Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus inside


  • This topic is locked This topic is locked
16 replies to this topic

#1 xVanished

xVanished

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 04 May 2012 - 09:30 PM

Scans are finding viruses, trojans, etc. I removed them with numerous programs.
Computer is also slow, freezing, and programs will not load fully and properly.
DDS wouldnt download on my computer, I have the other two logs though as followed.

HiJack Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:48:43 PM, on 5/4/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c99c20f81df850) (gupdate1c99c20f81df850) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6634 bytes

GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-04 22:29:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000052 Hitachi_ rev.GM4O
Running: mtv69gxy.exe; Driver: C:\Users\john\AppData\Local\Temp\ugldypog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text  C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                        section is writeable [0x8EA03340, 0x3DA8C7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtCreateFile + 6               770F424A 4 Bytes  [28, 00, 21, 00] {SUB [EAX], AL; AND [EAX], EAX}
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtCreateFile + B               770F424F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtMapViewOfSection + 6         770F499A 1 Byte  [28]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtMapViewOfSection + 6         770F499A 4 Bytes  [28, 03, 21, 00] {SUB [EBX], AL; AND [EAX], EAX}
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtMapViewOfSection + B         770F499F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenFile + 6                 770F4A2A 4 Bytes  [68, 00, 21, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenFile + B                 770F4A2F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcess + 6              770F4AAA 4 Bytes  [A8, 01, 21, 00] {TEST AL, 0x1; AND [EAX], EAX}
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcess + B              770F4AAF 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcessToken + B         770F4ABF 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcessTokenEx + 6       770F4ACA 4 Bytes  [A8, 02, 21, 00] {TEST AL, 0x2; AND [EAX], EAX}
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenProcessTokenEx + B       770F4ACF 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThread + 6               770F4B1A 4 Bytes  [68, 01, 21, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThread + B               770F4B1F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThreadToken + 6          770F4B2A 4 Bytes  [68, 02, 21, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThreadToken + B          770F4B2F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtOpenThreadTokenEx + B        770F4B3F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtQueryAttributesFile + 6      770F4BCA 4 Bytes  [A8, 00, 21, 00] {TEST AL, 0x0; AND [EAX], EAX}
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtQueryAttributesFile + B      770F4BCF 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtQueryFullAttributesFile + B  770F4C7F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationFile + 6       770F515A 4 Bytes  [28, 01, 21, 00] {SUB [ECX], AL; AND [EAX], EAX}
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationFile + B       770F515F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationThread + 6     770F51AA 4 Bytes  [28, 02, 21, 00] {SUB [EDX], AL; AND [EAX], EAX}
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtSetInformationThread + B     770F51AF 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtUnmapViewOfSection + 6       770F544A 1 Byte  [68]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtUnmapViewOfSection + 6       770F544A 4 Bytes  [68, 03, 21, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[1300] ntdll.dll!NtUnmapViewOfSection + B       770F544F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtCreateFile + 6               770F424A 4 Bytes  [28, 00, 0F, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtCreateFile + B               770F424F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtMapViewOfSection + 6         770F499A 1 Byte  [28]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtMapViewOfSection + 6         770F499A 4 Bytes  [28, 03, 0F, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtMapViewOfSection + B         770F499F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenFile + 6                 770F4A2A 4 Bytes  [68, 00, 0F, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenFile + B                 770F4A2F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcess + 6              770F4AAA 4 Bytes  [A8, 01, 0F, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcess + B              770F4AAF 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessToken + B         770F4ABF 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessTokenEx + 6       770F4ACA 4 Bytes  [A8, 02, 0F, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessTokenEx + B       770F4ACF 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThread + 6               770F4B1A 4 Bytes  [68, 01, 0F, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThread + B               770F4B1F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadToken + 6          770F4B2A 4 Bytes  [68, 02, 0F, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadToken + B          770F4B2F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadTokenEx + B        770F4B3F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryAttributesFile + 6      770F4BCA 4 Bytes  [A8, 00, 0F, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryAttributesFile + B      770F4BCF 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryFullAttributesFile + B  770F4C7F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationFile + 6       770F515A 4 Bytes  [28, 01, 0F, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationFile + B       770F515F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationThread + 6     770F51AA 4 Bytes  [28, 02, 0F, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationThread + B     770F51AF 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtUnmapViewOfSection + 6       770F544A 1 Byte  [68]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtUnmapViewOfSection + 6       770F544A 4 Bytes  [68, 03, 0F, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtUnmapViewOfSection + B       770F544F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtCreateFile + 6               770F424A 4 Bytes  [28, 00, 48, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtCreateFile + B               770F424F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtMapViewOfSection + 6         770F499A 1 Byte  [28]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtMapViewOfSection + 6         770F499A 4 Bytes  [28, 03, 48, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtMapViewOfSection + B         770F499F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenFile + 6                 770F4A2A 4 Bytes  [68, 00, 48, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenFile + B                 770F4A2F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcess + 6              770F4AAA 4 Bytes  [A8, 01, 48, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcess + B              770F4AAF 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessToken + B         770F4ABF 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessTokenEx + 6       770F4ACA 4 Bytes  [A8, 02, 48, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenProcessTokenEx + B       770F4ACF 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThread + 6               770F4B1A 4 Bytes  [68, 01, 48, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThread + B               770F4B1F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadToken + 6          770F4B2A 4 Bytes  [68, 02, 48, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadToken + B          770F4B2F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtOpenThreadTokenEx + B        770F4B3F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryAttributesFile + 6      770F4BCA 4 Bytes  [A8, 00, 48, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryAttributesFile + B      770F4BCF 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtQueryFullAttributesFile + B  770F4C7F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationFile + 6       770F515A 4 Bytes  [28, 01, 48, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationFile + B       770F515F 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationThread + 6     770F51AA 4 Bytes  [28, 02, 48, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtSetInformationThread + B     770F51AF 1 Byte  [E2]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtUnmapViewOfSection + 6       770F544A 1 Byte  [68]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtUnmapViewOfSection + 6       770F544A 4 Bytes  [68, 03, 48, 00]
.text  C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe[3628] ntdll.dll!NtUnmapViewOfSection + B       770F544F 1 Byte  [E2]

''No act of kindness, no matter how small, is ever wasted. ''
Posted Image


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 04 May 2012 - 10:18 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 xVanished

xVanished
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 04 May 2012 - 10:45 PM

Computer can fine normal mode fine, but when I try doing certain actions it goes crazy at times.
