Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infected: Windows recovery


  • This topic is locked This topic is locked
25 replies to this topic

#1 star7010

star7010

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 06 May 2012 - 11:18 PM

I was browsing some web sites & got infected with Windows Recovery, soon pops started telling HDD failure & to buy some software in order to save data. Was not able to run anti-virus software, booted in safe mode tried system restore that at least stopped the popups & then downloaded Superantuspyware scanned the laptop, showed some files infected & cleaned them subsequently. After rebooting Ran Rkill & tried to download install Malwarebytes but after going thru all the process says access denied. I guess the malware is still there not letting it load it up. Currently disabled Mcafee firewal & other stuff. here is the DDs logs:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by panky at 18:33:36 on 2012-05-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1236 [GMT -7:00]
.
AV: McAfee VirusScan *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [sclauncher] c:\program files\simplecenter\bin\win\sclauncher.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [<NO NAME>]
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: bmnet.dll
Trusted Zone: musicmatch.com\online
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 155.216.1.1
TCP: Interfaces\{0A639877-AA35-4C73-957A-9A11AF830D40} : DhcpNameServer = 209.18.47.61 209.18.47.62 155.216.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\panky\application data\mozilla\firefox\profiles\38y78be3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-5-11 201320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2008-7-21 8576]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-9 95200]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-5-11 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-5-11 144704]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-2-1 14976]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-5-11 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-5-11 35240]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2011-4-15 6878848]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2010-10-20 52824]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [2006-2-6 375424]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2010-9-2 121416]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2009-7-16 67840]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2009-7-16 107776]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2009-7-16 8064]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-24 136176]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-5-11 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-5-11 40488]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-25 11520]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-5-11 695624]
.
=============== Created Last 30 ================
.
2012-05-07 00:26:44 -------- d-----w- c:\documents and settings\panky\application data\SUPERAntiSpyware.com
2012-05-07 00:25:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-07 00:25:33 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-05-06 23:35:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-05-06 23:35:04 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-06 23:34:28 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-05-02 02:29:41 -------- d-----w- c:\windows\7C5B62D2F779482FA4DCA0636B06BCD7.TMP
2012-04-27 02:23:42 -------- d-----w- c:\program files\DVDFab 8 Qt
.
==================== Find3M ====================
.
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 12:43:00 27648 --sh--w- c:\windows\system32\Smab0.dll
.
============= FINISH: 18:34:58.92 ===============

Here is the SuperAntispyware log file:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/06/2012 at 05:40 PM

Application Version : 5.0.1148

Core Rules Database Version : 8560
Trace Rules Database Version: 6372

Scan type : Quick Scan
Total Scan Time : 00:12:30

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 354
Memory threats detected : 0
Registry items scanned : 30791
Registry threats detected : 2
File items scanned : 12793
File threats detected : 145

