Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gmer found a threat (cont. from Something turning off Automatic Updates )


  • This topic is locked This topic is locked
36 replies to this topic

#1 wicky

wicky

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glowinnadark, Washington
  • Local time:12:57 AM

Posted 08 May 2012 - 04:36 PM

I wasn't originally looking for any specific infections, but kisk advised me to run the scans from the Preparation Guide. The Gmer gave me a warning that it had found something, but it didn't specify what it had come across. kisk instructed me to post them all here, for help.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 10 May 2012 - 12:42 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 wicky

wicky
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glowinnadark, Washington
  • Local time:12:57 AM

Posted 10 May 2012 - 01:24 AM

Do you want me to copy and paste the original reports that I had attached? I didn't see the "do not attach" instruction until after I had posted, and didn't want to change the post til I got a reply. I can do that now, though, if you like. Am downloading Security check now.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 10 May 2012 - 02:12 AM

No that is ok but do only paste the new reports - it will make it that much easier for us


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 wicky

wicky
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glowinnadark, Washington
  • Local time:12:57 AM

Posted 10 May 2012 - 02:20 AM

Security Check:
Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
SUPERAntiSpyware
Secunia PSI (3.0.0.0006)
CCleaner
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Java™ 6 Update 31
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

Combo Fix:
ComboFix 12-05-09.01 - Jilana Conaway 09/05/2012 23:55:44.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3063.2602 [GMT -7:00]
Running from: c:\documents and settings\Jilana Conaway\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\pwdmon.dll
c:\windows\system32\SET9B7.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-09 06:19 . 2012-05-09 06:20 -------- d-----w- c:\documents and settings\Jilana Conaway\Local Settings\Application Data\DuelingElectrons
2012-05-09 06:18 . 2012-05-09 11:18 -------- d-----w- c:\documents and settings\Jilana Conaway\Local Settings\Application Data\Deployment
2012-05-08 06:28 . 2012-05-08 06:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-05-08 06:23 . 2012-05-08 06:23 -------- d-----w- c:\documents and settings\Jilana Conaway\Local Settings\Application Data\Secunia PSI (BETA)
2012-05-08 06:23 . 2012-05-08 06:23 -------- d-----w- c:\program files\Secunia
2012-05-08 01:10 . 2012-05-08 01:10 -------- d-----w- c:\documents and settings\Jilana Conaway\Application Data\ElevatedDiagnostics
2012-05-05 04:49 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-05-05 04:49 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2012-05-05 04:48 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-05-05 04:48 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-05-02 02:49 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-02 02:49 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-02 02:49 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-05-02 02:49 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-02 02:49 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-02 02:49 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-05-02 02:49 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-05-02 02:49 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-05-02 02:47 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-02 02:47 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-02 02:44 . 2012-05-02 02:46 -------- dc----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-05-02 02:44 . 2012-05-02 02:46 -------- d-----w- c:\program files\AVAST Software
2012-05-01 03:13 . 2012-05-01 04:07 -------- dc----w- C:\64aa6500974ec36e6612e4bbd0
2012-04-26 01:09 . 2012-04-26 01:09 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-26 01:09 . 2012-04-26 01:09 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-26 01:09 . 2012-04-26 01:09 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-19 00:28 . 2012-04-19 00:28 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 00:53 . 2012-04-01 09:45 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-08 00:53 . 2011-10-17 02:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:56 . 2011-04-29 06:09 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 1980-01-01 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 1980-01-01 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 1980-01-01 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 1980-01-01 08:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 1980-01-01 08:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 1980-01-01 08:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-27 05:59 . 2012-02-27 05:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 05:59 . 2011-02-04 09:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-26 01:09 . 2011-03-23 09:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-3-30 562232]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-05-19 13:33 127037 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 16:47 163840 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
2004-12-11 05:03 446464 ----a-w- c:\program files\IBM\Messages By IBM\ibmmessages.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBMPRC]
2005-04-27 17:53 90112 ----a-w- c:\ibmtools\utils\ibmprc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 16:47 131072 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-28 00:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-28 00:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2005-04-13 22:34 49152 ----a-w- c:\windows\system32\ico.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-01-13 16:46 135168 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 22:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 22:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-03-23 01:43 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Spooler"=2 (0x2)
"LexBceS"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ERSvc"=2 (0x2)
"DAZContentManagementService"=2 (0x2)
"ADVService"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"mnmsrvc"=3 (0x3)
"wuauserv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.749\\Agent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [01/05/2012 19:49 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [01/05/2012 19:49 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 11:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/05/2012 19:49 20696]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [30/03/2012 03:26 1295416]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [30/03/2012 03:26 681016]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [16/12/2011 07:19 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [01/04/2012 02:45 257696]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 11:58 11336]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 18:09 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/03/2011 15:05 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/03/2011 15:05 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 00:53]
.
2012-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Jilana Conaway\Application Data\Mozilla\Firefox\Profiles\fevgxtpm.default\
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?cid=mtmh04132012
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - fce8bbd500000000000000016ce44a74
FF - user.js: extensions.BabylonToolbar_i.hardId - fce8bbd500000000000000016ce44a74
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15363
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.175:16
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe
MSConfigStartUp-Google Update - c:\documents and settings\Jilana Conaway\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-Lexmark 1200 Series - c:\program files\Lexmark 1200 Series\lxczbmgr.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-Nikon Transfer Monitor - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-TkBellExe - c:\program files\real\realplayer\update\realsched.exe
MSConfigStartUp-WMPNSCFG - c:\program files\Windows Media Player\WMPNSCFG.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-10 00:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2226643987-1775502523-3396810684-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2732)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
.
**************************************************************************
.
Completion time: 2012-05-10 00:11:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 07:11
.
Pre-Run: 50,411,642,880 bytes free
Post-Run: 50,491,740,160 bytes free
.
- - End Of File - - 26DDC822C8B7BBA57EE2129850EB165C