Can't play League of Legends because of some error report :( </3


Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
Java™ 6 Update 31
Java™ SE Runtime Environment 6 Update 1
Adobe Flash Player 11.1.102.62
Adobe Reader X (10.1.2)
Mozilla Firefox (3.0.19) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
``````````End of Log````````````





ComboFix 12-05-04.03 - john 05/04/2012 23:35:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2942.1224 [GMT -4:00]
Running from: c:\users\john\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\INSTALL.LOG
c:\windows\system32\Email.exe
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\system32\regobj.dll
c:\windows\system32\system
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 03:40 . 2012-05-05 03:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-05 01:43 . 2012-05-05 01:43 388096 ----a-r- c:\users\john\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-05 01:43 . 2012-05-05 01:43 -------- d-----w- c:\program files\Trend Micro
2012-05-04 16:13 . 2012-05-04 16:13 -------- d-----w- c:\users\john\AppData\Roaming\Anvisoft
2012-05-04 16:12 . 2012-05-05 01:31 -------- d-----w- c:\program files\Anvisoft
2012-05-03 22:11 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE269C54-A7F1-4961-A771-FA9F63D52461}\mpengine.dll
2012-05-03 01:30 . 2012-05-03 01:30 -------- d-----w- c:\program files\AVAST Software
2012-05-02 05:56 . 2012-05-02 05:56 -------- d-----w- c:\users\john\AppData\Roaming\LolClient
2012-05-02 05:31 . 2008-07-31 14:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2012-05-02 05:31 . 2008-07-31 14:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2012-05-02 05:31 . 2008-07-12 12:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-05-02 05:31 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-05-02 05:31 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-05-02 05:25 . 2012-05-02 05:26 -------- d-----w- C:\Riot Games
2012-05-02 04:37 . 2012-05-02 04:36 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-05-02 04:37 . 2012-05-02 04:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-02 04:06 . 2012-05-05 01:33 -------- d-----w- c:\program files\Pando Networks
2012-04-12 07:07 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:07 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:07 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:07 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:07 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 07:07 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:01 . 2012-04-12 07:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-12 02:50 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 15:02 . 2011-05-16 11:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2009-10-03 09:30 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-14 15:45 . 2012-03-13 19:42 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 19:42 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-13 19:42 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-13 19:42 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-13 19:42 1068544 ----a-w- c:\windows\system32\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iso data fast cast]
c:\programdata\Hope Heck 16.di2rf [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mapi Owns]
c:\programdata\logoholehole.4kbdknr [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 12:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-12-26 14:32 133104 ----atw- c:\users\john\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 20:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - UGLDYPOG
*Deregistered* - ugldypog
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:55]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:55]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3362315218-3296876214-747463326-1000Core.job
- c:\users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-26 14:32]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3362315218-3296876214-747463326-1000UA.job
- c:\users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-26 14:32]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\l5l6121a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2535290&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6fd10923-dcba-4fd6-b0fa-a12e23008c88%7D&mid=5e09df67aea447d181f9d16b53c1c057-926ab491d97ab3adef45c912479a084423daacbf&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-04%2012%3A02%3A14&sap=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Anvi Smart Defender - c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-04 23:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-04 23:43:42
ComboFix-quarantined-files.txt 2012-05-05 03:43
.
Pre-Run: 303,796,994,048 bytes free
Post-Run: 303,710,105,600 bytes free
.
- - End Of File - - CBAC5BFE10024CCF5FF61088E01C8967

''No act of kindness, no matter how small, is ever wasted. ''
Posted Image


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 04 May 2012 - 10:54 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 xVanished

xVanished
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 04 May 2012 - 11:28 PM

23:56:26.0724 5120 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
23:56:26.0989 5120 ============================================================
23:56:26.0989 5120 Current date / time: 2012/05/04 23:56:26.0989
23:56:26.0989 5120 SystemInfo:
23:56:26.0989 5120
23:56:26.0989 5120 OS Version: 6.0.6002 ServicePack: 2.0
23:56:26.0989 5120 Product type: Workstation
23:56:26.0989 5120 ComputerName: MAIN
23:56:26.0989 5120 UserName: john
23:56:26.0989 5120 Windows directory: C:\Windows
23:56:26.0989 5120 System windows directory: C:\Windows
23:56:26.0989 5120 Processor architecture: Intel x86
23:56:26.0989 5120 Number of processors: 2
23:56:26.0989 5120 Page size: 0x1000
23:56:26.0989 5120 Boot type: Normal boot
23:56:26.0989 5120 ============================================================
23:56:27.0317 5120 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:56:27.0488 5120 ============================================================
23:56:27.0488 5120 \Device\Harddisk0\DR0:
23:56:27.0488 5120 MBR partitions:
23:56:27.0488 5120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38F04F48
23:56:27.0488 5120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x38F04F87, BlocksNum 0x147FCBA
23:56:27.0488 5120 ============================================================
23:56:27.0504 5120 C: <-> \Device\Harddisk0\DR0\Partition0
23:56:27.0566 5120 D: <-> \Device\Harddisk0\DR0\Partition1
23:56:27.0566 5120 ============================================================
23:56:27.0566 5120 Initialize success
23:56:27.0566 5120 ============================================================
23:56:32.0496 1464 ============================================================
23:56:32.0496 1464 Scan started
23:56:32.0496 1464 Mode: Manual;
23:56:32.0496 1464 ============================================================
23:56:32.0886 1464 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:56:32.0886 1464 ACPI - ok
23:56:32.0948 1464 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:56:32.0948 1464 AdobeARMservice - ok
23:56:32.0995 1464 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:56:32.0995 1464 adp94xx - ok
23:56:33.0026 1464 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:56:33.0026 1464 adpahci - ok
23:56:33.0042 1464 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:56:33.0058 1464 adpu160m - ok
23:56:33.0073 1464 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:56:33.0073 1464 adpu320 - ok
23:56:33.0104 1464 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
23:56:33.0104 1464 AeLookupSvc - ok
23:56:33.0151 1464 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:56:33.0151 1464 AFD - ok
23:56:33.0198 1464 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:56:33.0198 1464 agp440 - ok
23:56:33.0229 1464 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:56:33.0229 1464 aic78xx - ok
23:56:33.0260 1464 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
23:56:33.0260 1464 ALG - ok
23:56:33.0292 1464 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:56:33.0292 1464 aliide - ok
23:56:33.0323 1464 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:56:33.0323 1464 amdagp - ok