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY

Adware.Tracking Cookie
C:\Documents and Settings\panky\Cookies\panky@247realmedia[1].txt [ /247realmedia ]
C:\Documents and Settings\panky\Cookies\panky@a1.interclick[1].txt [ /a1.interclick ]
C:\Documents and Settings\panky\Cookies\panky@aarf.122.2o7[1].txt [ /aarf.122.2o7 ]
C:\Documents and Settings\panky\Cookies\panky@ad.wsod[2].txt [ /ad.wsod ]
C:\Documents and Settings\panky\Cookies\panky@adecn[1].txt [ /adecn ]
C:\Documents and Settings\panky\Cookies\panky@adinterax[2].txt [ /adinterax ]
C:\Documents and Settings\panky\Cookies\panky@adopt.euroclick[1].txt [ /adopt.euroclick ]
C:\Documents and Settings\panky\Cookies\panky@adopt.specificclick[1].txt [ /adopt.specificclick ]
C:\Documents and Settings\panky\Cookies\panky@adrevolver[2].txt [ /adrevolver ]
C:\Documents and Settings\panky\Cookies\panky@adrevolver[3].txt [ /adrevolver ]
C:\Documents and Settings\panky\Cookies\panky@ads.as4x.tmcs[1].txt [ /ads.as4x.tmcs ]
C:\Documents and Settings\panky\Cookies\panky@ads.bridgetrack[1].txt [ /ads.bridgetrack ]
C:\Documents and Settings\panky\Cookies\panky@ads.monster[1].txt [ /ads.monster ]
C:\Documents and Settings\panky\Cookies\panky@ads.pointroll[2].txt [ /ads.pointroll ]
C:\Documents and Settings\panky\Cookies\panky@ads4.slickdeals[2].txt [ /ads4.slickdeals ]
C:\Documents and Settings\panky\Cookies\panky@advertising[1].txt [ /advertising ]
C:\Documents and Settings\panky\Cookies\panky@adxpose[1].txt [ /adxpose ]
C:\Documents and Settings\panky\Cookies\panky@anad.tacoda[2].txt [ /anad.tacoda ]
C:\Documents and Settings\panky\Cookies\panky@anat.tacoda[1].txt [ /anat.tacoda ]
C:\Documents and Settings\panky\Cookies\panky@bluestreak[1].txt [ /bluestreak ]
C:\Documents and Settings\panky\Cookies\panky@burstbeacon[1].txt [ /burstbeacon ]
C:\Documents and Settings\panky\Cookies\panky@burstnet[1].txt [ /burstnet ]
C:\Documents and Settings\panky\Cookies\panky@buycom.122.2o7[1].txt [ /buycom.122.2o7 ]
C:\Documents and Settings\panky\Cookies\panky@buycom.db.advertising[1].txt [ /buycom.db.advertising ]
C:\Documents and Settings\panky\Cookies\panky@casalemedia[1].txt [ /casalemedia ]
C:\Documents and Settings\panky\Cookies\panky@cashbackaccount.bing[2].txt [ /cashbackaccount.bing ]
C:\Documents and Settings\panky\Cookies\panky@cdn4.specificclick[1].txt [ /cdn4.specificclick ]
C:\Documents and Settings\panky\Cookies\panky@cf-db01.clickfacts[1].txt [ /cf-db01.clickfacts ]
C:\Documents and Settings\panky\Cookies\panky@chitika[1].txt [ /chitika ]
C:\Documents and Settings\panky\Cookies\panky@citi.bridgetrack[2].txt [ /citi.bridgetrack ]
C:\Documents and Settings\panky\Cookies\panky@content.yieldmanager[2].txt [ /content.yieldmanager ]
C:\Documents and Settings\panky\Cookies\panky@data.coremetrics[1].txt [ /data.coremetrics ]
C:\Documents and Settings\panky\Cookies\panky@discountednewspapers[1].txt [ /discountednewspapers ]
C:\Documents and Settings\panky\Cookies\panky@discount[1].txt [ /discount ]
C:\Documents and Settings\panky\Cookies\panky@dtag.112.2o7[1].txt [ /dtag.112.2o7 ]
C:\Documents and Settings\panky\Cookies\panky@dynamic.media.adrevolver[1].txt [ /dynamic.media.adrevolver ]
C:\Documents and Settings\panky\Cookies\panky@e-2dj6walyqgazsdo.stats.esomniture[2].txt [ /e-2dj6walyqgazsdo.stats.esomniture ]
C:\Documents and Settings\panky\Cookies\panky@e-2dj6wbloshdzegp.stats.esomniture[1].txt [ /e-2dj6wbloshdzegp.stats.esomniture ]
C:\Documents and Settings\panky\Cookies\panky@e-2dj6wblyohdpkeq.stats.esomniture[2].txt [ /e-2dj6wblyohdpkeq.stats.esomniture ]
C:\Documents and Settings\panky\Cookies\panky@e-2dj6wcmyendjmlq.stats.esomniture[1].txt [ /e-2dj6wcmyendjmlq.stats.esomniture ]
C:\Documents and Settings\panky\Cookies\panky@e-2dj6wdmiundpmhq.stats.esomniture[2].txt [ /e-2dj6wdmiundpmhq.stats.esomniture ]
C:\Documents and Settings\panky\Cookies\panky@e-2dj6wjk4endzibo.stats.esomniture[2].txt [ /e-2dj6wjk4endzibo.stats.esomniture ]
C:\Documents and Settings\panky\Cookies\panky@e-2dj6wjk4wldpedp.stats.esomniture[2].txt [ /e-2dj6wjk4wldpedp.stats.esomniture ]
C:\Documents and Settings\panky\Cookies\panky@e-2dj6wjkoeocpgdp.stats.esomniture[2].txt [ /e-2dj6wjkoeocpgdp.stats.esomniture ]
C:\Documents and Settings\panky\Cookies\panky@edge.ru4[1].txt [ /edge.ru4 ]
C:\Documents and Settings\panky\Cookies\panky@ehg-aaa.hitbox[1].txt [ /ehg-aaa.hitbox ]
C:\Documents and Settings\panky\Cookies\panky@ehg-dig.hitbox[1].txt [ /ehg-dig.hitbox ]
C:\Documents and Settings\panky\Cookies\panky@ehg-hollywoodmedia.hitbox[1].txt [ /ehg-hollywoodmedia.hitbox ]
C:\Documents and Settings\panky\Cookies\panky@ehg-morningstar.hitbox[2].txt [ /ehg-morningstar.hitbox ]
C:\Documents and Settings\panky\Cookies\panky@ehg-newegg.hitbox[1].txt [ /ehg-newegg.hitbox ]
C:\Documents and Settings\panky\Cookies\panky@ehg-nokiafin.hitbox[1].txt [ /ehg-nokiafin.hitbox ]
C:\Documents and Settings\panky\Cookies\panky@ehg-rr.hitbox[2].txt [ /ehg-rr.hitbox ]
C:\Documents and Settings\panky\Cookies\panky@ehg-socaledison.hitbox[2].txt [ /ehg-socaledison.hitbox ]
C:\Documents and Settings\panky\Cookies\panky@ehg-webchutney.hitbox[1].txt [ /ehg-webchutney.hitbox ]
C:\Documents and Settings\panky\Cookies\panky@fastclick[1].txt [ /fastclick ]
C:\Documents and Settings\panky\Cookies\panky@find.t-mobile[2].txt [ /find.t-mobile ]
C:\Documents and Settings\panky\Cookies\panky@gtp1.acecounter[1].txt [ /gtp1.acecounter ]
C:\Documents and Settings\panky\Cookies\panky@hc2.humanclick[1].txt [ /hc2.humanclick ]
C:\Documents and Settings\panky\Cookies\panky@hitbox[1].txt [ /hitbox ]
C:\Documents and Settings\panky\Cookies\panky@honda.112.2o7[1].txt [ /honda.112.2o7 ]
C:\Documents and Settings\panky\Cookies\panky@hypertracker[1].txt [ /hypertracker ]
C:\Documents and Settings\panky\Cookies\panky@iacas.adbureau[2].txt [ /iacas.adbureau ]
C:\Documents and Settings\panky\Cookies\panky@imrworldwide[1].txt [ /imrworldwide ]
C:\Documents and Settings\panky\Cookies\panky@indexstats[2].txt [ /indexstats ]
C:\Documents and Settings\panky\Cookies\panky@insightexpressai[1].txt [ /insightexpressai ]
C:\Documents and Settings\panky\Cookies\panky@insightfirst[2].txt [ /insightfirst ]
C:\Documents and Settings\panky\Cookies\panky@keywordmax[1].txt [ /keywordmax ]
C:\Documents and Settings\panky\Cookies\panky@leapfrogonline.112.2o7[1].txt [ /leapfrogonline.112.2o7 ]
C:\Documents and Settings\panky\Cookies\panky@linksynergy[2].txt [ /linksynergy ]
C:\Documents and Settings\panky\Cookies\panky@liveperson[2].txt [ /liveperson ]
C:\Documents and Settings\panky\Cookies\panky@liveperson[3].txt [ /liveperson ]
C:\Documents and Settings\panky\Cookies\panky@liveperson[4].txt [ /liveperson ]
C:\Documents and Settings\panky\Cookies\panky@lynxtrack[1].txt [ /lynxtrack ]
C:\Documents and Settings\panky\Cookies\panky@media.adrevolver[1].txt [ /media.adrevolver ]
C:\Documents and Settings\panky\Cookies\panky@microsoftwlcashback.112.2o7[1].txt [ /microsoftwlcashback.112.2o7 ]
C:\Documents and Settings\panky\Cookies\panky@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
C:\Documents and Settings\panky\Cookies\panky@nextag[2].txt [ /nextag ]
C:\Documents and Settings\panky\Cookies\panky@oasn04.247realmedia[2].txt [ /oasn04.247realmedia ]
C:\Documents and Settings\panky\Cookies\panky@orange-county.entertainment[2].txt [ /orange-county.entertainment ]
C:\Documents and Settings\panky\Cookies\panky@overture[2].txt [ /overture ]
C:\Documents and Settings\panky\Cookies\panky@pointroll[1].txt [ /pointroll ]
C:\Documents and Settings\panky\Cookies\panky@questionmarket[2].txt [ /questionmarket ]
C:\Documents and Settings\panky\Cookies\panky@revenue[2].txt [ /revenue ]
C:\Documents and Settings\panky\Cookies\panky@revsci[2].txt [ /revsci ]
C:\Documents and Settings\panky\Cookies\panky@richmedia.yahoo[1].txt [ /richmedia.yahoo ]
C:\Documents and Settings\panky\Cookies\panky@roiservice[1].txt [ /roiservice ]
C:\Documents and Settings\panky\Cookies\panky@samsclub.112.2o7[2].txt [ /samsclub.112.2o7 ]
C:\Documents and Settings\panky\Cookies\panky@samsclubus.pnimedia[2].txt [ /samsclubus.pnimedia ]
C:\Documents and Settings\panky\Cookies\panky@sec1.liveperson[1].txt [ /sec1.liveperson ]
C:\Documents and Settings\panky\Cookies\panky@sixapart.adbureau[2].txt [ /sixapart.adbureau ]
C:\Documents and Settings\panky\Cookies\panky@specificclick[2].txt [ /specificclick ]
C:\Documents and Settings\panky\Cookies\panky@specificmedia[1].txt [ /specificmedia ]
C:\Documents and Settings\panky\Cookies\panky@stat.dealtime[2].txt [ /stat.dealtime ]
C:\Documents and Settings\panky\Cookies\panky@statcounter[1].txt [ /statcounter ]
C:\Documents and Settings\panky\Cookies\panky@stats.adbrite[1].txt [ /stats.adbrite ]
C:\Documents and Settings\panky\Cookies\panky@steelhousemedia[2].txt [ /steelhousemedia ]
C:\Documents and Settings\panky\Cookies\panky@tradedoubler[2].txt [ /tradedoubler ]
C:\Documents and Settings\panky\Cookies\panky@tradeking.112.2o7[1].txt [ /tradeking.112.2o7 ]
C:\Documents and Settings\panky\Cookies\panky@traffic.buyservices[1].txt [ /traffic.buyservices ]
C:\Documents and Settings\panky\Cookies\panky@tremor.adbureau[2].txt [ /tremor.adbureau ]
C:\Documents and Settings\panky\Cookies\panky@tribalfusion[1].txt [ /tribalfusion ]
C:\Documents and Settings\panky\Cookies\panky@valueclick[1].txt [ /valueclick ]
C:\Documents and Settings\panky\Cookies\panky@virginamerica.112.2o7[1].txt [ /virginamerica.112.2o7 ]
C:\Documents and Settings\panky\Cookies\panky@www.accountonline[2].txt [ /www.accountonline ]
C:\Documents and Settings\panky\Cookies\panky@www.burstbeacon[2].txt [ /www.burstbeacon ]
C:\Documents and Settings\panky\Cookies\panky@www.burstnet[2].txt [ /www.burstnet ]
C:\Documents and Settings\panky\Cookies\panky@www.clickmanage[2].txt [ /www.clickmanage ]
C:\Documents and Settings\panky\Cookies\panky@xiti[1].txt [ /xiti ]
C:\Documents and Settings\panky\Cookies\IDDFX0W9.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\panky\Cookies\4UAALN4H.txt [ /server.iad.liveperson.net ]
C:\Documents and Settings\panky\Cookies\L5XHCVHP.txt [ /2o7.net ]
C:\Documents and Settings\panky\Cookies\S620BLMF.txt [ /perf.overture.com ]
C:\Documents and Settings\panky\Cookies\panky@cgi-bin[4].txt [ /www8.addfreestats.com ]
C:\Documents and Settings\panky\Cookies\2ICK46KW.txt [ /atdmt.com ]
C:\Documents and Settings\panky\Cookies\XSO81BRI.txt [ /adbrite.com ]
C:\Documents and Settings\panky\Cookies\JFUI6HRP.txt [ /kontera.com ]
C:\Documents and Settings\panky\Cookies\0VV7QJTQ.txt [ /apmebf.com ]
C:\Documents and Settings\panky\Cookies\LV9X3YGJ.txt [ /mediaplex.com ]
C:\Documents and Settings\panky\Cookies\RY80DEV0.txt [ /realmedia.com ]
C:\Documents and Settings\panky\Cookies\W4X5R3JW.txt [ /network.realmedia.com ]
C:\Documents and Settings\panky\Cookies\panky@cgi-bin[1].txt [ /www4.addfreestats.com ]
C:\Documents and Settings\panky\Cookies\Q0002CRJ.txt [ /zedo.com ]
C:\Documents and Settings\panky\Cookies\panky@hosted.zango[1].txt [ /hosted.zango.com ]
C:\Documents and Settings\panky\Cookies\panky@73599386[2].txt [ /hc2.humanclick.com ]
C:\Documents and Settings\panky\Cookies\329DOW4S.txt [ /interclick.com ]
C:\Documents and Settings\panky\Cookies\PZRUWCA5.txt [ /doubleclick.net ]
C:\Documents and Settings\panky\Cookies\K0RABYH6.txt [ /serving-sys.com ]
C:\Documents and Settings\panky\Cookies\DICMFYBF.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\panky\Cookies\1SSV5IB7.txt [ /invitemedia.com ]
C:\Documents and Settings\panky\Cookies\panky@6301317[2].txt [ /liveperson.net ]
C:\Documents and Settings\panky\Cookies\RFS2RKX7.txt [ /media6degrees.com ]
C:\Documents and Settings\panky\Cookies\UJHLFIX4.txt [ /collective-media.net ]
C:\Documents and Settings\panky\Cookies\OR2UHV8J.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\panky\Cookies\EHQN04CE.txt [ /lucidmedia.com ]
C:\Documents and Settings\panky\Cookies\XVNFPOYX.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\panky\Cookies\LM2L15HX.txt [ /ads.bleepingcomputer.com ]
C:\Documents and Settings\panky\Cookies\panky@zango[2].txt [ /zango.com ]
C:\Documents and Settings\panky\Cookies\panky@ak[2].txt [ /content.yieldmanager.com ]
C:\Documents and Settings\panky\Cookies\M00I0HM1.txt [ /liveperson.net ]
C:\Documents and Settings\panky\Cookies\panky@indiads[1].txt [ /indiads.com ]
C:\Documents and Settings\panky\Cookies\4ZET0I98.txt [ /www.googleadservices.com ]
C:\DOCUMENTS AND SETTINGS\PANKY\Cookies\HP3JBRXX.txt [ Cookie:panky@google.com/accounts/ ]