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 10 May 2012 - 02:25 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 wicky

wicky
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glowinnadark, Washington
  • Local time:12:57 AM

Posted 10 May 2012 - 03:30 AM

tdsskiller report:
00:50:22.0640 3252 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
00:50:23.0125 3252 ============================================================
00:50:23.0125 3252 Current date / time: 2012/05/10 00:50:23.0125
00:50:23.0125 3252 SystemInfo:
00:50:23.0125 3252
00:50:23.0125 3252 OS Version: 5.1.2600 ServicePack: 3.0
00:50:23.0125 3252 Product type: Workstation
00:50:23.0125 3252 ComputerName: LENOVO-CD1A357F
00:50:23.0125 3252 UserName: Jilana Conaway
00:50:23.0125 3252 Windows directory: C:\WINDOWS
00:50:23.0125 3252 System windows directory: C:\WINDOWS
00:50:23.0125 3252 Processor architecture: Intel x86
00:50:23.0125 3252 Number of processors: 1
00:50:23.0125 3252 Page size: 0x1000
00:50:23.0125 3252 Boot type: Normal boot
00:50:23.0125 3252 ============================================================
00:50:24.0468 3252 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:50:24.0468 3252 ============================================================
00:50:24.0468 3252 \Device\Harddisk0\DR0:
00:50:24.0468 3252 MBR partitions:
00:50:24.0468 3252 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8734AFA
00:50:24.0468 3252 ============================================================
00:50:24.0468 3252 C: <-> \Device\Harddisk0\DR0\Partition0
00:50:24.0468 3252 ============================================================
00:50:24.0468 3252 Initialize success
00:50:24.0468 3252 ============================================================
00:51:01.0781 2308 ============================================================
00:51:01.0781 2308 Scan started
00:51:01.0781 2308 Mode: Manual;
00:51:01.0781 2308 ============================================================
00:51:02.0109 2308 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
00:51:02.0109 2308 Aavmker4 - ok
00:51:02.0125 2308 Abiosdsk - ok
00:51:02.0156 2308 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:51:02.0156 2308 abp480n5 - ok
00:51:02.0187 2308 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
00:51:02.0187 2308 ac97intc - ok
00:51:02.0250 2308 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:51:02.0250 2308 ACPI - ok
00:51:02.0281 2308 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:51:02.0281 2308 ACPIEC - ok
00:51:02.0328 2308 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:51:02.0343 2308 AdobeFlashPlayerUpdateSvc - ok
00:51:02.0359 2308 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:51:02.0375 2308 adpu160m - ok
00:51:02.0406 2308 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:51:02.0406 2308 aec - ok
00:51:02.0453 2308 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:51:02.0453 2308 AFD - ok
00:51:02.0500 2308 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
00:51:02.0500 2308 agp440 - ok
00:51:02.0515 2308 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:51:02.0515 2308 agpCPQ - ok
00:51:02.0531 2308 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:51:02.0531 2308 Aha154x - ok
00:51:02.0562 2308 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:51:02.0562 2308 aic78u2 - ok
00:51:02.0578 2308 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:51:02.0578 2308 aic78xx - ok
00:51:02.0781 2308 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
00:51:02.0890 2308 ALCXWDM - ok
00:51:03.0000 2308 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:51:03.0000 2308 Alerter - ok
00:51:03.0031 2308 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:51:03.0031 2308 ALG - ok
00:51:03.0109 2308 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
00:51:03.0109 2308 AliIde - ok
00:51:03.0125 2308 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:51:03.0125 2308 alim1541 - ok
00:51:03.0140 2308 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:51:03.0140 2308 amdagp - ok
00:51:03.0171 2308 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
00:51:03.0171 2308 amsint - ok
00:51:03.0187 2308 AppMgmt - ok
00:51:03.0203 2308 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
00:51:03.0218 2308 asc - ok
00:51:03.0218 2308 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:51:03.0218 2308 asc3350p - ok
00:51:03.0250 2308 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:51:03.0250 2308 asc3550 - ok
00:51:03.0359 2308 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:51:03.0359 2308 aspnet_state - ok
00:51:03.0390 2308 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
00:51:03.0390 2308 aswFsBlk - ok
00:51:03.0421 2308 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
00:51:03.0421 2308 aswMon2 - ok
00:51:03.0453 2308 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
00:51:03.0453 2308 AswRdr - ok
00:51:03.0500 2308 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
00:51:03.0500 2308 aswSnx - ok
00:51:03.0546 2308 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
00:51:03.0562 2308 aswSP - ok
00:51:03.0578 2308 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
00:51:03.0578 2308 aswTdi - ok
00:51:03.0609 2308 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:51:03.0609 2308 AsyncMac - ok
00:51:03.0625 2308 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:51:03.0625 2308 atapi - ok
00:51:03.0640 2308 Atdisk - ok
00:51:03.0671 2308 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:51:03.0671 2308 Atmarpc - ok
00:51:03.0718 2308 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:51:03.0718 2308 AudioSrv - ok
00:51:03.0734 2308 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:51:03.0734 2308 audstub - ok
00:51:03.0843 2308 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
00:51:03.0843 2308 avast! Antivirus - ok
00:51:03.0859 2308 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:51:03.0875 2308 Beep - ok
00:51:03.0906 2308 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:51:03.0921 2308 BITS - ok
00:51:03.0984 2308 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:51:03.0984 2308 Browser - ok
00:51:04.0000 2308 catchme - ok
00:51:04.0015 2308 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:51:04.0015 2308 cbidf - ok
00:51:04.0031 2308 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:51:04.0031 2308 cbidf2k - ok
00:51:04.0046 2308 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:51:04.0046 2308 CCDECODE - ok
00:51:04.0078 2308 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:51:04.0078 2308 cd20xrnt - ok
00:51:04.0109 2308 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:51:04.0125 2308 Cdaudio - ok
00:51:04.0140 2308 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:51:04.0140 2308 Cdfs - ok
00:51:04.0171 2308 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:51:04.0171 2308 Cdrom - ok
00:51:04.0187 2308 Changer - ok
00:51:04.0218 2308 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:51:04.0218 2308 CiSvc - ok
00:51:04.0265 2308 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:51:04.0281 2308 ClipSrv - ok
00:51:04.0359 2308 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:51:04.0375 2308 clr_optimization_v2.0.50727_32 - ok
00:51:04.0437 2308 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:51:04.0453 2308 clr_optimization_v4.0.30319_32 - ok
00:51:04.0468 2308 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:51:04.0484 2308 CmdIde - ok
00:51:04.0484 2308 COMSysApp - ok
00:51:04.0515 2308 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:51:04.0531 2308 Cpqarray - ok
00:51:04.0578 2308 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
00:51:04.0578 2308 cpudrv - ok
00:51:04.0625 2308 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:51:04.0625 2308 CryptSvc - ok
00:51:04.0671 2308 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:51:04.0687 2308 dac2w2k - ok
00:51:04.0703 2308 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:51:04.0703 2308 dac960nt - ok
00:51:04.0765 2308 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:51:04.0781 2308 DcomLaunch - ok
00:51:04.0843 2308 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:51:04.0859 2308 Dhcp - ok
00:51:04.0906 2308 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:51:04.0906 2308 Disk - ok
00:51:04.0921 2308 dmadmin - ok
00:51:04.0968 2308 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:51:05.0000 2308 dmboot - ok
00:51:05.0015 2308 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:51:05.0031 2308 dmio - ok
00:51:05.0046 2308 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:51:05.0046 2308 dmload - ok
00:51:05.0078 2308 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:51:05.0093 2308 dmserver - ok