23:56:33.0354 1464 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:56:33.0354 1464 amdide - ok
23:56:33.0370 1464 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:56:33.0370 1464 AmdK7 - ok
23:56:33.0385 1464 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
23:56:33.0385 1464 AmdK8 - ok
23:56:33.0416 1464 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
23:56:33.0416 1464 Appinfo - ok
23:56:33.0480 1464 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:56:33.0481 1464 Apple Mobile Device - ok
23:56:33.0516 1464 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:56:33.0516 1464 arc - ok
23:56:33.0553 1464 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:56:33.0554 1464 arcsas - ok
23:56:33.0577 1464 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:56:33.0577 1464 AsyncMac - ok
23:56:33.0595 1464 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:56:33.0596 1464 atapi - ok
23:56:33.0634 1464 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:56:33.0638 1464 AudioEndpointBuilder - ok
23:56:33.0645 1464 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:56:33.0648 1464 Audiosrv - ok
23:56:33.0684 1464 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:56:33.0684 1464 Beep - ok
23:56:33.0784 1464 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
23:56:33.0788 1464 BFE - ok
23:56:33.0860 1464 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
23:56:33.0867 1464 BITS - ok
23:56:33.0907 1464 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:56:33.0908 1464 blbdrive - ok
23:56:33.0931 1464 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:56:33.0932 1464 bowser - ok
23:56:33.0952 1464 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:56:33.0953 1464 BrFiltLo - ok
23:56:33.0964 1464 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:56:33.0964 1464 BrFiltUp - ok
23:56:33.0989 1464 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
23:56:33.0990 1464 Browser - ok
23:56:34.0008 1464 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:56:34.0009 1464 Brserid - ok
23:56:34.0032 1464 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:56:34.0033 1464 BrSerWdm - ok
23:56:34.0045 1464 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:56:34.0045 1464 BrUsbMdm - ok
23:56:34.0057 1464 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:56:34.0058 1464 BrUsbSer - ok
23:56:34.0066 1464 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:56:34.0066 1464 BTHMODEM - ok
23:56:34.0153 1464 catchme - ok
23:56:34.0180 1464 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:56:34.0181 1464 cdfs - ok
23:56:34.0221 1464 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:56:34.0222 1464 cdrom - ok
23:56:34.0259 1464 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:56:34.0260 1464 CertPropSvc - ok
23:56:34.0288 1464 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
23:56:34.0288 1464 circlass - ok
23:56:34.0320 1464 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:56:34.0323 1464 CLFS - ok
23:56:34.0356 1464 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:56:34.0358 1464 clr_optimization_v2.0.50727_32 - ok
23:56:34.0409 1464 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:56:34.0411 1464 clr_optimization_v4.0.30319_32 - ok
23:56:34.0432 1464 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:56:34.0432 1464 cmdide - ok
23:56:34.0456 1464 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
23:56:34.0457 1464 Compbatt - ok
23:56:34.0460 1464 COMSysApp - ok
23:56:34.0510 1464 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:56:34.0510 1464 crcdisk - ok
23:56:34.0526 1464 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:56:34.0526 1464 Crusoe - ok
23:56:34.0572 1464 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
23:56:34.0572 1464 CryptSvc - ok
23:56:34.0604 1464 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:56:34.0604 1464 DcomLaunch - ok
23:56:34.0650 1464 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:56:34.0650 1464 DfsC - ok
23:56:34.0791 1464 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
23:56:34.0806 1464 DFSR - ok
23:56:34.0916 1464 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
23:56:34.0931 1464 Dhcp - ok
23:56:34.0978 1464 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:56:34.0978 1464 disk - ok
23:56:35.0072 1464 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
23:56:35.0072 1464 Dnscache - ok
23:56:35.0165 1464 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
23:56:35.0165 1464 dot3svc - ok
23:56:35.0212 1464 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
23:56:35.0212 1464 Dot4 - ok
23:56:35.0243 1464 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:56:35.0243 1464 Dot4Print - ok
23:56:35.0274 1464 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
23:56:35.0274 1464 dot4usb - ok
23:56:35.0321 1464 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
23:56:35.0321 1464 DPS - ok
23:56:35.0384 1464 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:56:35.0384 1464 drmkaud - ok
23:56:35.0430 1464 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:56:35.0430 1464 DXGKrnl - ok
23:56:35.0477 1464 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:56:35.0477 1464 E1G60 - ok
23:56:35.0493 1464 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
23:56:35.0493 1464 EapHost - ok
23:56:35.0524 1464 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:56:35.0524 1464 Ecache - ok
23:56:35.0586 1464 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
23:56:35.0586 1464 ehRecvr - ok
23:56:35.0602 1464 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
23:56:35.0618 1464 ehSched - ok
23:56:35.0649 1464 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
23:56:35.0649 1464 ehstart - ok
23:56:35.0696 1464 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:56:35.0696 1464 elxstor - ok
23:56:35.0742 1464 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
23:56:35.0758 1464 EMDMgmt - ok
23:56:35.0820 1464 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:56:35.0820 1464 ErrDev - ok
23:56:35.0883 1464 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
23:56:35.0898 1464 EventSystem - ok
23:56:35.0992 1464 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:56:35.0992 1464 exfat - ok
23:56:36.0054 1464 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:56:36.0054 1464 fastfat - ok
23:56:36.0117 1464 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:56:36.0117 1464 fdc - ok
23:56:36.0164 1464 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
23:56:36.0164 1464 fdPHost - ok
23:56:36.0195 1464 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
23:56:36.0195 1464 FDResPub - ok
23:56:36.0226 1464 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:56:36.0226 1464 FileInfo - ok
23:56:36.0242 1464 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:56:36.0242 1464 Filetrace - ok
23:56:36.0257 1464 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:56:36.0257 1464 flpydisk - ok
23:56:36.0304 1464 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:56:36.0304 1464 FltMgr - ok
23:56:36.0382 1464 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
23:56:36.0398 1464 FontCache - ok
23:56:36.0444 1464 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:56:36.0444 1464 FontCache3.0.0.0 - ok
23:56:36.0476 1464 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
23:56:36.0476 1464 Fs_Rec - ok
23:56:36.0507 1464 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:56:36.0507 1464 gagp30kx - ok
23:56:36.0522 1464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:56:36.0522 1464 GEARAspiWDM - ok
23:56:36.0585 1464 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
23:56:36.0600 1464 gpsvc - ok
23:56:36.0663 1464 gupdate1c99c20f81df850 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
23:56:36.0663 1464 gupdate1c99c20f81df850 - ok
23:56:36.0663 1464 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
23:56:36.0678 1464 gupdatem - ok
23:56:36.0725 1464 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:56:36.0725 1464 HDAudBus - ok
23:56:36.0756 1464 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:56:36.0756 1464 HidBth - ok
23:56:36.0803 1464 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:56:36.0803 1464 HidIr - ok
