - ok
09:59:38.0250 0208 STHDA (784b73bd9d1c0fba6ca96e8976f4b0e6) C:\WINDOWS\system32\drivers\sthda.sys
09:59:38.0500 0208 STHDA - ok
09:59:38.0546 0208 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:59:38.0562 0208 stisvc - ok
09:59:38.0593 0208 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:59:38.0640 0208 streamip - ok
09:59:38.0656 0208 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:59:38.0671 0208 swenum - ok
09:59:38.0703 0208 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:59:38.0718 0208 swmidi - ok
09:59:38.0718 0208 SwPrv - ok
09:59:38.0734 0208 symc810 - ok
09:59:38.0734 0208 symc8xx - ok
09:59:38.0734 0208 sym_hi - ok
09:59:38.0750 0208 sym_u3 - ok
09:59:38.0796 0208 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:59:38.0812 0208 sysaudio - ok
09:59:38.0828 0208 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:59:38.0890 0208 SysmonLog - ok
09:59:38.0906 0208 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:59:38.0968 0208 TapiSrv - ok
09:59:39.0015 0208 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:59:39.0093 0208 Tcpip - ok
09:59:39.0125 0208 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:59:39.0171 0208 TDPIPE - ok
09:59:39.0187 0208 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:59:39.0234 0208 TDTCP - ok
09:59:39.0265 0208 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:59:39.0281 0208 TermDD - ok
09:59:39.0343 0208 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:59:39.0359 0208 TermService - ok
09:59:39.0406 0208 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:59:39.0406 0208 Themes - ok
09:59:39.0437 0208 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:59:39.0515 0208 TlntSvr - ok
09:59:39.0531 0208 TosIde - ok
09:59:39.0546 0208 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:59:39.0546 0208 TrkWks - ok
09:59:39.0593 0208 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:59:39.0609 0208 Udfs - ok
09:59:39.0609 0208 ultra - ok
09:59:39.0671 0208 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:59:39.0703 0208 Update - ok
09:59:39.0750 0208 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:59:39.0796 0208 upnphost - ok
09:59:39.0843 0208 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:59:40.0234 0208 UPS - ok
09:59:40.0281 0208 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:59:40.0296 0208 USBAAPL - ok
09:59:40.0328 0208 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:59:40.0359 0208 usbaudio - ok
09:59:40.0390 0208 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:59:40.0437 0208 usbccgp - ok
09:59:40.0484 0208 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:59:40.0500 0208 usbehci - ok
09:59:40.0515 0208 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:59:40.0546 0208 usbhub - ok
09:59:40.0578 0208 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:59:40.0640 0208 usbprint - ok
09:59:40.0656 0208 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:59:40.0671 0208 usbscan - ok
09:59:40.0687 0208 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:59:40.0718 0208 usbstor - ok
09:59:40.0734 0208 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:59:40.0765 0208 usbuhci - ok
09:59:40.0781 0208 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:59:40.0796 0208 VgaSave - ok
09:59:40.0796 0208 ViaIde - ok
09:59:40.0828 0208 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:59:40.0843 0208 VolSnap - ok
09:59:40.0890 0208 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:59:41.0046 0208 VSS - ok
09:59:41.0062 0208 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:59:41.0078 0208 W32Time - ok
09:59:41.0125 0208 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:59:41.0140 0208 Wanarp - ok
09:59:41.0156 0208 WDICA - ok
09:59:41.0187 0208 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:59:41.0218 0208 wdmaud - ok
09:59:41.0250 0208 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:59:41.0250 0208 WebClient - ok
09:59:41.0343 0208 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:59:41.0343 0208 winmgmt - ok
09:59:41.0406 0208 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:59:41.0437 0208 WmdmPmSN - ok
09:59:41.0500 0208 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:59:41.0546 0208 Wmi - ok
09:59:41.0546 0208 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:59:42.0234 0208 WmiApSrv - ok
09:59:42.0375 0208 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:59:42.0890 0208 WMPNetworkSvc - ok
09:59:43.0046 0208 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:59:43.0437 0208 WPFFontCache_v0400 - ok
09:59:43.0515 0208 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:59:43.0562 0208 WS2IFSL - ok
09:59:43.0593 0208 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:59:43.0625 0208 wscsvc - ok
09:59:43.0640 0208 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:59:43.0671 0208 WSTCODEC - ok
09:59:43.0703 0208 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:59:43.0734 0208 wuauserv - ok
09:59:43.0765 0208 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:59:43.0796 0208 WudfPf - ok
09:59:43.0812 0208 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:59:43.0828 0208 WudfRd - ok
09:59:43.0859 0208 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:59:43.0890 0208 WudfSvc - ok
09:59:43.0953 0208 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:59:43.0984 0208 WZCSVC - ok
09:59:44.0031 0208 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:59:44.0078 0208 xmlprov - ok
09:59:44.0093 0208 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:59:44.0250 0208 \Device\Harddisk0\DR0 - ok
09:59:44.0250 0208 Boot (0x1200) (ed1c81a7d9a9811e40c2167c0aeef81e) \Device\Harddisk0\DR0\Partition0
09:59:44.0250 0208 \Device\Harddisk0\DR0\Partition0 - ok
09:59:44.0250 0208 ============================================================
09:59:44.0250 0208 Scan finished
09:59:44.0250 0208 ============================================================
09:59:44.0265 1860 Detected object count: 0
09:59:44.0265 1860 Actual detected object count: 0