Trace.Known Threat Sources
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\zango[1].css [ cache:zango.com ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\zango_nav[1].css [ cache:zango.com ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\default[1].css [ cache:zango.com ]


Thanks a lot for your help in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:26 AM

Posted 06 May 2012 - 11:27 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 star7010

star7010
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 09 May 2012 - 05:59 PM

Thanks a lot for getting back Gringo,I was traveling therefore could not run the above suggestions I will post the above requested logs by tonight Pacific time.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:26 AM

Posted 09 May 2012 - 06:26 PM

Hello


no problem and see you around then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 star7010

star7010
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 09 May 2012 - 07:02 PM

Just Ran combofix & Security check, here are the logs:

Security Check:
Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
McAfee Uninstaller
McAfee SecurityCenter
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 24
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of date!
Adobe Flash Player 10.3.181.14 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (Meeting..)
Mozilla Thunderbird 1.5.0 Thunderbird out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

McAfee VIRUSS~1 mcshield.exe
``````````End of Log````````````


Combofix log:
ComboFix 12-05-09.01 - panky 05/09/2012 16:36:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1471 [GMT -7:00]
Running from: c:\documents and settings\panky\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\jc6g6IdOJWOWnr
c:\documents and settings\panky\GoToAssistDownloadHelper.exe
c:\documents and settings\panky\My Documents\DPE.DUS
C:\install.exe
c:\windows\system32\SET11D.tmp
c:\windows\system32\SET11E.tmp
c:\windows\system32\SET154.tmp
c:\windows\system32\SET160.tmp
c:\windows\system32\SET168.tmp
c:\windows\system32\SET169.tmp
c:\windows\system32\SET16B.tmp
c:\windows\system32\SET16C.tmp
c:\windows\system32\SET16E.tmp
c:\windows\system32\SET19B.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-08 03:07 . 2012-05-08 03:07 191760 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-08 02:58 . 2012-05-08 02:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-05-07 00:26 . 2012-05-07 00:26 -------- d-----w- c:\documents and settings\panky\Application Data\SUPERAntiSpyware.com
2012-05-07 00:25 . 2012-05-08 02:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-07 00:25 . 2012-05-07 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-06 23:35 . 2012-05-06 23:35 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-02 02:29 . 2012-05-08 02:58 -------- d-----w- c:\windows\7C5B62D2F779482FA4DCA0636B06BCD7.TMP
2012-04-27 02:23 . 2012-04-27 02:24 -------- d-----w- c:\program files\DVDFab 8 Qt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2011-04-16 03:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:01 . 2005-08-16 10:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2005-08-16 10:18 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2005-08-16 10:18 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2005-08-16 10:18 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2005-08-16 10:18 385024 ------w- c:\windows\system32\html.iec
2009-10-31 14:12 . 2009-10-31 14:12 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-10-31 14:12 . 2009-10-31 14:12 185240 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-10-31 14:14 . 2009-10-31 14:14 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-10-31 14:12 . 2009-10-31 14:12 99224 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-04-14 16:26 . 2011-05-01 06:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 12:43 27648 --sh--w- c:\windows\system32\Smab0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-30 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 94208]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7118848]
"nwiz"="nwiz.exe" [2005-12-15 1519616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-22 86016]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-09-28 185688]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2010-09-03 883272]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-2-6 24576]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-21 01:13 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 06:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-06 16:45 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 18:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 16:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-02-07 04:02 168448 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-16 02:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-02-07 03:52 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-11 11:19 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 21:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Brother\\Brmfl08b\\FAXRX.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [7/21/2008 7:37 PM 8576]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/9/2008 5:28 PM 95200]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2/1/2009 4:20 PM 14976]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [4/15/2011 10:11 PM 6878848]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [10/20/2010 9:13 PM 52824]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2010 10:31 PM 136176]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [2/6/2006 8:18 PM 375424]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [9/2/2010 7:01 PM 121416]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [7/16/2009 10:51 AM 67840]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [7/16/2009 10:53 AM 107776]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [7/16/2009 10:49 AM 8064]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2010 10:31 PM 136176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/17/2008 12:51 PM 47360]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/25/2011 8:42 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-25 05:31]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-25 05:31]
.
2011-04-16 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-05-11 20:32]
.
2012-05-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-05-11 20:32]
.
2010-10-28 c:\windows\Tasks\soundtapShakeIcon.job
- c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2010-10-21 04:13]
.
2011-06-12 c:\windows\Tasks\switchDowngrade.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-10-21 04:12]
.
2011-06-12 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-10-21 04:12]
.
2010-10-28 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-10-21 04:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: bmnet.dll
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.166.200.14 192.168.200.58
FF - ProfilePath - c:\documents and settings\panky\Application Data\Mozilla\Firefox\Profiles\38y78be3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
.
Notify-WgaLogon - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-NSLauncher - c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-09 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'lsass.exe'(1028)
c:\windows\system32\bmnet.dll
.
Completion time: 2012-05-09 16:46:34
ComboFix-quarantined-files.txt 2012-05-09 23:46
.
Pre-Run: 38,745,915,392 bytes free
Post-Run: 39,402,426,368 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5E4A6653F93F35C0B736698C6F2DA18D

Computer is doing ok, I have not tried to load any further Anti-virus or Malware. Do not see any Hard drive activity or internet activity either. Machine seems running good, but see all windows settings changed not sure how or why.

Once again thanks for your help.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:26 AM

Posted 09 May 2012 - 08:44 PM

Greetings star7010

Glad things are doing better lets do some more checking to make sure nothing else is in the background.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 star7010

star7010
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 09 May 2012 - 09:24 PM

Here are the logs:
aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-09 18:57:26
-----------------------------
18:57:26.546 OS Version: Windows 5.1.2600 Service Pack 3
18:57:26.546 Number of processors: 2 586 0xE08
18:57:26.546 ComputerName: ***** UserName: ****
18:57:27.312 Initialize success
19:00:38.765 AVAST engine defs: 12050901
19:01:30.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:01:30.953 Disk 0 Vendor: FUJITSU_MHV2100BH 00850028 Size: 93958MB BusType: 3
19:01:31.343 Disk 0 MBR read successfully
19:01:31.343 Disk 0 MBR scan
19:01:31.390 Disk 0 unknown MBR code
19:01:31.390 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
19:01:31.406 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 88922 MB offset 96390
19:01:31.437 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4981 MB offset 182209230
19:01:31.453 Disk 0 scanning sectors +192410505
19:01:31.546 Disk 0 scanning C:\WINDOWS\system32\drivers
19:01:50.218 Service scanning
19:02:29.750 Modules scanning
19:02:41.125 Disk 0 trace - called modules:
19:02:41.140
19:02:41.796 AVAST engine scan C:\WINDOWS
19:03:10.500 AVAST engine scan C:\WINDOWS\system32
19:07:06.328 AVAST engine scan C:\WINDOWS\system32\drivers
19:07:30.750 AVAST engine scan C:\Documents and Settings\*****
19:14:57.562 AVAST engine scan C:\Documents and Settings\All Users
19:19:19.000 Scan finished successfully
19:20:04.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\****\Desktop\MBR.dat"
19:20:04.250 The log file has been saved successfully to "C:\Documents and Settings\*****\Desktop\aswMBR.txt"



tdsskiller:
18:54:59.0453 0696 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
18:55:00.0156 0696 ============================================================
18:55:00.0156 0696 Current date / time: 2012/05/09 18:55:00.0156
18:55:00.0156 0696 SystemInfo:
18:55:00.0156 0696
18:55:00.0156 0696 OS Version: 5.1.2600 ServicePack: 3.0
18:55:00.0156 0696 Product type: Workstation
18:55:00.0156 0696 ComputerName: ********
18:55:00.0156 0696 UserName: *******
18:55:00.0156 0696 Windows directory: C:\WINDOWS
18:55:00.0156 0696 System windows directory: C:\WINDOWS
18:55:00.0156 0696 Processor architecture: Intel x86
18:55:00.0156 0696 Number of processors: 2
18:55:00.0156 0696 Page size: 0x1000
18:55:00.0156 0696 Boot type: Normal boot
18:55:00.0156 0696 ============================================================