23:56:36.0834 1464 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
23:56:36.0834 1464 hidserv - ok
23:56:36.0866 1464 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:56:36.0866 1464 HidUsb - ok
23:56:36.0897 1464 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
23:56:36.0897 1464 hkmsvc - ok
23:56:36.0959 1464 HP Health Check Service (cb383ab0b8ba871d893b86d3c9a3ed9f) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
23:56:36.0959 1464 HP Health Check Service - ok
23:56:36.0990 1464 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:56:37.0006 1464 HpCISSs - ok
23:56:37.0084 1464 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:56:37.0084 1464 hpqcxs08 - ok
23:56:37.0146 1464 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:56:37.0146 1464 hpqddsvc - ok
23:56:37.0240 1464 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
23:56:37.0256 1464 HPSLPSVC - ok
23:56:37.0349 1464 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
23:56:37.0365 1464 HSF_DP - ok
23:56:37.0412 1464 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
23:56:37.0412 1464 HSXHWBS2 - ok
23:56:37.0458 1464 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:56:37.0458 1464 HTTP - ok
23:56:37.0490 1464 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:56:37.0490 1464 i2omp - ok
23:56:37.0505 1464 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:56:37.0505 1464 i8042prt - ok
23:56:37.0536 1464 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:56:37.0536 1464 iaStorV - ok
23:56:37.0599 1464 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:56:37.0614 1464 idsvc - ok
23:56:37.0630 1464 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:56:37.0630 1464 iirsp - ok
23:56:37.0646 1464 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
23:56:37.0661 1464 IKEEXT - ok
23:56:37.0770 1464 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
23:56:37.0786 1464 IntcAzAudAddService - ok
23:56:37.0895 1464 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:56:37.0895 1464 intelide - ok
23:56:37.0911 1464 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:56:37.0911 1464 intelppm - ok
23:56:37.0942 1464 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
23:56:37.0942 1464 IPBusEnum - ok
23:56:37.0973 1464 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:56:37.0973 1464 IpFilterDriver - ok
23:56:38.0004 1464 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
23:56:38.0004 1464 iphlpsvc - ok
23:56:38.0020 1464 IpInIp - ok
23:56:38.0051 1464 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:56:38.0051 1464 IPMIDRV - ok
23:56:38.0082 1464 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:56:38.0082 1464 IPNAT - ok
23:56:38.0160 1464 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
23:56:38.0160 1464 iPod Service - ok
23:56:38.0176 1464 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:56:38.0176 1464 IRENUM - ok
23:56:38.0223 1464 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:56:38.0223 1464 isapnp - ok
23:56:38.0254 1464 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:56:38.0254 1464 iScsiPrt - ok
23:56:38.0270 1464 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:56:38.0270 1464 iteatapi - ok
23:56:38.0285 1464 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:56:38.0285 1464 iteraid - ok
23:56:38.0301 1464 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:56:38.0301 1464 kbdclass - ok
23:56:38.0332 1464 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
23:56:38.0332 1464 kbdhid - ok
23:56:38.0348 1464 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:56:38.0348 1464 KeyIso - ok
23:56:38.0379 1464 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
23:56:38.0394 1464 KSecDD - ok
23:56:38.0426 1464 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
23:56:38.0441 1464 KtmRm - ok
23:56:38.0457 1464 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
23:56:38.0457 1464 LanmanServer - ok
23:56:38.0504 1464 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
23:56:38.0504 1464 LanmanWorkstation - ok
23:56:38.0535 1464 libusb0 (b280c4608ac389da9515a35ac4cab0fd) C:\Windows\system32\drivers\libusb0.sys
23:56:38.0535 1464 libusb0 - ok
23:56:38.0597 1464 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:56:38.0597 1464 LightScribeService - ok
23:56:38.0613 1464 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:56:38.0613 1464 lltdio - ok
23:56:38.0660 1464 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
23:56:38.0660 1464 lltdsvc - ok
23:56:38.0675 1464 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
23:56:38.0691 1464 lmhosts - ok
23:56:38.0722 1464 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:56:38.0722 1464 LSI_FC - ok
23:56:38.0738 1464 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:56:38.0738 1464 LSI_SAS - ok
23:56:38.0784 1464 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:56:38.0800 1464 LSI_SCSI - ok
23:56:38.0816 1464 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:56:38.0816 1464 luafv - ok
23:56:38.0831 1464 LVcKap - ok
23:56:38.0831 1464 LVMVDrv - ok
23:56:38.0847 1464 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\Windows\system32\Drivers\LVPr2Mon.sys
23:56:38.0862 1464 LVPr2Mon - ok
23:56:38.0894 1464 LVPrcSrv (ff23862146a682fcc3dbaa002e22f958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
23:56:38.0894 1464 LVPrcSrv - ok
23:56:38.0940 1464 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\Windows\system32\DRIVERS\lvrs.sys
23:56:38.0956 1464 LVRS - ok
23:56:38.0972 1464 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys
23:56:38.0972 1464 LVUSBSta - ok
23:56:39.0003 1464 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
23:56:39.0003 1464 Mcx2Svc - ok
23:56:39.0034 1464 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:56:39.0034 1464 mdmxsdk - ok
23:56:39.0050 1464 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:56:39.0050 1464 megasas - ok
23:56:39.0081 1464 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:56:39.0081 1464 MegaSR - ok
23:56:39.0143 1464 Microsoft SharePoint Workspace Audit Service - ok
23:56:39.0159 1464 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:56:39.0159 1464 MMCSS - ok
23:56:39.0174 1464 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:56:39.0174 1464 Modem - ok
23:56:39.0206 1464 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:56:39.0206 1464 monitor - ok
23:56:39.0206 1464 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:56:39.0206 1464 mouclass - ok
23:56:39.0221 1464 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:56:39.0221 1464 mouhid - ok
23:56:39.0237 1464 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:56:39.0237 1464 MountMgr - ok
23:56:39.0252 1464 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:56:39.0252 1464 mpio - ok
23:56:39.0268 1464 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:56:39.0268 1464 mpsdrv - ok
23:56:39.0299 1464 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
23:56:39.0299 1464 MpsSvc - ok
23:56:39.0330 1464 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:56:39.0330 1464 Mraid35x - ok
23:56:39.0377 1464 MREMP50 - ok
23:56:39.0377 1464 MREMP50a64 - ok
23:56:39.0377 1464 MRESP50 - ok
23:56:39.0393 1464 MRESP50a64 - ok
23:56:39.0424 1464 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:56:39.0424 1464 MRxDAV - ok
23:56:39.0440 1464 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:56:39.0440 1464 mrxsmb - ok
23:56:39.0486 1464 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:56:39.0502 1464 mrxsmb10 - ok
23:56:39.0502 1464 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:56:39.0502 1464 mrxsmb20 - ok
23:56:39.0518 1464 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
23:56:39.0518 1464 msahci - ok
23:56:39.0533 1464 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:56:39.0533 1464 msdsm - ok
23:56:39.0564 1464 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
23:56:39.0564 1464 MSDTC - ok
23:56:39.0580 1464 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:56:39.0580 1464 Msfs - ok
23:56:39.0596 1464 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:56:39.0596 1464 msisadrv - ok
23:56:39.0611 1464 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
23:56:39.0611 1464 MSiSCSI - ok
23:56:39.0627 1464 msiserver - ok