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-03 10:05:21
-----------------------------
10:05:21.187 OS Version: Windows 5.1.2600 Service Pack 3
10:05:21.187 Number of processors: 2 586 0xF06
10:05:21.187 ComputerName: xxxx UserName: xxxx
10:05:21.562 Initialize success
10:18:18.906 AVAST engine defs: 12050300
10:18:58.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:18:58.125 Disk 0 Vendor: WDC_WD800JD-00MSA1 10.01E01 Size: 76318MB BusType: 3
10:18:58.140 Disk 0 MBR read successfully
10:18:58.140 Disk 0 MBR scan
10:18:58.375 Disk 0 Windows XP default MBR code
10:18:58.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
10:18:58.390 Disk 0 scanning sectors +156280320
10:18:58.546 Disk 0 scanning C:\WINDOWS\system32\drivers
10:19:47.281 Service scanning
10:20:29.375 Modules scanning
10:20:38.984 Disk 0 trace - called modules:
10:20:39.000 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:20:39.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d85030]
10:20:39.031 3 CLASSPNP.SYS[f8534fd7] -> nt!IofCallDriver -> \Device\00000067[0x82d86188]
10:20:39.031 5 ACPI.sys[f83cb620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x82d66d98]
10:20:39.656 AVAST engine scan C:\WINDOWS
10:22:01.015 AVAST engine scan C:\WINDOWS\system32
10:35:05.296 AVAST engine scan C:\WINDOWS\system32\drivers
10:35:49.937 AVAST engine scan C:\Documents and Settings\xxxx
10:43:19.015 AVAST engine scan C:\Documents and Settings\All Users
10:47:28.531 Scan finished successfully
11:26:11.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\cumhey\Desktop\MBR.dat"
11:26:11.656 The log file has been saved successfully to "C:\Documents and Settings\cumhey\Desktop\aswMBR.txt"

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 03 May 2012 - 09:34 PM

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 06 May 2012 - 03:58 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 08 May 2012 - 11:22 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 11 May 2012 - 11:11 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 16 May 2012 - 06:34 PM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 CalJon

CalJon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 17 May 2012 - 12:19 PM

Hi Gringo and all,

Just back from the east coast and swamped so please be patient.
I'll need to take this in steps.

(1) computer still seems to be OK

(2) Java was recently updated (post infection)
It seemed to have malicious files in it.
the remove program (in add/remove) seemed useless
entire directories were left behind
so I deleted them by hand
and then installed the latest
JAVA IS MOST DEFINITELY A SOURCE OF ENTRY FOR THESE TERRORISTS

QUESTION: Does Revo Uninstaller do a complete job of cleaning up ?
ie., remove ALL directories and ALL registry entries ??

I will update reader
clean temps
and send MBAM & HJT logs as soon as I can.

- Jon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users