18:55:02.0375 0696 Drive \Device\Harddisk0\DR0 - Size: 0x16F0649400 (91.76 Gb), SectorSize: 0x200, Cylinders: 0x2ECA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:55:02.0375 0696 ============================================================
18:55:02.0375 0696 \Device\Harddisk0\DR0:
18:55:02.0375 0696 MBR partitions:
18:55:02.0375 0696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0xADAD248
18:55:02.0375 0696 ============================================================
18:55:02.0656 0696 C: <-> \Device\Harddisk0\DR0\Partition0
18:55:02.0656 0696 ============================================================
18:55:02.0656 0696 Initialize success
18:55:02.0656 0696 ============================================================
18:55:11.0718 0348 ============================================================
18:55:11.0718 0348 Scan started
18:55:11.0718 0348 Mode: Manual;
18:55:11.0718 0348 ============================================================
18:55:12.0296 0348 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:55:12.0296 0348 !SASCORE - ok
18:55:12.0500 0348 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
18:55:12.0500 0348 61883 - ok
18:55:12.0500 0348 Abiosdsk - ok
18:55:12.0546 0348 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:55:12.0546 0348 abp480n5 - ok
18:55:12.0593 0348 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:55:12.0593 0348 ACPI - ok
18:55:12.0625 0348 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:55:12.0625 0348 ACPIEC - ok
18:55:12.0656 0348 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:55:12.0656 0348 adpu160m - ok
18:55:12.0703 0348 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:55:12.0703 0348 aec - ok
18:55:12.0812 0348 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:55:12.0812 0348 AFD - ok
18:55:12.0875 0348 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
18:55:12.0875 0348 AFS2K - ok
18:55:12.0921 0348 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:55:12.0921 0348 agp440 - ok
18:55:12.0937 0348 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:55:12.0937 0348 agpCPQ - ok
18:55:12.0953 0348 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:55:12.0953 0348 Aha154x - ok
18:55:12.0968 0348 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:55:12.0984 0348 aic78u2 - ok
18:55:13.0000 0348 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:55:13.0000 0348 aic78xx - ok
18:55:13.0046 0348 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:55:13.0046 0348 Alerter - ok
18:55:13.0078 0348 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:55:13.0078 0348 ALG - ok
18:55:13.0109 0348 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:55:13.0109 0348 AliIde - ok
18:55:13.0140 0348 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:55:13.0140 0348 alim1541 - ok
18:55:13.0187 0348 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:55:13.0187 0348 amdagp - ok
18:55:13.0218 0348 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:55:13.0218 0348 amsint - ok
18:55:13.0296 0348 AngelUsb (3e36632373073b984c0114e0c03cc41a) C:\WINDOWS\system32\DRIVERS\AngelUsb.sys
18:55:13.0296 0348 AngelUsb - ok
18:55:13.0359 0348 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
18:55:13.0359 0348 APPDRV - ok
18:55:13.0515 0348 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
18:55:13.0531 0348 Apple Mobile Device - ok
18:55:13.0578 0348 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:55:13.0593 0348 AppMgmt - ok
18:55:13.0625 0348 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:55:13.0625 0348 Arp1394 - ok
18:55:13.0671 0348 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:55:13.0671 0348 asc - ok
18:55:13.0687 0348 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:55:13.0703 0348 asc3350p - ok
18:55:13.0718 0348 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:55:13.0718 0348 asc3550 - ok
18:55:13.0781 0348 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
18:55:13.0781 0348 ASCTRM - ok
18:55:14.0000 0348 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:55:14.0000 0348 aspnet_state - ok
18:55:14.0031 0348 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:55:14.0031 0348 AsyncMac - ok
18:55:14.0093 0348 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:55:14.0093 0348 atapi - ok
18:55:14.0093 0348 Atdisk - ok
18:55:14.0140 0348 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:55:14.0140 0348 Atmarpc - ok
18:55:14.0296 0348 ATTRcAppSvc (1ef6a29613b5f7640f0103e5ba988a5f) C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
18:55:14.0296 0348 ATTRcAppSvc - ok
18:55:14.0359 0348 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:55:14.0359 0348 AudioSrv - ok
18:55:14.0437 0348 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:55:14.0437 0348 audstub - ok
18:55:14.0484 0348 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
18:55:14.0484 0348 Avc - ok
18:55:14.0500 0348 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
18:55:14.0500 0348 bcm4sbxp - ok
18:55:14.0562 0348 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:55:14.0562 0348 Beep - ok
18:55:14.0609 0348 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:55:14.0609 0348 BITS - ok
18:55:14.0671 0348 Bluetooth Hid Switch Service (b26e18adaa16e507166e3b61e79a1e25) C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
18:55:14.0687 0348 Bluetooth Hid Switch Service - ok
18:55:14.0734 0348 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\WINDOWS\system32\drivers\BMLoad.sys
18:55:14.0734 0348 BMLoad - ok
18:55:14.0796 0348 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
18:55:14.0812 0348 Bonjour Service - ok
18:55:14.0828 0348 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:55:14.0828 0348 Browser - ok
18:55:14.0968 0348 catchme - ok
18:55:15.0000 0348 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:55:15.0000 0348 cbidf - ok
18:55:15.0015 0348 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:55:15.0015 0348 cbidf2k - ok
18:55:15.0046 0348 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:55:15.0046 0348 CCDECODE - ok
18:55:15.0046 0348 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:55:15.0062 0348 cd20xrnt - ok
18:55:15.0093 0348 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:55:15.0093 0348 Cdaudio - ok
18:55:15.0109 0348 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:55:15.0109 0348 Cdfs - ok
18:55:15.0187 0348 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
18:55:15.0187 0348 Cdr4_xp - ok
18:55:15.0203 0348 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
18:55:15.0203 0348 Cdralw2k - ok
18:55:15.0203 0348 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:55:15.0203 0348 Cdrom - ok
18:55:15.0218 0348 Changer - ok
18:55:15.0281 0348 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:55:15.0281 0348 CiSvc - ok
18:55:15.0296 0348 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:55:15.0296 0348 ClipSrv - ok
18:55:15.0484 0348 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:55:15.0500 0348 clr_optimization_v2.0.50727_32 - ok
18:55:15.0500 0348 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:55:15.0500 0348 CmBatt - ok
18:55:15.0546 0348 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:55:15.0546 0348 CmdIde - ok
18:55:15.0562 0348 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:55:15.0562 0348 Compbatt - ok
18:55:15.0562 0348 COMSysApp - ok
18:55:15.0578 0348 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:55:15.0578 0348 Cpqarray - ok
18:55:15.0640 0348 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
18:55:15.0640 0348 cpudrv - ok
18:55:15.0687 0348 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:55:15.0687 0348 CryptSvc - ok
18:55:15.0734 0348 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:55:15.0734 0348 dac2w2k - ok
18:55:15.0750 0348 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:55:15.0750 0348 dac960nt - ok
18:55:15.0843 0348 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:55:15.0859 0348 DcomLaunch - ok
18:55:15.0921 0348 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:55:15.0921 0348 Dhcp - ok
18:55:15.0937 0348 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:55:15.0937 0348 Disk - ok
18:55:15.0953 0348 dmadmin - ok
18:55:16.0062 0348 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:55:16.0062 0348 dmboot - ok
18:55:16.0093 0348 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:55:16.0093 0348 dmio - ok
18:55:16.0109 0348 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:55:16.0109 0348 dmload - ok
18:55:16.0156 0348 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:55:16.0156 0348 dmserver - ok
18:55:16.0187 0348 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:55:16.0187 0348 DMusic - ok
18:55:16.0296 0348 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:55:16.0296 0348 Dnscache - ok
18:55:16.0359 0348 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:55:16.0359 0348 Dot3svc - ok
18:55:16.0406 0348 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:55:16.0406 0348 dpti2o - ok
18:55:16.0437 0348 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:55:16.0437 0348 drmkaud - ok
18:55:16.0515 0348 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
18:55:16.0515 0348 drvmcdb - ok
18:55:16.0515 0348 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
18:55:16.0515 0348 drvnddm - ok
18:55:16.0718 0348 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
18:55:16.0718 0348 DSBrokerService - ok
18:55:16.0765 0348 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
18:55:16.0765 0348 DSproct - ok
18:55:16.0796 0348 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
18:55:16.0796 0348 dsunidrv - ok
18:55:16.0843 0348 DVDVRRdr_xp (1a38c4cfbce23a619d9f66fd6dec1cee) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
18:55:16.0843 0348 DVDVRRdr_xp - ok
18:55:16.0875 0348 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:55:16.0875 0348 E100B - ok
18:55:16.0984 0348 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:55:16.0984 0348 EapHost - ok
18:55:17.0062 0348 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
18:55:17.0062 0348 ehRecvr - ok
18:55:17.0078 0348 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
18:55:17.0078 0348 ehSched - ok
18:55:17.0156 0348 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:55:17.0156 0348 ERSvc - ok
18:55:17.0218 0348 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:55:17.0218 0348 Eventlog - ok
18:55:17.0312 0348 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:55:17.0312 0348 EventSystem - ok
18:55:17.0593 0348 EvtEng (c37b83b51cdf10e5bb6f78a7e4fed11a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:55:17.0593 0348 EvtEng - ok