23:56:39.0627 1464 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:56:39.0642 1464 MSKSSRV - ok
23:56:39.0642 1464 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:56:39.0642 1464 MSPCLOCK - ok
23:56:39.0642 1464 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:56:39.0642 1464 MSPQM - ok
23:56:39.0689 1464 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:56:39.0689 1464 MsRPC - ok
23:56:39.0689 1464 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:56:39.0689 1464 mssmbios - ok
23:56:39.0705 1464 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:56:39.0705 1464 MSTEE - ok
23:56:39.0720 1464 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:56:39.0720 1464 Mup - ok
23:56:39.0736 1464 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
23:56:39.0752 1464 napagent - ok
23:56:39.0783 1464 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:56:39.0783 1464 NativeWifiP - ok
23:56:39.0830 1464 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:56:39.0845 1464 NDIS - ok
23:56:39.0861 1464 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:56:39.0861 1464 NdisTapi - ok
23:56:39.0876 1464 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:56:39.0876 1464 Ndisuio - ok
23:56:39.0908 1464 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:56:39.0908 1464 NdisWan - ok
23:56:39.0908 1464 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:56:39.0908 1464 NDProxy - ok
23:56:39.0954 1464 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\Windows\system32\HPZinw12.dll
23:56:39.0954 1464 Net Driver HPZ12 - ok
23:56:39.0954 1464 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:56:39.0954 1464 NetBIOS - ok
23:56:39.0986 1464 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:56:39.0986 1464 netbt - ok
23:56:40.0001 1464 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:56:40.0001 1464 Netlogon - ok
23:56:40.0032 1464 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
23:56:40.0032 1464 Netman - ok
23:56:40.0048 1464 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
23:56:40.0064 1464 netprofm - ok
23:56:40.0110 1464 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:56:40.0110 1464 NetTcpPortSharing - ok
23:56:40.0126 1464 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:56:40.0142 1464 nfrd960 - ok
23:56:40.0157 1464 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
23:56:40.0157 1464 NlaSvc - ok
23:56:40.0188 1464 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:56:40.0188 1464 Npfs - ok
23:56:40.0204 1464 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
23:56:40.0204 1464 nsi - ok
23:56:40.0220 1464 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:56:40.0220 1464 nsiproxy - ok
23:56:40.0282 1464 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:56:40.0282 1464 Ntfs - ok
23:56:40.0313 1464 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:56:40.0313 1464 ntrigdigi - ok
23:56:40.0329 1464 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:56:40.0329 1464 Null - ok
23:56:40.0407 1464 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
23:56:40.0407 1464 NVENETFD - ok
23:56:40.0688 1464 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:56:40.0750 1464 nvlddmkm - ok
23:56:40.0844 1464 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:56:40.0844 1464 nvraid - ok
23:56:40.0875 1464 nvrd32 (0d15327134e5871c922760acd7449e84) C:\Windows\system32\drivers\nvrd32.sys
23:56:40.0875 1464 nvrd32 - ok
23:56:40.0890 1464 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\drivers\nvsmu.sys
23:56:40.0890 1464 nvsmu - ok
23:56:40.0906 1464 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:56:40.0906 1464 nvstor - ok
23:56:40.0937 1464 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\drivers\nvstor32.sys
23:56:40.0937 1464 nvstor32 - ok
23:56:40.0984 1464 nvsvc (cf7769f13b3ecc5e2bf1b3d1c5831ae8) C:\Windows\system32\nvvsvc.exe
23:56:40.0984 1464 nvsvc - ok
23:56:41.0015 1464 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:56:41.0015 1464 nv_agp - ok
23:56:41.0015 1464 NwlnkFlt - ok
23:56:41.0031 1464 NwlnkFwd - ok
23:56:41.0078 1464 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
23:56:41.0078 1464 ohci1394 - ok
23:56:41.0140 1464 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:56:41.0140 1464 ose - ok
23:56:41.0312 1464 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:56:41.0327 1464 osppsvc - ok
23:56:41.0421 1464 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:56:41.0421 1464 p2pimsvc - ok
23:56:41.0436 1464 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:56:41.0436 1464 p2psvc - ok
23:56:41.0483 1464 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:56:41.0483 1464 Parport - ok
23:56:41.0514 1464 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:56:41.0514 1464 partmgr - ok
23:56:41.0530 1464 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:56:41.0530 1464 Parvdm - ok
23:56:41.0546 1464 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
23:56:41.0546 1464 PcaSvc - ok
23:56:41.0561 1464 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:56:41.0561 1464 pci - ok
23:56:41.0592 1464 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
23:56:41.0592 1464 pciide - ok
23:56:41.0608 1464 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:56:41.0608 1464 pcmcia - ok
23:56:41.0655 1464 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:56:41.0655 1464 PEAUTH - ok
23:56:41.0686 1464 pepifilter (4349c7dc0c982cffc11946fff20f8524) C:\Windows\system32\DRIVERS\lv302af.sys
23:56:41.0686 1464 pepifilter - ok
23:56:41.0811 1464 PID_PEPI (4fc23dae30ef4f6a2952cd93104909e7) C:\Windows\system32\DRIVERS\LV302V32.SYS
23:56:41.0826 1464 PID_PEPI - ok
23:56:41.0936 1464 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
23:56:41.0951 1464 pla - ok
23:56:41.0998 1464 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
23:56:41.0998 1464 PlugPlay - ok
23:56:42.0029 1464 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\Windows\system32\HPZipm12.dll
23:56:42.0029 1464 Pml Driver HPZ12 - ok
23:56:42.0060 1464 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:56:42.0076 1464 PNRPAutoReg - ok
23:56:42.0076 1464 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:56:42.0076 1464 PNRPsvc - ok
23:56:42.0107 1464 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
23:56:42.0123 1464 PolicyAgent - ok
23:56:42.0185 1464 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:56:42.0185 1464 PptpMiniport - ok
23:56:42.0201 1464 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:56:42.0201 1464 Processor - ok
23:56:42.0216 1464 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
23:56:42.0232 1464 ProfSvc - ok
23:56:42.0248 1464 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:56:42.0248 1464 ProtectedStorage - ok
23:56:42.0263 1464 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:56:42.0263 1464 PSched - ok
23:56:42.0310 1464 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:56:42.0326 1464 ql2300 - ok
23:56:42.0341 1464 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:56:42.0341 1464 ql40xx - ok
23:56:42.0372 1464 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
23:56:42.0372 1464 QWAVE - ok
23:56:42.0388 1464 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:56:42.0388 1464 QWAVEdrv - ok
23:56:42.0419 1464 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:56:42.0419 1464 RasAcd - ok
23:56:42.0435 1464 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
23:56:42.0435 1464 RasAuto - ok
23:56:42.0450 1464 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:56:42.0450 1464 Rasl2tp - ok
23:56:42.0560 1464 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
23:56:42.0606 1464 RasMan - ok
23:56:42.0622 1464 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:56:42.0622 1464 RasPppoe - ok
23:56:42.0653 1464 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:56:42.0653 1464 RasSstp - ok
23:56:42.0669 1464 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:56:42.0669 1464 rdbss - ok
23:56:42.0684 1464 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:56:42.0700 1464 RDPCDD - ok
23:56:42.0716 1464 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
23:56:42.0731 1464 rdpdr - ok
23:56:42.0747 1464 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:56:42.0747 1464 RDPENCDD - ok
23:56:42.0778 1464 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