00:51:05.0140 2308 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:51:05.0140 2308 DMusic - ok
00:51:05.0171 2308 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:51:05.0187 2308 Dnscache - ok
00:51:05.0234 2308 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:51:05.0250 2308 Dot3svc - ok
00:51:05.0265 2308 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:51:05.0265 2308 dpti2o - ok
00:51:05.0296 2308 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:51:05.0296 2308 drmkaud - ok
00:51:05.0312 2308 drvmcdb (0196321f41476fc1fe6b0b7c37a6051e) C:\WINDOWS\system32\drivers\drvmcdb.sys
00:51:05.0328 2308 drvmcdb - ok
00:51:05.0343 2308 drvnddm (273061d90d4af7c1539e8102c7f458b5) C:\WINDOWS\system32\drivers\drvnddm.sys
00:51:05.0343 2308 drvnddm - ok
00:51:05.0359 2308 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:51:05.0359 2308 E100B - ok
00:51:05.0406 2308 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:51:05.0406 2308 EapHost - ok
00:51:05.0453 2308 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
00:51:05.0468 2308 EGATHDRV - ok
00:51:05.0500 2308 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:51:05.0500 2308 ERSvc - ok
00:51:05.0546 2308 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:51:05.0562 2308 Eventlog - ok
00:51:05.0625 2308 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:51:05.0625 2308 EventSystem - ok
00:51:05.0671 2308 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:51:05.0671 2308 Fastfat - ok
00:51:05.0718 2308 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:51:05.0734 2308 FastUserSwitchingCompatibility - ok
00:51:05.0765 2308 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:51:05.0765 2308 Fdc - ok
00:51:05.0781 2308 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:51:05.0781 2308 Fips - ok
00:51:05.0812 2308 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:51:05.0812 2308 Flpydisk - ok
00:51:05.0859 2308 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:51:05.0859 2308 FltMgr - ok
00:51:05.0968 2308 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:51:05.0968 2308 FontCache3.0.0.0 - ok
00:51:06.0000 2308 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:51:06.0000 2308 Fs_Rec - ok
00:51:06.0046 2308 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:51:06.0062 2308 Ftdisk - ok
00:51:06.0093 2308 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:51:06.0093 2308 Gpc - ok
00:51:06.0171 2308 gupdate - ok
00:51:06.0187 2308 gupdatem - ok
00:51:06.0250 2308 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:51:06.0250 2308 helpsvc - ok
00:51:06.0296 2308 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
00:51:06.0296 2308 HidServ - ok
00:51:06.0328 2308 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:51:06.0328 2308 HidUsb - ok
00:51:06.0390 2308 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:51:06.0390 2308 hkmsvc - ok
00:51:06.0421 2308 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
00:51:06.0421 2308 hpn - ok
00:51:06.0468 2308 HSFHWBS2 (ed81914394cbafbe5cf41f1e043822f8) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
00:51:06.0484 2308 HSFHWBS2 - ok
00:51:06.0531 2308 HSF_DP (3f0ffa294544ed92e962a4e3057fb5ac) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
00:51:06.0562 2308 HSF_DP - ok
00:51:06.0609 2308 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:51:06.0625 2308 HTTP - ok
00:51:06.0656 2308 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:51:06.0671 2308 HTTPFilter - ok
00:51:06.0687 2308 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
00:51:06.0703 2308 i2omgmt - ok
00:51:06.0718 2308 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:51:06.0718 2308 i2omp - ok
00:51:06.0734 2308 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:51:06.0734 2308 i8042prt - ok
00:51:07.0000 2308 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
00:51:07.0171 2308 ialm - ok
00:51:07.0265 2308 IBM Rapid Restore Ultra Service (3d81c48470beb3d27684c4ffec9c4955) C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
00:51:07.0265 2308 IBM Rapid Restore Ultra Service - ok
00:51:07.0406 2308 ibmfilter (67cbdd7e1d9866f83d8921829893435a) C:\WINDOWS\system32\drivers\ibmfilter.sys
00:51:07.0421 2308 ibmfilter - ok
00:51:07.0531 2308 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:51:07.0531 2308 IDriverT - ok
00:51:07.0640 2308 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:51:07.0671 2308 idsvc - ok
00:51:07.0687 2308 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:51:07.0687 2308 Imapi - ok
00:51:07.0750 2308 Imapi Helper (1acad13923e467e473c3ec503223f983) C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
00:51:07.0796 2308 Imapi Helper - ok
00:51:07.0828 2308 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:51:07.0875 2308 ImapiService - ok
00:51:07.0906 2308 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:51:07.0906 2308 ini910u - ok
00:51:07.0921 2308 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:51:07.0921 2308 IntelIde - ok
00:51:07.0968 2308 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:51:07.0968 2308 intelppm - ok
00:51:08.0000 2308 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:51:08.0000 2308 Ip6Fw - ok
00:51:08.0015 2308 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:51:08.0031 2308 IpFilterDriver - ok
00:51:08.0062 2308 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:51:08.0062 2308 IpInIp - ok
00:51:08.0093 2308 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:51:08.0125 2308 IpNat - ok
00:51:08.0140 2308 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:51:08.0140 2308 IPSec - ok
00:51:08.0171 2308 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:51:08.0171 2308 IRENUM - ok
00:51:08.0218 2308 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:51:08.0218 2308 isapnp - ok
00:51:08.0328 2308 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
00:51:08.0359 2308 JavaQuickStarterService - ok
00:51:08.0390 2308 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:51:08.0390 2308 Kbdclass - ok
00:51:08.0406 2308 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:51:08.0406 2308 kbdhid - ok
00:51:08.0421 2308 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:51:08.0437 2308 kmixer - ok
00:51:08.0468 2308 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:51:08.0468 2308 KSecDD - ok
00:51:08.0500 2308 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:51:08.0531 2308 lanmanserver - ok
00:51:08.0546 2308 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:51:08.0578 2308 lanmanworkstation - ok
00:51:08.0593 2308 lbrtfdc - ok
00:51:08.0640 2308 LexBceS (a1043645d16915df12a6f2e049922a18) C:\WINDOWS\system32\LEXBCES.EXE
00:51:08.0671 2308 LexBceS - ok
00:51:08.0703 2308 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:51:08.0718 2308 LmHosts - ok
00:51:08.0765 2308 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:51:08.0765 2308 mdmxsdk - ok
00:51:08.0796 2308 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:51:08.0812 2308 Messenger - ok
00:51:08.0828 2308 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:51:08.0828 2308 mnmdd - ok
00:51:08.0875 2308 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:51:08.0890 2308 mnmsrvc - ok
00:51:08.0937 2308 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:51:08.0937 2308 Modem - ok
00:51:08.0953 2308 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:51:08.0953 2308 Mouclass - ok
00:51:09.0000 2308 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:51:09.0000 2308 mouhid - ok
00:51:09.0015 2308 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:51:09.0015 2308 MountMgr - ok
00:51:09.0062 2308 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:51:09.0062 2308 MozillaMaintenance - ok
00:51:09.0093 2308 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:51:09.0093 2308 mraid35x - ok
00:51:09.0125 2308 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:51:09.0171 2308 MRxDAV - ok
00:51:09.0234 2308 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:51:09.0281 2308 MRxSmb - ok
00:51:09.0312 2308 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:51:09.0328 2308 MSDTC - ok
00:51:09.0390 2308 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:51:09.0406 2308 Msfs - ok
00:51:09.0406 2308 MSIServer - ok
00:51:09.0437 2308 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:51:09.0453 2308 MSKSSRV - ok
00:51:09.0484 2308 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:51:09.0484 2308 MSPCLOCK - ok
00:51:09.0500 2308 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:51:09.0500 2308 MSPQM - ok
00:51:09.0531 2308 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:51:09.0531 2308 mssmbios - ok
