Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Picked up Something Nasty While Searching for a Bumper


  • This topic is locked This topic is locked
30 replies to this topic

#1 HeimlichManouver

HeimlichManouver

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 10 May 2012 - 08:01 PM

My PC seems to have picked up something nasty while I was doing a BING search for a bumper. I was having some annoying redirects in the few months before this, but would just back out and try again, and usually after two times it would let me go where I intended. However during my bumper search, it landed on a site that my PC warned me was trying to run something. I canceled out of that and backed out, but after a few more minutes it closed my IE altogether. After I opened it back up, within a minute or so it did it again, along with a cascade of warnings about potential hard disk failure. At this point I just shut the PC off using the on/off switch.

The next time I turned on the PC, I did a McAffee complete scan, which revealed (and supposedly cleaned) 2 infected files. I suppose I should mention that recently my internet provider (Brighthouse) switched me from CA Security Suite to McAffee Antivirus Plus. The only thing I had to do was switch back to Windows Firewall, which I had done. Anyway, it wanted me to restart the PC, which after I did my screen background image was gone, as were my desktop icons, most of what was in my start menu, and right-clicking on the desktop no longer worked. When I went to open IE, I got a message that McAffee found another infected file, which I apologize not writing down the name, but was down in the Adobe folder and was some sort of program extension, which I couldn't delete because it was part of a process that I couldn't find but was still running.

I restarted in safe mode as Administrator, but couldn't find that same file, nor could I find it again when I restarted in normal mode. Then I tried system restore a few times both in normal mode and in safe mode, but just as it seemed it was finished (and I had restarted the PC to finish the process), it would tell me it couldn't complete the restore process.

At this point I came to these forums to try to find answers, and I have been trying to follow the instructions for running the ddr.scr and the gmer.exe. As I was first doing this as Administrator in safe mode, I was able to download these files. However, in safe mode Windows was telling me it didn't recognize a program to use to run a .scr file. In normal mode, double clicking just opens the file in notepad, so I am having trouble even getting ddr.scr to run in the first place.

As for gmer.exe, I am trying to run it for the third time now. The first two times I ran it as Administrator in safe mode. At the end of the first run-through (which took almost 12 hours), it popped up with the results, which when I went to save as the ark.txt file, gave a pop-up that Windows couldn't run some portion of whatever process it uses in order to save that file. When I clicked okay everything shut down on its own and restarted, and I lost the file. So when I restarted it I also opened notepad and saved a blank copy as ark.txt, with the intention of copying and pasting the results. However, when I first got home from work tonight, gmer was still running the check, but when I got home from a quick trip to the store an hour later,my PC was already in the process of rebooting -- what caused that I have no clue, although there was no sign of any power interruption. In other words, again I had lost all I had waited patiently for. This time I tried to execute the program from my desktop in normal mode, but when I double-clicked on the icon, it shut my PC down. So now I am back in safe mode trying to run it for a third time, and hoping I can catch it before it restarts my PC again.

I am posting anyway, in the hopes someone has an answer on how to get the info this forum needs. In the meantime I keep plugging away at trying to get the required logs. If it's any help, the gmer that's running now is reporting HKCU\Software\Microsoft|CurrentVersion\Explorer\HIdeDesktopIcons as well as (same)\ClassicStartMenu, (same)\NewStartPanel, ...CurrentVersion\Policies\Explorer@NoDriveTypeAutoRun (value is 149), ...CurrentVersion\Telephoney\HandoffPriorities@RequestMakeCall (vaue is dialer.exe). It is also reporting |Device\Harddisk0|DR0 (under "value" it is reporting "TDL4@MBR code has been found")

In addition, when I open IE I get a message that my default browser search engine has been corrupted and it would like to restore me to my default search engine, which it claims to be google. When I close that box, I get the popup list of search engines, showing Bing plus 2 googles. The thing is, I could swear I used Add/Remove Programs to remove google a few weeks ago. I think I have listed all I could remember and the steps I have taken so far, but I'll try to get those logs posted, starting with gmer tomorrow if I am successful. In the meantime, HELLLLP!!!!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 PM

Posted 11 May 2012 - 12:27 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

The next thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 HeimlichManouver

HeimlichManouver
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 11 May 2012 - 08:03 PM

Hello Gringo and thanks for assisting me. Hopefully I followed your instructions properly. First I tried unhide.exe, which only partially worked because I did it the first time while on as Administrator in safe mode, whereas once I tried it again under my own name in normal mode, it does appear to have worked. At least once I restarted the PC, my desktop came back up with the icons, the recycle bin, and my right-click menu now works again. I tested one of the icons and it di9d launch the program properly, so thanks again for restoring me at least that far.