23:56:42.0778 1464 RDPWD - ok
23:56:42.0840 1464 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
23:56:42.0840 1464 RemoteAccess - ok
23:56:42.0872 1464 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
23:56:42.0872 1464 RemoteRegistry - ok
23:56:42.0934 1464 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
23:56:42.0934 1464 Revoflt - ok
23:56:42.0950 1464 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
23:56:42.0950 1464 RpcLocator - ok
23:56:42.0981 1464 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:56:42.0996 1464 RpcSs - ok
23:56:43.0028 1464 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:56:43.0028 1464 rspndr - ok
23:56:43.0059 1464 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:56:43.0059 1464 SamSs - ok
23:56:43.0090 1464 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:56:43.0090 1464 sbp2port - ok
23:56:43.0137 1464 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
23:56:43.0137 1464 SCardSvr - ok
23:56:43.0168 1464 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
23:56:43.0184 1464 Schedule - ok
23:56:43.0199 1464 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:56:43.0199 1464 SCPolicySvc - ok
23:56:43.0230 1464 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
23:56:43.0230 1464 SDRSVC - ok
23:56:43.0246 1464 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:56:43.0246 1464 secdrv - ok
23:56:43.0262 1464 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
23:56:43.0262 1464 seclogon - ok
23:56:43.0277 1464 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
23:56:43.0277 1464 SENS - ok
23:56:43.0293 1464 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:56:43.0293 1464 Serenum - ok
23:56:43.0324 1464 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:56:43.0324 1464 Serial - ok
23:56:43.0340 1464 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:56:43.0340 1464 sermouse - ok
23:56:43.0371 1464 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
23:56:43.0371 1464 SessionEnv - ok
23:56:43.0386 1464 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:56:43.0386 1464 sffdisk - ok
23:56:43.0402 1464 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:56:43.0402 1464 sffp_mmc - ok
23:56:43.0418 1464 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:56:43.0418 1464 sffp_sd - ok
23:56:43.0418 1464 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:56:43.0418 1464 sfloppy - ok
23:56:43.0464 1464 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
23:56:43.0464 1464 SharedAccess - ok
23:56:43.0511 1464 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
23:56:43.0511 1464 ShellHWDetection - ok
23:56:43.0542 1464 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:56:43.0542 1464 sisagp - ok
23:56:43.0574 1464 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:56:43.0574 1464 SiSRaid2 - ok
23:56:43.0589 1464 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:56:43.0589 1464 SiSRaid4 - ok
23:56:43.0730 1464 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
23:56:43.0761 1464 slsvc - ok
23:56:43.0823 1464 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
23:56:43.0839 1464 SLUINotify - ok
23:56:43.0901 1464 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:56:43.0901 1464 Smb - ok
23:56:43.0948 1464 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
23:56:43.0948 1464 SNMPTRAP - ok
23:56:43.0964 1464 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:56:43.0979 1464 spldr - ok
23:56:43.0995 1464 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
23:56:44.0010 1464 Spooler - ok
23:56:44.0042 1464 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:56:44.0042 1464 srv - ok
23:56:44.0073 1464 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:56:44.0073 1464 srv2 - ok
23:56:44.0073 1464 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:56:44.0073 1464 srvnet - ok
23:56:44.0088 1464 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
23:56:44.0088 1464 SSDPSRV - ok
23:56:44.0104 1464 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
23:56:44.0120 1464 SstpSvc - ok
23:56:44.0151 1464 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
23:56:44.0151 1464 stisvc - ok
23:56:44.0166 1464 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:56:44.0166 1464 swenum - ok
23:56:44.0198 1464 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
23:56:44.0213 1464 swprv - ok
23:56:44.0229 1464 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:56:44.0229 1464 Symc8xx - ok
23:56:44.0244 1464 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:56:44.0244 1464 Sym_hi - ok
23:56:44.0260 1464 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:56:44.0260 1464 Sym_u3 - ok
23:56:44.0291 1464 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
23:56:44.0307 1464 SysMain - ok
23:56:44.0338 1464 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
23:56:44.0338 1464 TabletInputService - ok
23:56:44.0369 1464 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
23:56:44.0369 1464 TapiSrv - ok
23:56:44.0385 1464 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
23:56:44.0385 1464 TBS - ok
23:56:44.0432 1464 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
23:56:44.0432 1464 Tcpip - ok
23:56:44.0447 1464 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
23:56:44.0447 1464 Tcpip6 - ok
23:56:44.0463 1464 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
23:56:44.0463 1464 tcpipreg - ok
23:56:44.0494 1464 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:56:44.0494 1464 TDPIPE - ok
23:56:44.0510 1464 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:56:44.0510 1464 TDTCP - ok
23:56:44.0525 1464 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:56:44.0525 1464 tdx - ok
23:56:44.0556 1464 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:56:44.0556 1464 TermDD - ok
23:56:44.0588 1464 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
23:56:44.0588 1464 TermService - ok
23:56:44.0619 1464 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
23:56:44.0619 1464 Themes - ok
23:56:44.0650 1464 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:56:44.0650 1464 THREADORDER - ok
23:56:44.0666 1464 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
23:56:44.0666 1464 TrkWks - ok
23:56:44.0697 1464 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
23:56:44.0697 1464 TrustedInstaller - ok
23:56:44.0728 1464 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:56:44.0728 1464 tssecsrv - ok
23:56:44.0744 1464 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:56:44.0744 1464 tunmp - ok
23:56:44.0775 1464 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:56:44.0775 1464 tunnel - ok
23:56:44.0790 1464 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:56:44.0790 1464 uagp35 - ok
23:56:44.0822 1464 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:56:44.0822 1464 udfs - ok
23:56:44.0837 1464 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
23:56:44.0837 1464 UI0Detect - ok
23:56:44.0868 1464 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:56:44.0868 1464 uliagpkx - ok
23:56:44.0884 1464 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:56:44.0884 1464 uliahci - ok
23:56:44.0900 1464 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:56:44.0900 1464 UlSata - ok
23:56:44.0915 1464 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:56:44.0915 1464 ulsata2 - ok
23:56:44.0931 1464 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:56:44.0931 1464 umbus - ok
23:56:44.0962 1464 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
23:56:44.0962 1464 upnphost - ok
23:56:44.0993 1464 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
23:56:44.0993 1464 USBAAPL - ok
23:56:45.0024 1464 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
23:56:45.0024 1464 usbaudio - ok
23:56:45.0040 1464 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:56:45.0040 1464 usbccgp - ok
23:56:45.0071 1464 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:56:45.0071 1464 usbcir - ok
23:56:45.0102 1464 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:56:45.0102 1464 usbehci - ok
23:56:45.0118 1464 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:56:45.0118 1464 usbhub - ok
23:56:45.0118 1464 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
23:56:45.0118 1464 usbohci - ok