18:55:17.0781 0348 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:55:17.0781 0348 Fastfat - ok
18:55:17.0828 0348 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:55:17.0828 0348 FastUserSwitchingCompatibility - ok
18:55:17.0890 0348 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
18:55:17.0906 0348 Fax - ok
18:55:17.0937 0348 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:55:17.0937 0348 Fdc - ok
18:55:17.0984 0348 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:55:17.0984 0348 Fips - ok
18:55:18.0015 0348 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:55:18.0015 0348 Flpydisk - ok
18:55:18.0078 0348 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:55:18.0093 0348 FltMgr - ok
18:55:18.0296 0348 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:55:18.0296 0348 FontCache3.0.0.0 - ok
18:55:18.0312 0348 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:55:18.0312 0348 Fs_Rec - ok
18:55:18.0328 0348 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:55:18.0343 0348 Ftdisk - ok
18:55:18.0406 0348 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:55:18.0421 0348 GEARAspiWDM - ok
18:55:18.0578 0348 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
18:55:18.0578 0348 GoToAssist - ok
18:55:18.0640 0348 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:55:18.0640 0348 Gpc - ok
18:55:18.0734 0348 GTUHSBUS (d55a64f36b429665b351133f4e1eefe5) C:\WINDOWS\system32\DRIVERS\gtuhsbus.sys
18:55:18.0734 0348 GTUHSBUS - ok
18:55:18.0734 0348 GTUHSNDISIPXP (551b0b6b5d3b35526d7153ed0ad03001) C:\WINDOWS\system32\DRIVERS\gtuhs51.sys
18:55:18.0750 0348 GTUHSNDISIPXP - ok
18:55:18.0750 0348 GTUHSSER (b97cad5584370cba9840f22b14d7f14c) C:\WINDOWS\system32\DRIVERS\gtuhsser.sys
18:55:18.0750 0348 GTUHSSER - ok
18:55:18.0859 0348 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:55:18.0875 0348 gupdate - ok
18:55:18.0875 0348 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:55:18.0875 0348 gupdatem - ok
18:55:18.0968 0348 gusvc (1bf044e23206fddc16891a32922d571b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:55:18.0968 0348 gusvc - ok
18:55:19.0046 0348 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:55:19.0046 0348 HDAudBus - ok
18:55:19.0171 0348 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:55:19.0171 0348 helpsvc - ok
18:55:19.0218 0348 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
18:55:19.0218 0348 HidIr - ok
18:55:19.0265 0348 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:55:19.0265 0348 HidServ - ok
18:55:19.0281 0348 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:55:19.0281 0348 HidUsb - ok
18:55:19.0359 0348 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:55:19.0359 0348 hkmsvc - ok
18:55:19.0406 0348 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:55:19.0406 0348 hpn - ok
18:55:19.0546 0348 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
18:55:19.0546 0348 HSF_DPV - ok
18:55:19.0578 0348 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
18:55:19.0578 0348 HSXHWAZL - ok
18:55:19.0671 0348 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:55:19.0687 0348 HTTP - ok
18:55:19.0734 0348 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:55:19.0750 0348 HTTPFilter - ok
18:55:19.0796 0348 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:55:19.0796 0348 i2omgmt - ok
18:55:19.0828 0348 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:55:19.0828 0348 i2omp - ok
18:55:19.0859 0348 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:55:19.0859 0348 i8042prt - ok
18:55:19.0937 0348 Icam4USB (222f74130a2e3a2ed655226d97f03812) C:\WINDOWS\system32\Drivers\Icam4USB.sys
18:55:19.0937 0348 Icam4USB - ok
18:55:20.0218 0348 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:55:20.0234 0348 idsvc - ok
18:55:20.0234 0348 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:55:20.0234 0348 Imapi - ok
18:55:20.0312 0348 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:55:20.0312 0348 ImapiService - ok
18:55:20.0343 0348 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:55:20.0343 0348 ini910u - ok
18:55:20.0375 0348 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:55:20.0375 0348 IntelIde - ok
18:55:20.0437 0348 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:55:20.0437 0348 intelppm - ok
18:55:20.0468 0348 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:55:20.0468 0348 Ip6Fw - ok
18:55:20.0531 0348 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:55:20.0531 0348 IpFilterDriver - ok
18:55:20.0578 0348 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:55:20.0578 0348 IpInIp - ok
18:55:20.0640 0348 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:55:20.0640 0348 IpNat - ok
18:55:20.0828 0348 iPod Service (1e6f080d5edb4c3b4c4eb787a0848dcc) C:\Program Files\iPod\bin\iPodService.exe
18:55:20.0843 0348 iPod Service - ok
18:55:20.0890 0348 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:55:20.0890 0348 IPSec - ok
18:55:20.0953 0348 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
18:55:20.0953 0348 IrBus - ok
18:55:20.0984 0348 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:55:20.0984 0348 IRENUM - ok
18:55:21.0031 0348 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:55:21.0031 0348 isapnp - ok
18:55:21.0203 0348 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
18:55:21.0203 0348 JavaQuickStarterService - ok
18:55:21.0250 0348 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:55:21.0250 0348 Kbdclass - ok
18:55:21.0312 0348 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:55:21.0312 0348 kbdhid - ok
18:55:21.0390 0348 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:55:21.0390 0348 kmixer - ok
18:55:21.0453 0348 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:55:21.0453 0348 KSecDD - ok
18:55:21.0500 0348 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:55:21.0500 0348 lanmanserver - ok
18:55:21.0515 0348 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:55:21.0531 0348 lanmanworkstation - ok
18:55:21.0531 0348 lbrtfdc - ok
18:55:21.0828 0348 LeapFrog Connect Device Service (96639bad7601260cf662d41d4545c195) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
18:55:21.0843 0348 LeapFrog Connect Device Service - ok
18:55:22.0046 0348 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:55:22.0046 0348 LmHosts - ok
18:55:22.0265 0348 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
18:55:22.0265 0348 McAfee SiteAdvisor Service - ok
18:55:22.0406 0348 mcmscsvc (cb3a8976de2f65349322da7627cea223) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
18:55:22.0421 0348 mcmscsvc - ok
18:55:22.0750 0348 McNASvc (c69e71e00b30b60556d3e096699bd423) c:\program files\common files\mcafee\mna\mcnasvc.exe
18:55:22.0765 0348 McNASvc - ok
18:55:22.0859 0348 McODS (21456f3051cbefd1f2d60d8b9ab9c6ee) C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
18:55:22.0875 0348 McODS - ok
18:55:22.0953 0348 McProxy (8cf3da0be6094c34d7c4a85493e60547) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
18:55:22.0968 0348 McProxy - ok
18:55:23.0218 0348 McrdSvc (bec8d118490817f93fbe620b30ec7264) C:\WINDOWS\ehome\McrdSvc.exe
18:55:23.0218 0348 McrdSvc - ok
18:55:23.0312 0348 McShield (33734abfa52ec8d096a1254d645e9b4f) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
18:55:23.0312 0348 McShield - ok
18:55:23.0421 0348 McSysmon (fd47df2bcc3544df65b01ad6b6062430) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
18:55:23.0437 0348 McSysmon - ok
18:55:23.0609 0348 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:55:23.0609 0348 mdmxsdk - ok
18:55:23.0656 0348 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:55:23.0656 0348 Messenger - ok
18:55:23.0718 0348 mfeavfk (c97cbfd71c1c215150a3b3e55f77a7a3) C:\WINDOWS\system32\drivers\mfeavfk.sys
18:55:23.0718 0348 mfeavfk - ok
18:55:23.0734 0348 mfebopk (5447338b83a1a2354fb2fea7604387fd) C:\WINDOWS\system32\drivers\mfebopk.sys
18:55:23.0734 0348 mfebopk - ok
18:55:23.0781 0348 mfehidk (6c9a6ed60b8fc3baf72fe1b1d096445b) C:\WINDOWS\system32\drivers\mfehidk.sys
18:55:23.0781 0348 mfehidk - ok
18:55:23.0843 0348 mferkdk (a551154b51d6a93fccf70fc4e8eaf4bd) C:\WINDOWS\system32\drivers\mferkdk.sys
18:55:23.0859 0348 mferkdk - ok
18:55:23.0890 0348 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\WINDOWS\system32\drivers\mfesmfk.sys
18:55:23.0890 0348 mfesmfk - ok
18:55:23.0953 0348 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
18:55:23.0953 0348 MHN - ok
18:55:24.0000 0348 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:55:24.0015 0348 MHNDRV - ok
18:55:24.0046 0348 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:55:24.0046 0348 mnmdd - ok
18:55:24.0140 0348 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:55:24.0140 0348 mnmsrvc - ok
18:55:24.0203 0348 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:55:24.0203 0348 Modem - ok
18:55:24.0218 0348 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:55:24.0218 0348 Mouclass - ok
18:55:24.0281 0348 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:55:24.0281 0348 mouhid - ok
18:55:24.0296 0348 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:55:24.0296 0348 MountMgr - ok
18:55:24.0375 0348 MPFP (e454f42ae5524d695d76eab5d363b8ac) C:\WINDOWS\system32\Drivers\Mpfp.sys
18:55:24.0375 0348 MPFP - ok
18:55:24.0687 0348 MpfService (346f30f1ff73553aa466f4ae7948da00) C:\Program Files\McAfee\MPF\MPFSrv.exe
18:55:24.0687 0348 MpfService - ok
18:55:24.0734 0348 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:55:24.0734 0348 mraid35x - ok
18:55:24.0796 0348 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:55:24.0796 0348 MRxDAV - ok
18:55:24.0921 0348 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:55:24.0921 0348 MRxSmb - ok
18:55:25.0000 0348 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:55:25.0000 0348 MSDTC - ok
18:55:25.0046 0348 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
18:55:25.0046 0348 MSDV - ok
18:55:25.0046 0348 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:55:25.0046 0348 Msfs - ok
18:55:25.0062 0348 MSIServer - ok
18:55:25.0140 0348 MSK80Service (a05de3535884270b8d292dcbdd6ded20) C:\Program Files\McAfee\MSK\MskSrver.exe
18:55:25.0140 0348 MSK80Service - ok
18:55:25.0187 0348 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:55:25.0187 0348 MSKSSRV - ok
18:55:25.0218 0348 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:55:25.0218 0348 MSPCLOCK - ok
18:55:25.0265 0348 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:55:25.0265 0348 MSPQM - ok
18:55:25.0312 0348 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:55:25.0312 0348 mssmbios - ok