Next as instructed I ran Security Check and I was gong to copy and paste its results herein, but it appears that running OTL somehow made it disappear, which is weird because I had also copied its .txt file to the Administrator's desktop, and it isn't showing up there either. Should I run it again?

Anyway, I also ran OTL successfully, and as instructed I shall only paste OTL for now:

OTL logfile created on: 5/11/2012 8:25:01 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 82.01% Memory free
4.59 Gb Paging File | 4.09 Gb Available in Paging File | 89.17% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.14 Gb Total Space | 11.64 Gb Free Space | 15.29% Space Free | Partition Type: NTFS
Drive D: | 188.03 Mb Total Space | 182.52 Mb Free Space | 97.07% Space Free | Partition Type: FAT
Drive F: | 7.48 Gb Total Space | 7.46 Gb Free Space | 99.74% Space Free | Partition Type: FAT32

Computer Name: MAIN-COMPUTER | User Name: Andrew Deacon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (Mentor Graphics Corporation)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\63f1339786fa9b84e97073f9859f8c51\System.WorkflowServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\56f330e897ee2b713d49400e592ab592\System.ServiceModel.Routing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\449cb8fbbaf8ae2456b7ef4a1f06bd45\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e3dc87f1531b61606b24be7c88c28464\System.ServiceModel.Channels.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b58c47b19c9590780cadddf930f6bd2a\System.ServiceModel.Activities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8a46112332f7dce3042642c03d2734ba\System.IdentityModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a283fadbb6dcc293c05dee07024f3b64\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\51b881a42d54d3042b901c7ba7708f95\System.ServiceModel.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\f819d31242643bde83aca68d511ddb27\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ddce2d77f4409af27c75950c31764df1\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\7c9e057fe6a19e87dcbbc257fe601211\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\7c9e057fe6a19e87dcbbc257fe601211\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\4b2760a79a98dde8e939e3009b3b49c0\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f2b32d7477ee2c1220bf4173743425ea\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b8e891c1c9ccf87e5f74aef0d2f171ff\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\4fde6b1690bd0bc5b57536efbde46ddb\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\717c6a68a2ad575e93bccc52a11f7c52\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\276f7b53f15e66e518278753c57b78b2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\5c5b46515e207b2025a474340de7ae15\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9876f9c772d11cfc95c3ce57ed3e641d\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\e09bc975f73e4bc24ab3eb7f6373288e\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\68131da3061b5a1c048abf73c5bae11d\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\ac9bfacce80c52220e4b4b3a814aaa3d\mscorlib.ni.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SPService) -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Application Data\Adobe\sp.DLL File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (Autodesk Content Service) -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (CoordinatorServiceHost) -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.)
SRV - (Remote Solver for Flow Simulation 2010) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (Mentor Graphics Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (TMPassthruMP) -- system32\DRIVERS\TMPassthru.sys File not found
DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mfeavfk01) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (5640) -- C:\DOCUME~1\ANDREW~1.MAI\LOCALS~1\Temp\5640.sys File not found
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\sscdserd.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (smbusp) Intel® -- C:\WINDOWS\system32\drivers\intelsmb.sys (Intel Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\Lhidusb.sys (Logitech, Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (L8042PR2) -- C:\WINDOWS\system32\drivers\L8042PR2.SYS (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (USRpdA) -- C:\WINDOWS\system32\drivers\USRpdA.sys (U.S. Robotics Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-842925246-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-842925246-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-842925246-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-842925246-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-842925246-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-842925246-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 34 98 3C 37 11 CD 01 [binary data]
IE - HKU\S-1-5-21-842925246-287218729-839522115-1004\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-842925246-287218729-839522115-1004\..\SearchScopes,DefaultScope = {1B4738A6-9A71-4F68-9A6C-868B4FDC3253}
IE - HKU\S-1-5-21-842925246-287218729-839522115-1004\..\SearchScopes\{1B4738A6-9A71-4F68-9A6C-868B4FDC3253}: "URL" = http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-842925246-287218729-839522115-1004\..\SearchScopes\{4479315C-393A-4F64-B185-EACC2C7CE57B}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-842925246-287218729-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF_en