23:56:45.0149 1464 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:56:45.0149 1464 usbprint - ok
23:56:45.0180 1464 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:56:45.0180 1464 usbscan - ok
23:56:45.0196 1464 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:56:45.0196 1464 USBSTOR - ok
23:56:45.0212 1464 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:56:45.0212 1464 usbuhci - ok
23:56:45.0243 1464 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
23:56:45.0243 1464 UxSms - ok
23:56:45.0274 1464 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
23:56:45.0274 1464 vds - ok
23:56:45.0290 1464 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:56:45.0290 1464 vga - ok
23:56:45.0305 1464 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:56:45.0321 1464 VgaSave - ok
23:56:45.0336 1464 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:56:45.0336 1464 viaagp - ok
23:56:45.0336 1464 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:56:45.0336 1464 ViaC7 - ok
23:56:45.0352 1464 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:56:45.0352 1464 viaide - ok
23:56:45.0368 1464 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:56:45.0368 1464 volmgr - ok
23:56:45.0383 1464 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:56:45.0383 1464 volmgrx - ok
23:56:45.0414 1464 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:56:45.0414 1464 volsnap - ok
23:56:45.0446 1464 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:56:45.0446 1464 vsmraid - ok
23:56:45.0492 1464 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
23:56:45.0508 1464 VSS - ok
23:56:45.0524 1464 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
23:56:45.0524 1464 W32Time - ok
23:56:45.0570 1464 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:56:45.0570 1464 WacomPen - ok
23:56:45.0586 1464 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:56:45.0586 1464 Wanarp - ok
23:56:45.0586 1464 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:56:45.0586 1464 Wanarpv6 - ok
23:56:45.0617 1464 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
23:56:45.0617 1464 wcncsvc - ok
23:56:45.0633 1464 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
23:56:45.0648 1464 WcsPlugInService - ok
23:56:45.0664 1464 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:56:45.0664 1464 Wd - ok
23:56:45.0695 1464 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:56:45.0695 1464 Wdf01000 - ok
23:56:45.0711 1464 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:56:45.0711 1464 WdiServiceHost - ok
23:56:45.0726 1464 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:56:45.0726 1464 WdiSystemHost - ok
23:56:45.0742 1464 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
23:56:45.0742 1464 WebClient - ok
23:56:45.0773 1464 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
23:56:45.0773 1464 Wecsvc - ok
23:56:45.0789 1464 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
23:56:45.0789 1464 wercplsupport - ok
23:56:45.0836 1464 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
23:56:45.0836 1464 WerSvc - ok
23:56:45.0882 1464 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:56:45.0898 1464 winachsf - ok
23:56:45.0945 1464 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
23:56:45.0945 1464 WinDefend - ok
23:56:45.0960 1464 WinHttpAutoProxySvc - ok
23:56:46.0007 1464 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
23:56:46.0007 1464 Winmgmt - ok
23:56:46.0070 1464 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
23:56:46.0085 1464 WinRM - ok
23:56:46.0132 1464 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
23:56:46.0148 1464 Wlansvc - ok
23:56:46.0304 1464 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:56:46.0319 1464 wlidsvc - ok
23:56:46.0428 1464 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
23:56:46.0428 1464 WmiAcpi - ok
23:56:46.0475 1464 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
23:56:46.0475 1464 wmiApSrv - ok
23:56:46.0553 1464 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:56:46.0569 1464 WMPNetworkSvc - ok
23:56:46.0584 1464 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
23:56:46.0600 1464 WPCSvc - ok
23:56:46.0616 1464 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
23:56:46.0616 1464 WPDBusEnum - ok
23:56:46.0662 1464 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:56:46.0678 1464 WpdUsb - ok
23:56:46.0756 1464 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:56:46.0756 1464 WPFFontCache_v0400 - ok
23:56:46.0787 1464 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:56:46.0787 1464 ws2ifsl - ok
23:56:46.0803 1464 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
23:56:46.0803 1464 wscsvc - ok
23:56:46.0803 1464 WSearch - ok
23:56:46.0881 1464 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
23:56:46.0912 1464 wuauserv - ok
23:56:47.0021 1464 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:56:47.0021 1464 WUDFRd - ok
23:56:47.0052 1464 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
23:56:47.0052 1464 wudfsvc - ok
23:56:47.0068 1464 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
23:56:47.0068 1464 XAudio - ok
23:56:47.0099 1464 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
23:56:47.0099 1464 XAudioService - ok
23:56:47.0162 1464 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
23:56:47.0349 1464 \Device\Harddisk0\DR0 - ok
23:56:47.0349 1464 Boot (0x1200) (71370d344d71a28cf3e1920d0e9d256c) \Device\Harddisk0\DR0\Partition0
23:56:47.0349 1464 \Device\Harddisk0\DR0\Partition0 - ok
23:56:47.0364 1464 Boot (0x1200) (7929058a3ce1ab52631cc76e867510b1) \Device\Harddisk0\DR0\Partition1
23:56:47.0364 1464 \Device\Harddisk0\DR0\Partition1 - ok
23:56:47.0364 1464 ============================================================
23:56:47.0364 1464 Scan finished
23:56:47.0364 1464 ============================================================
23:56:47.0380 0836 Detected object count: 0
23:56:47.0380 0836 Actual detected object count: 0






----------------------------------------------



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-04 23:58:54
-----------------------------
23:58:54.525 OS Version: Windows 6.0.6002 Service Pack 2
23:58:54.526 Number of processors: 2 586 0x6B02
23:58:54.526 ComputerName: MAIN UserName: john
23:58:56.509 Initialize success
23:59:51.772 AVAST engine defs: 12050401
00:00:27.496 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000052
00:00:27.496 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 6
00:00:27.761 Disk 0 MBR read successfully
00:00:27.761 Disk 0 MBR scan
00:00:27.776 Disk 0 unknown MBR code
00:00:27.776 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 466441 MB offset 63
00:00:27.854 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10495 MB offset 955273095
00:00:28.026 Disk 0 scanning sectors +976768065
00:00:28.454 Disk 0 scanning C:\Windows\system32\drivers
00:01:47.696 Service scanning
00:02:12.719 Modules scanning
00:03:39.642 Disk 0 trace - called modules:
00:03:39.720 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys HDAudBus.sys
00:03:39.720 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86830260]
00:03:39.736 3 CLASSPNP.SYS[807328b3] -> nt!IofCallDriver -> [0x854afb68]
00:03:39.736 5 acpi.sys[8060f6bc] -> nt!IofCallDriver -> \Device\00000052[0x85e366e8]
00:03:40.921 AVAST engine scan C:\Windows
00:07:18.168 AVAST engine scan C:\Windows\system32
00:09:00.318 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
00:27:15.248 Disk 0 MBR has been saved successfully to "C:\Users\john\Desktop\MBR.dat"
00:27:15.248 The log file has been saved successfully to "C:\Users\john\Desktop\aswMBR.txt"

''No act of kindness, no matter how small, is ever wasted. ''
Posted Image


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 05 May 2012 - 12:02 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Windows\system32\jureg.exe

FireFox::
FF - ProfilePath - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\l5l6121a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2535290&SearchSource=13

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 xVanished

xVanished
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 05 May 2012 - 01:04 AM

Log didn't work at first, but I think i got it.
And computer is still same as before.