18:55:25.0343 0348 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:55:25.0343 0348 MSTEE - ok
18:55:25.0406 0348 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:55:25.0406 0348 Mup - ok
18:55:25.0453 0348 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:55:25.0453 0348 NABTSFEC - ok
18:55:25.0531 0348 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:55:25.0531 0348 napagent - ok
18:55:25.0578 0348 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:55:25.0578 0348 NDIS - ok
18:55:25.0609 0348 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:55:25.0625 0348 NdisIP - ok
18:55:25.0671 0348 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:55:25.0671 0348 NdisTapi - ok
18:55:25.0750 0348 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:55:25.0750 0348 Ndisuio - ok
18:55:25.0765 0348 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:55:25.0765 0348 NdisWan - ok
18:55:25.0828 0348 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:55:25.0843 0348 NDProxy - ok
18:55:25.0875 0348 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:55:25.0875 0348 NetBIOS - ok
18:55:25.0921 0348 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:55:25.0921 0348 NetBT - ok
18:55:25.0968 0348 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:55:25.0984 0348 NetDDE - ok
18:55:25.0984 0348 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:55:25.0984 0348 NetDDEdsdm - ok
18:55:26.0015 0348 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:55:26.0015 0348 Netlogon - ok
18:55:26.0062 0348 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:55:26.0062 0348 Netman - ok
18:55:26.0250 0348 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:55:26.0265 0348 NetTcpPortSharing - ok
18:55:26.0656 0348 NETw5x32 (91f027c242d3ff6e5c09f92a0518297f) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
18:55:26.0703 0348 NETw5x32 - ok
18:55:27.0421 0348 NETwNx32 (d51118ea7f2699cce54e9646465c233b) C:\WINDOWS\system32\DRIVERS\NETwNx32.sys
18:55:27.0500 0348 NETwNx32 - ok
18:55:27.0640 0348 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:55:27.0640 0348 NIC1394 - ok
18:55:27.0796 0348 NICCONFIGSVC (24d29a87a141b5ccdf34260d4890be89) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
18:55:27.0796 0348 NICCONFIGSVC - ok
18:55:27.0875 0348 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:55:27.0875 0348 Nla - ok
18:55:27.0937 0348 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
18:55:27.0937 0348 nmwcd - ok
18:55:28.0000 0348 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
18:55:28.0000 0348 nmwcdc - ok
18:55:28.0015 0348 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:55:28.0015 0348 Npfs - ok
18:55:28.0062 0348 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
18:55:28.0078 0348 NSNDIS5 - ok
18:55:28.0156 0348 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:55:28.0156 0348 Ntfs - ok
18:55:28.0234 0348 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:55:28.0234 0348 NtLmSsp - ok
18:55:28.0312 0348 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:55:28.0328 0348 NtmsSvc - ok
18:55:28.0390 0348 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:55:28.0390 0348 Null - ok
18:55:28.0781 0348 nv (ccc2b6a4fc04949cbd37e40f7dc25a46) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:55:28.0828 0348 nv - ok
18:55:29.0015 0348 NVSvc (e20083f801b8a14319f023c5f4187da9) C:\WINDOWS\system32\nvsvc32.exe
18:55:29.0031 0348 NVSvc - ok
18:55:29.0062 0348 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:55:29.0062 0348 NwlnkFlt - ok
18:55:29.0078 0348 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:55:29.0078 0348 NwlnkFwd - ok
18:55:29.0156 0348 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:55:29.0156 0348 ohci1394 - ok
18:55:29.0234 0348 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
18:55:29.0234 0348 omci - ok
18:55:29.0359 0348 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:55:29.0359 0348 ose - ok
18:55:29.0390 0348 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:55:29.0390 0348 Parport - ok
18:55:29.0406 0348 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:55:29.0406 0348 PartMgr - ok
18:55:29.0453 0348 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:55:29.0453 0348 ParVdm - ok
18:55:29.0500 0348 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
18:55:29.0500 0348 pccsmcfd - ok
18:55:29.0500 0348 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:55:29.0515 0348 PCI - ok
18:55:29.0515 0348 PCIDump - ok
18:55:29.0515 0348 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:55:29.0531 0348 PCIIde - ok
18:55:29.0562 0348 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:55:29.0562 0348 Pcmcia - ok
18:55:29.0625 0348 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
18:55:29.0625 0348 pcouffin - ok
18:55:29.0671 0348 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
18:55:29.0671 0348 PCTINDIS5 - ok
18:55:29.0671 0348 PDCOMP - ok
18:55:29.0687 0348 PDFRAME - ok
18:55:29.0687 0348 PDRELI - ok
18:55:29.0703 0348 PDRFRAME - ok
18:55:29.0734 0348 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:55:29.0734 0348 perc2 - ok
18:55:29.0781 0348 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:55:29.0796 0348 perc2hib - ok
18:55:29.0843 0348 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:55:29.0843 0348 PlugPlay - ok
18:55:29.0906 0348 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:55:29.0906 0348 PolicyAgent - ok
18:55:29.0968 0348 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:55:29.0968 0348 PptpMiniport - ok
18:55:29.0968 0348 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:55:29.0984 0348 ProtectedStorage - ok
18:55:30.0000 0348 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:55:30.0000 0348 PSched - ok
18:55:30.0015 0348 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:55:30.0015 0348 Ptilink - ok
18:55:30.0093 0348 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:55:30.0093 0348 PxHelp20 - ok
18:55:30.0125 0348 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:55:30.0125 0348 ql1080 - ok
18:55:30.0125 0348 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:55:30.0140 0348 Ql10wnt - ok
18:55:30.0187 0348 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:55:30.0187 0348 ql12160 - ok
18:55:30.0203 0348 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:55:30.0203 0348 ql1240 - ok
18:55:30.0218 0348 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:55:30.0218 0348 ql1280 - ok
18:55:30.0265 0348 QWAVE (d2ea58899fcf66539fad12897b787216) C:\WINDOWS\system32\qwave.dll
18:55:30.0265 0348 QWAVE - ok
18:55:30.0328 0348 QWAVEDRV (2bb1d2baf3493362e5c1949c5f210d5f) C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
18:55:30.0328 0348 QWAVEDRV - ok
18:55:30.0406 0348 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:55:30.0406 0348 RasAcd - ok
18:55:30.0468 0348 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:55:30.0484 0348 RasAuto - ok
18:55:30.0531 0348 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:55:30.0531 0348 Rasl2tp - ok
18:55:30.0609 0348 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:55:30.0609 0348 RasMan - ok
18:55:30.0625 0348 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:55:30.0625 0348 RasPppoe - ok
18:55:30.0625 0348 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:55:30.0625 0348 Raspti - ok
18:55:30.0687 0348 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:55:30.0687 0348 Rdbss - ok
18:55:30.0687 0348 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:55:30.0703 0348 RDPCDD - ok
18:55:30.0765 0348 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:55:30.0781 0348 rdpdr - ok
18:55:30.0843 0348 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:55:30.0843 0348 RDPWD - ok
18:55:30.0890 0348 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:55:30.0890 0348 RDSessMgr - ok
18:55:30.0937 0348 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:55:30.0937 0348 redbook - ok
18:55:31.0109 0348 RegSrvc (c96980cccf84329824623b0b50383703) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:55:31.0125 0348 RegSrvc - ok
18:55:31.0171 0348 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:55:31.0171 0348 RemoteAccess - ok
18:55:31.0203 0348 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:55:31.0218 0348 RemoteRegistry - ok
18:55:31.0281 0348 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
18:55:31.0281 0348 rimmptsk - ok
18:55:31.0296 0348 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
18:55:31.0296 0348 rimsptsk - ok
18:55:31.0375 0348 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
18:55:31.0375 0348 RimVSerPort - ok
18:55:31.0406 0348 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
18:55:31.0406 0348 rismxdp - ok
18:55:31.0546 0348 RMSvc (868e6c58e9b301a768ae50e2a8e3c5d5) C:\WINDOWS\ehome\RMSvc.exe
18:55:31.0546 0348 RMSvc - ok
18:55:31.0546 0348 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
18:55:31.0562 0348 ROOTMODEM - ok
18:55:31.0625 0348 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:55:31.0625 0348 RpcLocator - ok
18:55:31.0734 0348 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:55:31.0734 0348 RpcSs - ok
18:55:31.0812 0348 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:55:31.0812 0348 RSVP - ok
18:55:32.0093 0348 S24EventMonitor (0fcb7eeb0e81a777735a5af185f56c2b) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
18:55:32.0109 0348 S24EventMonitor - ok
18:55:32.0265 0348 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
18:55:32.0265 0348 s24trans - ok
18:55:32.0296 0348 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:55:32.0312 0348 SamSs - ok
18:55:32.0437 0348 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:55:32.0437 0348 SASDIFSV - ok
18:55:32.0437 0348 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:55:32.0453 0348 SASKUTIL - ok
18:55:32.0500 0348 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
18:55:32.0515 0348 SBKUPNT - ok
18:55:32.0562 0348 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
18:55:32.0562 0348 sbp2port - ok
18:55:32.0656 0348 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:55:32.0656 0348 SCardSvr - ok
18:55:32.0734 0348 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:55:32.0734 0348 Schedule - ok
18:55:32.0765 0348 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:55:32.0765 0348 sdbus - ok
18:55:32.0812 0348 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:55:32.0812 0348 Secdrv - ok
18:55:32.0843 0348 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:55:32.0843 0348 seclogon - ok
18:55:32.0859 0348 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:55:32.0875 0348 SENS - ok