00:51:09.0562 2308 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:51:09.0562 2308 MSTEE - ok
00:51:09.0593 2308 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:51:09.0593 2308 Mup - ok
00:51:09.0625 2308 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:51:09.0640 2308 NABTSFEC - ok
00:51:09.0687 2308 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:51:09.0718 2308 napagent - ok
00:51:09.0734 2308 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:51:09.0734 2308 NDIS - ok
00:51:09.0750 2308 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:51:09.0765 2308 NdisIP - ok
00:51:09.0781 2308 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:51:09.0781 2308 NdisTapi - ok
00:51:09.0812 2308 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:51:09.0812 2308 Ndisuio - ok
00:51:09.0828 2308 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:51:09.0828 2308 NdisWan - ok
00:51:09.0859 2308 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:51:09.0875 2308 NDProxy - ok
00:51:09.0875 2308 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:51:09.0890 2308 NetBIOS - ok
00:51:09.0921 2308 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:51:09.0953 2308 NetBT - ok
00:51:09.0984 2308 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:51:10.0015 2308 NetDDE - ok
00:51:10.0015 2308 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:51:10.0031 2308 NetDDEdsdm - ok
00:51:10.0078 2308 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:51:10.0093 2308 Netlogon - ok
00:51:10.0140 2308 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:51:10.0156 2308 Netman - ok
00:51:10.0250 2308 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:51:10.0265 2308 NetTcpPortSharing - ok
00:51:10.0312 2308 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:51:10.0328 2308 Nla - ok
00:51:10.0375 2308 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:51:10.0375 2308 Npfs - ok
00:51:10.0421 2308 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:51:10.0421 2308 Ntfs - ok
00:51:10.0437 2308 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:51:10.0437 2308 NtLmSsp - ok
00:51:10.0500 2308 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:51:10.0515 2308 NtmsSvc - ok
00:51:10.0546 2308 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:51:10.0546 2308 Null - ok
00:51:10.0656 2308 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:51:10.0703 2308 nv - ok
00:51:10.0812 2308 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:51:10.0828 2308 NwlnkFlt - ok
00:51:10.0843 2308 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:51:10.0843 2308 NwlnkFwd - ok
00:51:10.0890 2308 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:51:10.0906 2308 Parport - ok
00:51:10.0921 2308 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:51:10.0921 2308 PartMgr - ok
00:51:10.0953 2308 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:51:10.0953 2308 ParVdm - ok
00:51:10.0968 2308 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:51:10.0968 2308 PCI - ok
00:51:10.0984 2308 PCIDump - ok
00:51:11.0015 2308 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:51:11.0015 2308 PCIIde - ok
00:51:11.0046 2308 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:51:11.0062 2308 Pcmcia - ok
00:51:11.0062 2308 PDCOMP - ok
00:51:11.0078 2308 PDFRAME - ok
00:51:11.0078 2308 PDRELI - ok
00:51:11.0093 2308 PDRFRAME - ok
00:51:11.0125 2308 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
00:51:11.0125 2308 perc2 - ok
00:51:11.0140 2308 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:51:11.0140 2308 perc2hib - ok
00:51:11.0203 2308 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:51:11.0218 2308 PlugPlay - ok
00:51:11.0250 2308 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
00:51:11.0250 2308 PMEM - ok
00:51:11.0265 2308 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:51:11.0281 2308 PolicyAgent - ok
00:51:11.0312 2308 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:51:11.0312 2308 PptpMiniport - ok
00:51:11.0328 2308 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
00:51:11.0343 2308 Processor - ok
00:51:11.0343 2308 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:51:11.0359 2308 ProtectedStorage - ok
00:51:11.0375 2308 psadd (30b10051866ede0ca089082fb4dabdea) C:\WINDOWS\system32\Drivers\psadd.sys
00:51:11.0390 2308 psadd - ok
00:51:11.0390 2308 PsaSrv - ok
00:51:11.0406 2308 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:51:11.0406 2308 PSched - ok
00:51:11.0437 2308 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
00:51:11.0437 2308 PSI - ok
00:51:11.0468 2308 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:51:11.0468 2308 Ptilink - ok
00:51:11.0500 2308 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:51:11.0500 2308 PxHelp20 - ok
00:51:11.0515 2308 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
00:51:11.0531 2308 QCDonner - ok
00:51:11.0562 2308 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:51:11.0562 2308 ql1080 - ok
00:51:11.0578 2308 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:51:11.0578 2308 Ql10wnt - ok
00:51:11.0593 2308 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:51:11.0593 2308 ql12160 - ok
00:51:11.0609 2308 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:51:11.0609 2308 ql1240 - ok
00:51:11.0625 2308 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:51:11.0625 2308 ql1280 - ok
00:51:11.0656 2308 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:51:11.0656 2308 RasAcd - ok
00:51:11.0687 2308 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:51:11.0703 2308 RasAuto - ok
00:51:11.0734 2308 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:51:11.0734 2308 Rasl2tp - ok
00:51:11.0796 2308 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:51:11.0812 2308 RasMan - ok
00:51:11.0828 2308 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:51:11.0828 2308 RasPppoe - ok
00:51:11.0843 2308 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:51:11.0859 2308 Raspti - ok
00:51:11.0875 2308 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:51:11.0890 2308 Rdbss - ok
00:51:11.0906 2308 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:51:11.0906 2308 RDPCDD - ok
00:51:11.0937 2308 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:51:11.0953 2308 rdpdr - ok
00:51:12.0000 2308 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
00:51:12.0000 2308 RDPWD - ok
00:51:12.0046 2308 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:51:12.0078 2308 RDSessMgr - ok
00:51:12.0109 2308 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:51:12.0109 2308 redbook - ok
00:51:12.0156 2308 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:51:12.0171 2308 RemoteAccess - ok
00:51:12.0187 2308 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
00:51:12.0203 2308 RpcLocator - ok
00:51:12.0250 2308 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
00:51:12.0265 2308 RpcSs - ok
00:51:12.0312 2308 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:51:12.0328 2308 RSVP - ok
00:51:12.0375 2308 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
00:51:12.0375 2308 RTL8023xp - ok
00:51:12.0421 2308 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
00:51:12.0421 2308 rtl8139 - ok
00:51:12.0468 2308 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:51:12.0468 2308 SamSs - ok
00:51:12.0578 2308 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:51:12.0578 2308 SASDIFSV - ok
00:51:12.0593 2308 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:51:12.0593 2308 SASKUTIL - ok
00:51:12.0625 2308 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:51:12.0640 2308 SCardSvr - ok
00:51:12.0687 2308 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:51:12.0703 2308 Schedule - ok
00:51:12.0750 2308 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:51:12.0750 2308 Secdrv - ok
00:51:12.0796 2308 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:51:12.0812 2308 seclogon - ok
00:51:12.0984 2308 Secunia PSI Agent (64d9cac9c60ee8c2d7aeb33d6503d8bc) C:\Program Files\Secunia\PSI\PSIA.exe
00:51:13.0015 2308 Secunia PSI Agent - ok
00:51:13.0093 2308 Secunia Update Agent (791729c12f58d65489645624bef6e5f5) C:\Program Files\Secunia\PSI\sua.exe
00:51:13.0093 2308 Secunia Update Agent - ok
00:51:13.0343 2308 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:51:13.0359 2308 SENS - ok
00:51:13.0421 2308 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:51:13.0437 2308 serenum - ok
00:51:13.0453 2308 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:51:13.0453 2308 Serial - ok
00:51:13.0500 2308 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:51:13.0515 2308 Sfloppy - ok
00:51:13.0562 2308 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:51:13.0578 2308 SharedAccess - ok