ComboFix 12-05-05.05 - john 05/05/2012 1:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2942.1323 [GMT -4:00]
Running from: c:\users\john\Desktop\ComboFix.exe
Command switches used :: c:\users\john\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\jureg.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\jureg.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 06:01 . 2012-05-05 06:01 -------- d-----w- c:\users\john\AppData\Local\temp
2012-05-05 06:01 . 2012-05-05 06:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-05 05:46 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DAB9E2C-82CF-475C-B8FC-4187EAA4F5E1}\mpengine.dll
2012-05-05 04:29 . 2012-05-05 06:01 -------- d-----w- c:\users\john\AppData\Local\PMB Files
2012-05-05 04:29 . 2012-05-05 05:53 -------- d-----w- c:\programdata\PMB Files
2012-05-05 01:43 . 2012-05-05 01:43 388096 ----a-r- c:\users\john\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-05 01:43 . 2012-05-05 01:43 -------- d-----w- c:\program files\Trend Micro
2012-05-04 16:13 . 2012-05-04 16:13 -------- d-----w- c:\users\john\AppData\Roaming\Anvisoft
2012-05-04 16:12 . 2012-05-05 01:31 -------- d-----w- c:\program files\Anvisoft
2012-05-03 01:30 . 2012-05-03 01:30 -------- d-----w- c:\program files\AVAST Software
2012-05-02 05:56 . 2012-05-02 05:56 -------- d-----w- c:\users\john\AppData\Roaming\LolClient
2012-05-02 05:31 . 2008-07-31 14:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2012-05-02 05:31 . 2008-07-31 14:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2012-05-02 05:31 . 2008-07-12 12:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-05-02 05:31 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-05-02 05:31 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-05-02 05:25 . 2012-05-02 05:26 -------- d-----w- C:\Riot Games
2012-05-02 04:37 . 2012-05-02 04:36 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-05-02 04:37 . 2012-05-02 04:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-02 04:06 . 2012-05-05 04:29 -------- d-----w- c:\program files\Pando Networks
2012-04-12 07:07 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:07 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:07 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:07 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:07 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 07:07 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:01 . 2012-04-12 07:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-12 02:50 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 15:02 . 2011-05-16 11:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2009-10-03 09:30 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-14 15:45 . 2012-03-13 19:42 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 19:42 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-13 19:42 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-13 19:42 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-13 19:42 1068544 ----a-w- c:\windows\system32\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iso data fast cast]
c:\programdata\Hope Heck 16.di2rf [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mapi Owns]
c:\programdata\logoholehole.4kbdknr [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 12:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-12-26 14:32 133104 ----atw- c:\users\john\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 20:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 60957740
*NewlyCreated* - ASWMBR
*NewlyCreated* - TRUESIGHT
*NewlyCreated* - UGLDYPOG
*Deregistered* - 60957740
*Deregistered* - aswMBR
*Deregistered* - TrueSight
*Deregistered* - ugldypog
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:55]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:55]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3362315218-3296876214-747463326-1000Core.job
- c:\users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-26 14:32]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3362315218-3296876214-747463326-1000UA.job
- c:\users\john\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-26 14:32]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\l5l6121a.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6fd10923-dcba-4fd6-b0fa-a12e23008c88%7D&mid=5e09df67aea447d181f9d16b53c1c057-926ab491d97ab3adef45c912479a084423daacbf&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-04%2012%3A02%3A14&sap=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-05 02:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-05 02:02:54
ComboFix-quarantined-files.txt 2012-05-05 06:02
ComboFix2.txt 2012-05-05 03:43
.
Pre-Run: 295,866,384,384 bytes free
Post-Run: 297,144,844,288 bytes free
.
- - End Of File - - 29E3D994008B967244ACC80CC4021A69

''No act of kindness, no matter how small, is ever wasted. ''
Posted Image


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 05 May 2012 - 01:09 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 xVanished

xVanished
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 05 May 2012 - 01:39 AM

32 Bit HP CIO Components Installer
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader X (10.1.2)
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BufferChm
Canon Inkjet Printer Driver Add-On Module
CCScore
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
CyberLink PowerDirector
D110
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DVD Flick 1.3.0.7
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
Google Chrome
Google Update Helper
GPBaseService2
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Highlight Viewer (Windows Live Toolbar)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Feedback
HP Customer Participation Program 14.0
HP Demo
HP Easy Setup - Frontend
HP Imaging Device Functions 14.0
HP MediaSmart DVD
HP Photo Creations
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
iCloud
iTunes
Java Auto Updater
Java™ 6 Update 31
Java™ SE Runtime Environment 6 Update 1
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kobo
Kodak EasyShare software
KSU
LabelPrint
League of Legends
LightScribe System Software
LightScribeTemplateLabeler
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Map Button (Windows Live Toolbar)
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
Mozilla Firefox (3.0.19)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.1
netbrdg
Network
Notifier
NVIDIA Drivers
OfotoXMI
Origin
Pando Media Booster
Power2Go
PS_AIO_07_D110_SW_Min
Python 2.5
QuickTime
QuickTransfer
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.5.3
RPS CRT
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Smart Menus (Windows Live Toolbar)
SmartWebPrinting
Soft Data Fax Modem with SmartCP
SolutionCenter
Spybot - Search & Destroy
staticcr
Status
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 Pets
The Sims™ 3 Town Life Stuff
Toolbox
tooltips
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VeryPDF PDFcamp Printer v2.3
VPRINTOL
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WIRELESS

''No act of kindness, no matter how small, is ever wasted. ''
Posted Image


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 05 May 2012 - 01:47 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 31
Java™ SE Runtime Environment 6 Update 1
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 xVanished

xVanished
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 05 May 2012 - 02:00 AM

All done, Malware found nothing, so didn't bother to post log. And here is the new hijack one.
However, it says hostfiles cannot be located or something since I am not running it as an admin (I cannot even if I try)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:59:11 AM, on 5/5/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c99c20f81df850) (gupdate1c99c20f81df850) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6362 bytes

''No act of kindness, no matter how small, is ever wasted. ''
Posted Image


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 05 May 2012 - 03:02 AM

Hello


you need to run as admin this way or it will not work

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator




These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 xVanished

xVanished
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 07 May 2012 - 11:32 AM

I cannot get ESET scanner to open in my IE. It won't load and pop up.

''No act of kindness, no matter how small, is ever wasted. ''
Posted Image


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 07 May 2012 - 12:25 PM

Hello

try resetting IE - go here and scroll down and click on show all and click on the fix-it button - http://windows.microsoft.com/en-US/windows-vista/Reset-Internet-Explorer-8-settings


if that does not work then try this one

F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go HERE to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new window

    In Interner Explorer
  • It will require an activex control, please install it
  • Click Accept

  • In Firefox
  • It will require an Add-on to be installed, please install it
  • Order to install the Add-on Firefox needs to be restarted, please do so
[*]Click Full System Scan
[*]It will now download the scanner this may take a while please be patient
[*]It will then start scanning wait for the scan to finish
[*]Click Automatic cleaning (recommended)
[*]Wait for it finish the cleaning process
[*]Click show report
[*]This will open up a window with the results of the scan copy and paste those results as a reply to this topic[/list]

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:40 PM

Posted 09 May 2012 - 11:19 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users