18:55:32.0906 0348 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:55:32.0906 0348 serenum - ok
18:55:32.0937 0348 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:55:32.0937 0348 Serial - ok
18:55:33.0171 0348 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:55:33.0171 0348 ServiceLayer - ok
18:55:33.0218 0348 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
18:55:33.0218 0348 sffdisk - ok
18:55:33.0265 0348 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
18:55:33.0265 0348 sffp_sd - ok
18:55:33.0265 0348 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:55:33.0281 0348 Sfloppy - ok
18:55:33.0359 0348 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:55:33.0375 0348 SharedAccess - ok
18:55:33.0437 0348 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:55:33.0453 0348 ShellHWDetection - ok
18:55:33.0453 0348 Simbad - ok
18:55:33.0500 0348 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:55:33.0500 0348 sisagp - ok
18:55:33.0515 0348 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:55:33.0515 0348 SLIP - ok
18:55:33.0562 0348 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:55:33.0562 0348 SONYPVU1 - ok
18:55:33.0593 0348 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:55:33.0593 0348 Sparrow - ok
18:55:33.0640 0348 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:55:33.0640 0348 splitter - ok
18:55:33.0718 0348 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:55:33.0718 0348 Spooler - ok
18:55:33.0843 0348 sprtsvc_dellsupportcenter - ok
18:55:33.0890 0348 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:55:33.0890 0348 sr - ok
18:55:33.0984 0348 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:55:34.0000 0348 srservice - ok
18:55:34.0109 0348 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:55:34.0109 0348 Srv - ok
18:55:34.0156 0348 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
18:55:34.0156 0348 sscdbhk5 - ok
18:55:34.0203 0348 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:55:34.0218 0348 SSDPSRV - ok
18:55:34.0218 0348 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
18:55:34.0218 0348 ssrtln - ok
18:55:34.0281 0348 stdriver (8bb19094def583e0eece1830457444ee) C:\WINDOWS\system32\DRIVERS\stdriver32.sys
18:55:34.0281 0348 stdriver - ok
18:55:34.0453 0348 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
18:55:34.0468 0348 STHDA - ok
18:55:34.0562 0348 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:55:34.0562 0348 StillCam - ok
18:55:34.0656 0348 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:55:34.0671 0348 stisvc - ok
18:55:34.0718 0348 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:55:34.0718 0348 streamip - ok
18:55:34.0734 0348 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:55:34.0734 0348 swenum - ok
18:55:34.0781 0348 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:55:34.0781 0348 swmidi - ok
18:55:34.0843 0348 swmsflt (4f3ca882769b78b7f9b1dd96df4b6996) C:\WINDOWS\System32\drivers\swmsflt.sys
18:55:34.0843 0348 swmsflt - ok
18:55:34.0859 0348 SwPrv - ok
18:55:34.0921 0348 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:55:34.0921 0348 symc810 - ok
18:55:34.0953 0348 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:55:34.0953 0348 symc8xx - ok
18:55:34.0984 0348 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:55:34.0984 0348 sym_hi - ok
18:55:35.0000 0348 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:55:35.0000 0348 sym_u3 - ok
18:55:35.0062 0348 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:55:35.0062 0348 SynTP - ok
18:55:35.0078 0348 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:55:35.0093 0348 sysaudio - ok
18:55:35.0156 0348 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:55:35.0156 0348 SysmonLog - ok
18:55:35.0203 0348 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:55:35.0218 0348 TapiSrv - ok
18:55:35.0296 0348 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:55:35.0312 0348 Tcpip - ok
18:55:35.0375 0348 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\WINDOWS\system32\drivers\tcpipBM.sys
18:55:35.0375 0348 tcpipBM - ok
18:55:35.0421 0348 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:55:35.0421 0348 TDPIPE - ok
18:55:35.0453 0348 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:55:35.0453 0348 TDTCP - ok
18:55:35.0468 0348 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:55:35.0468 0348 TermDD - ok
18:55:35.0562 0348 TermService (7a014d2211ff90c76f20b776822b332e) C:\WINDOWS\System32\termsrv.dll
18:55:35.0578 0348 TermService - ok
18:55:35.0625 0348 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
18:55:35.0625 0348 tfsnboio - ok
18:55:35.0640 0348 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
18:55:35.0656 0348 tfsncofs - ok
18:55:35.0671 0348 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
18:55:35.0671 0348 tfsndrct - ok
18:55:35.0671 0348 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
18:55:35.0671 0348 tfsndres - ok
18:55:35.0734 0348 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
18:55:35.0734 0348 tfsnifs - ok
18:55:35.0750 0348 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
18:55:35.0750 0348 tfsnopio - ok
18:55:35.0750 0348 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
18:55:35.0765 0348 tfsnpool - ok
18:55:35.0812 0348 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
18:55:35.0812 0348 tfsnudf - ok
18:55:35.0828 0348 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
18:55:35.0828 0348 tfsnudfa - ok
18:55:35.0890 0348 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:55:35.0890 0348 Themes - ok
18:55:35.0968 0348 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:55:35.0968 0348 TlntSvr - ok
18:55:36.0015 0348 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
18:55:36.0015 0348 toshidpt - ok
18:55:36.0046 0348 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:55:36.0046 0348 TosIde - ok
18:55:36.0078 0348 tosporte (0470bf2d5f49ff98464ac2c838e6a080) C:\WINDOWS\system32\DRIVERS\tosporte.sys
18:55:36.0093 0348 tosporte - ok
18:55:36.0156 0348 Tosrfbd (294675c8e4316302efe14b1a1219d942) C:\WINDOWS\system32\Drivers\tosrfbd.sys
18:55:36.0156 0348 Tosrfbd - ok
18:55:36.0171 0348 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
18:55:36.0171 0348 Tosrfbnp - ok
18:55:36.0234 0348 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
18:55:36.0234 0348 Tosrfcom - ok
18:55:36.0250 0348 Tosrfhid (7726332391d8fca1a491a17f592fd6b3) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
18:55:36.0250 0348 Tosrfhid - ok
18:55:36.0250 0348 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
18:55:36.0250 0348 tosrfnds - ok
18:55:36.0328 0348 TosRfSnd (b5518adb2b0029ff95d22e8e7336f49f) C:\WINDOWS\system32\drivers\TosRfSnd.sys
18:55:36.0328 0348 TosRfSnd - ok
18:55:36.0343 0348 Tosrfusb (7414a6461bc83a22b0ae009ace3e375b) C:\WINDOWS\system32\Drivers\tosrfusb.sys
18:55:36.0343 0348 Tosrfusb - ok
18:55:36.0421 0348 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:55:36.0421 0348 TrkWks - ok
18:55:36.0515 0348 UDFReadr (87aeb026fc1a7c13b18b3ca74cf1136d) C:\WINDOWS\system32\drivers\UDFReadr.sys
18:55:36.0515 0348 UDFReadr - ok
18:55:36.0562 0348 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:55:36.0562 0348 Udfs - ok
18:55:36.0593 0348 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:55:36.0593 0348 ultra - ok
18:55:36.0656 0348 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:55:36.0656 0348 Update - ok
18:55:36.0718 0348 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:55:36.0718 0348 upnphost - ok
18:55:36.0796 0348 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
18:55:36.0796 0348 upperdev - ok
18:55:36.0828 0348 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:55:36.0843 0348 UPS - ok
18:55:36.0906 0348 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:55:36.0906 0348 usbccgp - ok
18:55:36.0921 0348 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:55:36.0921 0348 usbehci - ok
18:55:36.0937 0348 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:55:36.0937 0348 usbhub - ok
18:55:36.0984 0348 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:55:36.0984 0348 usbprint - ok
18:55:37.0015 0348 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:55:37.0015 0348 usbscan - ok
18:55:37.0062 0348 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
18:55:37.0062 0348 usbser - ok
18:55:37.0125 0348 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
18:55:37.0125 0348 UsbserFilt - ok
18:55:37.0140 0348 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:55:37.0140 0348 USBSTOR - ok
18:55:37.0156 0348 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:55:37.0156 0348 usbuhci - ok
18:55:37.0203 0348 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\WINDOWS\system32\drivers\VCdRom.sys
18:55:37.0203 0348 vcdrom - ok
18:55:37.0265 0348 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:55:37.0265 0348 VgaSave - ok
18:55:37.0343 0348 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:55:37.0343 0348 viaagp - ok
18:55:37.0375 0348 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:55:37.0375 0348 ViaIde - ok
18:55:37.0390 0348 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:55:37.0390 0348 VolSnap - ok
18:55:37.0453 0348 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:55:37.0453 0348 VSS - ok
18:55:37.0515 0348 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:55:37.0515 0348 w32time - ok
18:55:37.0718 0348 w39n51 (b9be39d0c7419247e31138a070072299) C:\WINDOWS\system32\DRIVERS\w39n51.sys
18:55:37.0734 0348 w39n51 - ok
18:55:37.0921 0348 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:55:37.0921 0348 Wanarp - ok
18:55:37.0937 0348 wanatw - ok
18:55:37.0984 0348 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
18:55:37.0984 0348 WDC_SAM - ok
18:55:38.0078 0348 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:55:38.0078 0348 Wdf01000 - ok
18:55:38.0078 0348 WDICA - ok
18:55:38.0140 0348 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:55:38.0140 0348 wdmaud - ok
18:55:38.0218 0348 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:55:38.0218 0348 WebClient - ok
18:55:38.0375 0348 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
18:55:38.0390 0348 winachsf - ok
18:55:38.0484 0348 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:55:38.0484 0348 winmgmt - ok
18:55:38.0546 0348 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:55:38.0546 0348 WmdmPmSN - ok
18:55:38.0671 0348 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:55:38.0687 0348 Wmi - ok
18:55:38.0781 0348 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:55:38.0781 0348 WmiAcpi - ok
18:55:38.0843 0348 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:55:38.0859 0348 WmiApSrv - ok