00:51:13.0625 2308 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:51:13.0640 2308 ShellHWDetection - ok
00:51:13.0640 2308 Simbad - ok
00:51:13.0687 2308 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:51:13.0687 2308 sisagp - ok
00:51:13.0703 2308 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:51:13.0718 2308 SLIP - ok
00:51:13.0750 2308 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:51:13.0765 2308 Sparrow - ok
00:51:13.0781 2308 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:51:13.0796 2308 splitter - ok
00:51:13.0828 2308 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:51:13.0843 2308 Spooler - ok
00:51:13.0859 2308 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:51:13.0875 2308 sr - ok
00:51:13.0937 2308 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:51:13.0953 2308 srservice - ok
00:51:14.0000 2308 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:51:14.0015 2308 Srv - ok
00:51:14.0031 2308 sscdbhk5 (1cbd1b58a32de97899f5290b05f856db) C:\WINDOWS\system32\drivers\sscdbhk5.sys
00:51:14.0031 2308 sscdbhk5 - ok
00:51:14.0078 2308 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:51:14.0093 2308 SSDPSRV - ok
00:51:14.0109 2308 ssrtln (7fb07ac152d7a87e66204860002bd9a4) C:\WINDOWS\system32\drivers\ssrtln.sys
00:51:14.0109 2308 ssrtln - ok
00:51:14.0156 2308 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:51:14.0171 2308 stisvc - ok
00:51:14.0218 2308 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:51:14.0218 2308 streamip - ok
00:51:14.0234 2308 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:51:14.0234 2308 swenum - ok
00:51:14.0265 2308 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:51:14.0281 2308 swmidi - ok
00:51:14.0281 2308 SwPrv - ok
00:51:14.0328 2308 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
00:51:14.0328 2308 symc810 - ok
00:51:14.0343 2308 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:51:14.0343 2308 symc8xx - ok
00:51:14.0359 2308 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:51:14.0359 2308 sym_hi - ok
00:51:14.0375 2308 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:51:14.0375 2308 sym_u3 - ok
00:51:14.0421 2308 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:51:14.0437 2308 sysaudio - ok
00:51:14.0453 2308 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:51:14.0484 2308 SysmonLog - ok
00:51:14.0531 2308 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:51:14.0546 2308 TapiSrv - ok
00:51:14.0625 2308 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:51:14.0625 2308 Tcpip - ok
00:51:14.0640 2308 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:51:14.0656 2308 TDPIPE - ok
00:51:14.0671 2308 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:51:14.0671 2308 TDTCP - ok
00:51:14.0703 2308 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:51:14.0703 2308 TermDD - ok
00:51:14.0765 2308 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:51:14.0781 2308 TermService - ok
00:51:14.0828 2308 tfsnboio (9acc8b321ac40d09f8ede8c86e125da3) C:\WINDOWS\system32\dla\tfsnboio.sys
00:51:14.0828 2308 tfsnboio - ok
00:51:14.0843 2308 tfsncofs (de9189d99ebcbbab2b31b6b09c9c3009) C:\WINDOWS\system32\dla\tfsncofs.sys
00:51:14.0843 2308 tfsncofs - ok
00:51:14.0859 2308 tfsndrct (61ad01c2e8365608831f46a7bf85a4c8) C:\WINDOWS\system32\dla\tfsndrct.sys
00:51:14.0859 2308 tfsndrct - ok
00:51:14.0890 2308 tfsndres (0d3463ada11b5cd081e49f74a79d7458) C:\WINDOWS\system32\dla\tfsndres.sys
00:51:14.0890 2308 tfsndres - ok
00:51:14.0906 2308 tfsnifs (760d69f3bd16de68b235ba9cafab5dd1) C:\WINDOWS\system32\dla\tfsnifs.sys
00:51:14.0906 2308 tfsnifs - ok
00:51:14.0921 2308 tfsnopio (1e2ad02f3557e18d4b77ccc20d370318) C:\WINDOWS\system32\dla\tfsnopio.sys
00:51:14.0921 2308 tfsnopio - ok
00:51:14.0937 2308 tfsnpool (3e43969d4d7f9140483d150fa35d4c72) C:\WINDOWS\system32\dla\tfsnpool.sys
00:51:14.0937 2308 tfsnpool - ok
00:51:14.0953 2308 tfsnudf (07b9263a4f470c75bd4c54871e6072e7) C:\WINDOWS\system32\dla\tfsnudf.sys
00:51:14.0953 2308 tfsnudf - ok
00:51:14.0968 2308 tfsnudfa (f2c9d20d32d782b3f311a5b256d83803) C:\WINDOWS\system32\dla\tfsnudfa.sys
00:51:14.0968 2308 tfsnudfa - ok
00:51:15.0015 2308 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:51:15.0031 2308 Themes - ok
00:51:15.0062 2308 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
00:51:15.0078 2308 TosIde - ok
00:51:15.0109 2308 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:51:15.0171 2308 TrkWks - ok
00:51:15.0203 2308 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:51:15.0203 2308 Udfs - ok
00:51:15.0250 2308 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
00:51:15.0250 2308 ultra - ok
00:51:15.0312 2308 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:51:15.0312 2308 Update - ok
00:51:15.0359 2308 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:51:15.0375 2308 upnphost - ok
00:51:15.0406 2308 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:51:15.0421 2308 UPS - ok
00:51:15.0453 2308 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:51:15.0453 2308 usbccgp - ok
00:51:15.0500 2308 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:51:15.0500 2308 usbehci - ok
00:51:15.0531 2308 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:51:15.0531 2308 usbhub - ok
00:51:15.0562 2308 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:51:15.0562 2308 usbprint - ok
00:51:15.0593 2308 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:51:15.0609 2308 usbscan - ok
00:51:15.0625 2308 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:51:15.0625 2308 USBSTOR - ok
00:51:15.0671 2308 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:51:15.0671 2308 usbuhci - ok
00:51:15.0703 2308 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:51:15.0718 2308 VgaSave - ok
00:51:15.0734 2308 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:51:15.0750 2308 viaagp - ok
00:51:15.0765 2308 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
00:51:15.0765 2308 ViaIde - ok
00:51:15.0812 2308 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:51:15.0812 2308 VolSnap - ok
00:51:15.0859 2308 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:51:15.0890 2308 VSS - ok
00:51:15.0921 2308 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:51:15.0953 2308 W32Time - ok
00:51:15.0968 2308 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:51:15.0968 2308 Wanarp - ok
00:51:15.0984 2308 WDICA - ok
00:51:16.0015 2308 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:51:16.0031 2308 wdmaud - ok
00:51:16.0046 2308 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:51:16.0062 2308 WebClient - ok
00:51:16.0140 2308 winachsf (6f25b08ebbac9e02e6a0829f2c28999b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:51:16.0171 2308 winachsf - ok
00:51:16.0281 2308 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:51:16.0296 2308 winmgmt - ok
00:51:16.0359 2308 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
00:51:16.0375 2308 WmdmPmSN - ok
00:51:16.0421 2308 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:51:16.0453 2308 WmiApSrv - ok
00:51:16.0515 2308 WMPNetworkSvc - ok
00:51:16.0687 2308 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:51:16.0703 2308 WPFFontCache_v0400 - ok
00:51:16.0765 2308 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:51:16.0765 2308 WS2IFSL - ok
00:51:16.0796 2308 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
00:51:16.0812 2308 wscsvc - ok
00:51:16.0843 2308 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:51:16.0843 2308 WSTCODEC - ok
00:51:16.0906 2308 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:51:16.0921 2308 wuauserv - ok
00:51:16.0968 2308 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:51:16.0968 2308 WudfPf - ok
00:51:16.0984 2308 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:51:17.0000 2308 WudfRd - ok
00:51:17.0015 2308 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:51:17.0031 2308 WudfSvc - ok
00:51:17.0093 2308 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:51:17.0125 2308 WZCSVC - ok
00:51:17.0171 2308 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:51:17.0187 2308 xmlprov - ok
00:51:17.0234 2308 MBR (0x1B8) (551348c14cbccfa3642e7c2d2525fd5d) \Device\Harddisk0\DR0
00:51:17.0265 2308 \Device\Harddisk0\DR0 - ok
00:51:17.0281 2308 Boot (0x1200) (d8688219d928bc2b66f6abc771cc1ecc) \Device\Harddisk0\DR0\Partition0
00:51:17.0281 2308 \Device\Harddisk0\DR0\Partition0 - ok
00:51:17.0281 2308 ============================================================
00:51:17.0281 2308 Scan finished
00:51:17.0281 2308 ============================================================
00:51:17.0296 3516 Detected object count: 0
00:51:17.0296 3516 Actual detected object count: 0

aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-10 00:52:48
-----------------------------
00:52:48.156 OS Version: Windows 5.1.2600 Service Pack 3
00:52:48.156 Number of processors: 1 586 0x409
00:52:48.156 ComputerName: LENOVO-CD1A357F UserName: Jilana Conaway
00:52:48.937 Initialize success
00:52:49.140 AVAST engine defs: 12050901
00:53:24.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:53:24.828 Disk 0 Vendor: WDC_WD800JD-22LSA0 06.01D06 Size: 76319MB BusType: 3
00:53:24.843 Disk 0 MBR read successfully
00:53:24.843 Disk 0 MBR scan
00:53:24.843 Disk 0 unknown MBR code
00:53:24.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 69225 MB offset 63
00:53:24.859 Disk 0 Partition 2 00 12 Compaq diag MSWIN4.1 7091 MB offset 141773625
00:53:24.859 Disk 0 scanning sectors +156296385
00:53:24.890 Disk 0 scanning C:\WINDOWS\system32\drivers
00:53:36.296 Service scanning
00:53:50.875 Modules scanning
00:53:55.687 Disk 0 trace - called modules:
00:53:55.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:53:56.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adeaab8]
00:53:56.062 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000005f[0x8ada1f18]
00:53:56.062 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad9f940]
00:53:56.296 AVAST engine scan C:\WINDOWS
00:54:00.546 AVAST engine scan C:\WINDOWS\system32
00:54:30.968 File: C:\WINDOWS\system32\hkcmd.exe **INFECTED** Win32:Malware-gen
00:56:31.765 AVAST engine scan C:\WINDOWS\system32\drivers
00:56:48.843 AVAST engine scan C:\Documents and Settings\Jilana Conaway
01:01:03.718 AVAST engine scan C:\Documents and Settings\All Users
01:01:35.421 Scan finished successfully
01:28:58.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jilana Conaway\Desktop\MBR.dat"
01:28:58.531 The log file has been saved successfully to "C:\Documents and Settings\Jilana Conaway\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 10 May 2012 - 03:51 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
hkcmd.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 wicky

wicky
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glowinnadark, Washington
  • Local time:12:57 AM

Posted 10 May 2012 - 09:10 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 07:07 on 10/05/2012 by Jilana Conaway
Administrator - Elevation successful

========== filefind ==========

Searching for "hkcmd.exe"
C:\DRIVERS\VIDEO\HKCMD.EXE --a---- 126976 bytes [18:16 10/03/2005] [18:16 10/03/2005] 8B48F0AE425CA221AF743715DEDFA26D
C:\IBMTools\drivers\VIDEO\INTEL\WXP\WIN2000\HKCMD.EXE --a---- 126976 bytes [18:16 10/03/2005] [18:16 10/03/2005] 8B48F0AE425CA221AF743715DEDFA26D
C:\WINDOWS\system32\hkcmd.exe --a---- 163840 bytes [08:00 01/01/1980] [16:47 13/01/2007] DDE4A991F26179573D2CFA7A093F56FA
C:\WINDOWS\system32\DRVSTORE\igxp32_4D226E7C758A79C1253BA55C5288A4315667C2F3\hkcmd.exe --a--c- 114688 bytes [09:11 04/02/2011] [22:41 14/08/2006] 61FF610F012F052EDDA9325597C716B7
C:\WINDOWS\system32\DRVSTORE\igxp32_757949EFDD70357EE37252D828ACA09CDF5C75B7\hkcmd.exe --a--c- 163840 bytes [00:43 10/04/2011] [16:47 13/01/2007] DDE4A991F26179573D2CFA7A093F56FA
C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\hkcmd.exe --a---- 163840 bytes [10:14 21/08/2011] [16:47 13/01/2007] DDE4A991F26179573D2CFA7A093F56FA