18:55:39.0140 0348 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:55:39.0156 0348 WMPNetworkSvc - ok
18:55:39.0187 0348 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
18:55:39.0187 0348 WpdUsb - ok
18:55:39.0250 0348 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:55:39.0250 0348 WS2IFSL - ok
18:55:39.0343 0348 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:55:39.0343 0348 wscsvc - ok
18:55:39.0421 0348 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:55:39.0421 0348 WSTCODEC - ok
18:55:39.0453 0348 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:55:39.0453 0348 wuauserv - ok
18:55:39.0546 0348 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:55:39.0546 0348 WudfPf - ok
18:55:39.0578 0348 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:55:39.0578 0348 WudfRd - ok
18:55:39.0609 0348 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
18:55:39.0609 0348 WudfSvc - ok
18:55:39.0734 0348 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:55:39.0734 0348 WZCSVC - ok
18:55:39.0796 0348 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:55:39.0796 0348 xmlprov - ok
18:55:39.0843 0348 MBR (0x1B8) (dea9e81f0228b68c9adaf84c9b0cf931) \Device\Harddisk0\DR0
18:55:39.0875 0348 \Device\Harddisk0\DR0 - ok
18:55:39.0921 0348 Boot (0x1200) (25431597e3b6e4b0971add46f485cdfd) \Device\Harddisk0\DR0\Partition0
18:55:39.0921 0348 \Device\Harddisk0\DR0\Partition0 - ok
18:55:39.0921 0348 ============================================================
18:55:39.0921 0348 Scan finished
18:55:39.0921 0348 ============================================================
18:55:39.0937 2896 Detected object count: 0
18:55:39.0937 2896 Actual detected object count: 0

end of logs.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:26 AM

Posted 09 May 2012 - 09:32 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 star7010

star7010
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 09 May 2012 - 10:33 PM

Below is the log file for combofix.
No problem in running the Script.
The Machine looks stable, have not tried to load trend micro or Malwarebytes (originally it wont allow to load them) or any other program. Do not see HDD/wifi running.Machine is not sluggish over all things look normal.

log file:

ComboFix 12-05-09.01 - panky 05/09/2012 20:07:48.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1394 [GMT -7:00]
Running from: c:\documents and settings\panky\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\panky\Desktop\CFScript.txt
AV: McAfee VirusScan *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\panky\Application Data\inst.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-08 03:07 . 2012-05-08 03:07 191760 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-08 02:58 . 2012-05-08 02:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-05-07 00:26 . 2012-05-07 00:26 -------- d-----w- c:\documents and settings\panky\Application Data\SUPERAntiSpyware.com
2012-05-07 00:25 . 2012-05-08 02:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-07 00:25 . 2012-05-07 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-06 23:35 . 2012-05-06 23:35 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-02 02:29 . 2012-05-08 02:58 -------- d-----w- c:\windows\7C5B62D2F779482FA4DCA0636B06BCD7.TMP
2012-04-27 02:23 . 2012-04-27 02:24 -------- d-----w- c:\program files\DVDFab 8 Qt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2011-04-16 03:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:01 . 2005-08-16 10:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2005-08-16 10:18 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2005-08-16 10:18 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2005-08-16 10:18 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2005-08-16 10:18 385024 ------w- c:\windows\system32\html.iec
2009-10-31 14:12 . 2009-10-31 14:12 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-10-31 14:12 . 2009-10-31 14:12 185240 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-10-31 14:14 . 2009-10-31 14:14 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-10-31 14:12 . 2009-10-31 14:12 99224 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-04-14 16:26 . 2011-05-01 06:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 12:43 27648 --sh--w- c:\windows\system32\Smab0.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-09_23.43.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-02-14 03:55 . 2012-05-10 00:08 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-02-14 03:55 . 2012-05-08 11:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-02-14 03:55 . 2012-05-10 00:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-14 03:55 . 2012-05-08 11:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-05-10 00:08 . 2012-05-10 00:08 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-02-14 03:55 . 2012-05-08 11:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-30 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 94208]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7118848]
"nwiz"="nwiz.exe" [2005-12-15 1519616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-22 86016]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-09-28 185688]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2010-09-03 883272]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-2-6 24576]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-21 01:13 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 06:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-06 16:45 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 18:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 16:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-02-07 04:02 168448 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-16 02:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-02-07 03:52 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-11 11:19 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 21:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Brother\\Brmfl08b\\FAXRX.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [7/21/2008 7:37 PM 8576]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/9/2008 5:28 PM 95200]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2/1/2009 4:20 PM 14976]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [4/15/2011 10:11 PM 6878848]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [10/20/2010 9:13 PM 52824]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2010 10:31 PM 136176]
S3 AngelUsb;Angel USB MPEG Device;c:\windows\system32\drivers\AngelUsb.sys [2/6/2006 8:18 PM 375424]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [9/2/2010 7:01 PM 121416]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [7/16/2009 10:51 AM 67840]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [7/16/2009 10:53 AM 107776]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [7/16/2009 10:49 AM 8064]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2010 10:31 PM 136176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/17/2008 12:51 PM 47360]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/25/2011 8:42 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 92278985
*NewlyCreated* - ASWMBR
*Deregistered* - 92278985
*Deregistered* - aswMBR
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-25 05:31]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-25 05:31]
.
2011-04-16 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-05-11 20:32]
.
2012-05-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-05-11 20:32]
.
2010-10-28 c:\windows\Tasks\soundtapShakeIcon.job
- c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2010-10-21 04:13]
.
2011-06-12 c:\windows\Tasks\switchDowngrade.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-10-21 04:12]
.
2011-06-12 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-10-21 04:12]
.
2010-10-28 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-10-21 04:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: bmnet.dll
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 155.216.1.1
FF - ProfilePath - c:\documents and settings\panky\Application Data\Mozilla\Firefox\Profiles\38y78be3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-09 20:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'lsass.exe'(1028)
c:\windows\system32\bmnet.dll
.
Completion time: 2012-05-09 20:18:42
ComboFix-quarantined-files.txt 2012-05-10 03:18
ComboFix2.txt 2012-05-09 23:46
.
Pre-Run: 39,314,657,280 bytes free
Post-Run: 39,424,495,616 bytes free
.
- - End Of File - - 40CF9E526F1F319E9538AE72F0DC08E9

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:26 AM

Posted 09 May 2012 - 10:38 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 24
LimeWire 4.12.10
Viewpoint Media Player
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 star7010

star7010
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 09 May 2012 - 11:36 PM

After installing Java got this error:
Installer:Wrapper.createfile failed with error 5:Access is denied.

Also cannot Run MBAM give following error:
something like data base files are missing.
Tried to download a fresh copy but wont install says "Access Denied" & it stops.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:26 AM

Posted 09 May 2012 - 11:42 PM

Please do the following:

Step One
Please download Junction.zip and save it to your desktop.
Unzip it and extract junction.exe to your C:\ drive.

Step Two
Now copy (Ctrl +C) and paste (Ctrl +V) the text inside the code box below into Notepad.

@ECHO OFF
cd c:\
junction -s c:\>log.txt
start log.txt
del %0
Save it to your desktop as File name: junc.bat
Save as type: All Files

Step Three
Double click junc.bat to run it. A log will be presented. Copy and paste or attach the content of the log in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 star7010

star7010
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 09 May 2012 - 11:46 PM

cannot download the Junction.zip file, opens new window & give following error:
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error><Code>OutOfRangeInput</Code><Message>One of the request inputs is out of range.
RequestId:13ced451-671d-496b-873a-a6351320a0e6
Time:2012-05-10T04:45:32.7427858Z</Message></Error>

#14 star7010

star7010
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 10 May 2012 - 09:59 PM

Tried to download the file again but same error?
Should I go ahead & run Hijackthis?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:26 AM

Posted 10 May 2012 - 10:05 PM

try this first

Uninstall Malwarebytes

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users