-= EOF =-

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 10 May 2012 - 02:13 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\documents and settings\Jilana Conaway\Application Data\Mozilla\Firefox\Profiles\fevgxtpm.default\
FF - user.js: extensions.BabylonToolbar_i.id - fce8bbd500000000000000016ce44a74
FF - user.js: extensions.BabylonToolbar_i.hardId - fce8bbd500000000000000016ce44a74
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15363
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.175:16
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 wicky

wicky
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glowinnadark, Washington
  • Local time:12:57 AM

Posted 10 May 2012 - 04:49 PM

ComboFix 12-05-10.04 - Jilana Conaway 10/05/2012 14:35:12.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3063.2528 [GMT -7:00]
Running from: c:\documents and settings\Jilana Conaway\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jilana Conaway\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jilana Conaway\Application Data\Mozilla\Firefox\Profiles\fevgxtpm.default\searchplugins\bing-zugo.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-09 06:19 . 2012-05-09 06:20 -------- d-----w- c:\documents and settings\Jilana Conaway\Local Settings\Application Data\DuelingElectrons
2012-05-09 06:18 . 2012-05-09 11:18 -------- d-----w- c:\documents and settings\Jilana Conaway\Local Settings\Application Data\Deployment
2012-05-08 06:28 . 2012-05-08 06:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-05-08 06:23 . 2012-05-08 06:23 -------- d-----w- c:\documents and settings\Jilana Conaway\Local Settings\Application Data\Secunia PSI (BETA)
2012-05-08 06:23 . 2012-05-08 06:23 -------- d-----w- c:\program files\Secunia
2012-05-08 01:10 . 2012-05-08 01:10 -------- d-----w- c:\documents and settings\Jilana Conaway\Application Data\ElevatedDiagnostics
2012-05-05 04:49 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-05-05 04:49 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2012-05-05 04:48 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-05-05 04:48 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-05-02 02:49 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-02 02:49 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-02 02:49 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-05-02 02:49 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-02 02:49 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-02 02:49 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-05-02 02:49 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-05-02 02:49 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-05-02 02:47 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-02 02:47 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-02 02:44 . 2012-05-02 02:46 -------- dc----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-05-02 02:44 . 2012-05-02 02:46 -------- d-----w- c:\program files\AVAST Software
2012-05-01 03:13 . 2012-05-01 04:07 -------- dc----w- C:\64aa6500974ec36e6612e4bbd0
2012-04-26 01:09 . 2012-04-26 01:09 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-26 01:09 . 2012-04-26 01:09 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-26 01:09 . 2012-04-26 01:09 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-19 00:28 . 2012-04-19 00:28 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 00:53 . 2012-04-01 09:45 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-08 00:53 . 2011-10-17 02:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:56 . 2011-04-29 06:09 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 1980-01-01 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 1980-01-01 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 1980-01-01 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 1980-01-01 08:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 1980-01-01 08:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 1980-01-01 08:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-27 05:59 . 2012-02-27 05:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 05:59 . 2011-02-04 09:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-26 01:09 . 2011-03-23 09:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-3-30 562232]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-05-19 13:33 127037 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 16:47 163840 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
2004-12-11 05:03 446464 ----a-w- c:\program files\IBM\Messages By IBM\ibmmessages.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBMPRC]
2005-04-27 17:53 90112 ----a-w- c:\ibmtools\utils\ibmprc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 16:47 131072 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-28 00:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-28 00:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2005-04-13 22:34 49152 ----a-w- c:\windows\system32\ico.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-01-13 16:46 135168 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 22:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 22:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-03-23 01:43 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Spooler"=2 (0x2)
"LexBceS"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ERSvc"=2 (0x2)
"DAZContentManagementService"=2 (0x2)
"ADVService"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"mnmsrvc"=3 (0x3)
"wuauserv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.749\\Agent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [01/05/2012 19:49 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [01/05/2012 19:49 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 11:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/05/2012 19:49 20696]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [16/12/2011 07:19 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [30/03/2012 03:26 1295416]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [30/03/2012 03:26 681016]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [01/04/2012 02:45 257696]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 11:58 11336]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 18:09 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/03/2011 15:05 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/03/2011 15:05 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 98679235
*NewlyCreated* - ASWMBR
*Deregistered* - 98679235
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 00:53]
.
2012-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Jilana Conaway\Application Data\Mozilla\Firefox\Profiles\fevgxtpm.default\
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?cid=mtmh04132012
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-10 14:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2226643987-1775502523-3396810684-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-05-10 14:45:05
ComboFix-quarantined-files.txt 2012-05-10 21:45
ComboFix2.txt 2012-05-10 07:11
.
Pre-Run: 50,486,759,424 bytes free
Post-Run: 50,479,947,776 bytes free
.
- - End Of File - - D5FEDAD79E4BEC2005217385447851B0


Comp still laggy, sometimes almost to being unresponsive.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 10 May 2012 - 06:00 PM

Greetings



I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do



Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 wicky

wicky
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glowinnadark, Washington
  • Local time:12:57 AM

Posted 10 May 2012 - 07:46 PM

MBAM:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.08.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jilana Conaway :: LENOVO-CD1A357F [administrator]

10/05/2012 16:57:54
mbam-log-2012-05-10 (16-57-54).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219347
Time elapsed: 26 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

HiJackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:43:17, on 10/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spider.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 5246 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:57 AM

Posted 10 May 2012 - 08:53 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 wicky

wicky
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Glowinnadark, Washington
  • Local time:12:57 AM

Posted 10 May 2012 - 09:54 PM

Working on those now. I have noticed that some of my websites are not loading properly since doing all of this...could something we have done have had an effect on how my comp interprets some web pages?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users