IE - HKU\S-1-5-21-842925246-287218729-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-287218729-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ksolo.com/AVX: C:\Program Files\kSolo\npAVX.dll (kSolo, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/04 14:44:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/04 14:46:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/05 19:34:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/05/11 20:17:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/05/05 19:34:14 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/12/22 17:11:00 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {67AAA2B4-6820-58C1-5533-3D3650EEF493} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120430135938.dll (McAfee, Inc.)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - No CLSID value found.
O2 - BHO: (no name) - {EECAFD3F-D032-40C9-BD1D-1C99763BA000} - No CLSID value found.
O3 - HKU\S-1-5-21-842925246-287218729-839522115-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-842925246-287218729-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe -update activex File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe -update activex File not found
O4 - Startup: C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\Shortcut to PSBasic.exe.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-287218729-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-287218729-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-287218729-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-842925246-287218729-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O15 - HKU\S-1-5-21-842925246-287218729-839522115-1004\..Trusted Domains: buzzen.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-842925246-287218729-839522115-1004\..Trusted Domains: buzzen.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-842925246-287218729-839522115-1004\..Trusted Domains: facebook.com ([apps] https in Trusted sites)
O15 - HKU\S-1-5-21-842925246-287218729-839522115-1004\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-842925246-287218729-839522115-1004\..Trusted Domains: live.com ([login] http in Trusted sites)
O15 - HKU\S-1-5-21-842925246-287218729-839522115-1004\..Trusted Domains: msn.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-842925246-287218729-839522115-1004\..Trusted Domains: oasiz.net ([www] http in Trusted sites)
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} Reg Error: Value error. (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://gis.pinellascounty.org/ActiveX/ver6.5/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} Reg Error: Value error. (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} Reg Error: Value error. (YahooYMailTo Class)
O16 - DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} http://www.solidworks.com/sw/support/subscription/sldimdownload.cab (SolidWorks Installation Manager Contol)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files\Autodesk Architectural Desktop 3\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files\Autodesk Architectural Desktop 3\InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\Autodesk Architectural Desktop 3\AcPreview.ocx (AcPreview Control)
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://www.scn-chat.com/includes/MSNChat45.cab (MSN Chat Control 4.5)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitch.com/netscape/TrueInstallNetscape.exe (Reg Error: Key error.)
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Yahoo! Chat Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD23029A-FFB1-453C-84BF-1290FB59F928}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/03 19:16:01 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2005/12/11 19:23:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/06/01 03:39:04 | 000,002,455 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-842925246-287218729-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/11 20:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\McAfee
[2012/05/11 19:40:28 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\OTL.exe
[2012/05/10 19:39:30 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\dds.scr
[2012/05/07 20:21:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Recent
[2012/04/29 08:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\0-Meg Mike and Family
[2012/04/29 08:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\0-Accident Photos 4-29-2012
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/11 20:30:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/11 20:22:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/11 20:18:38 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\McAfee AntiVirus Plus.lnk
[2012/05/11 20:15:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/11 20:14:09 | 000,017,555 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/11 20:13:13 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/11 20:12:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/11 19:40:32 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\OTL.exe
[2012/05/11 19:34:50 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\SecurityCheck.exe
[2012/05/10 19:49:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/09 18:37:02 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\dds.scr
[2012/05/06 18:22:07 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/06 18:22:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/29 21:23:19 | 000,600,266 | ---- | M] () -- C:\acadminidump.dmp
[2012/04/15 16:23:59 | 000,249,511 | ---- | M] () -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\frontierville neighbor request fail.JPG
[2012/04/15 16:21:38 | 000,203,900 | ---- | M] () -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\frontierville request fail.JPG
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/11 19:34:47 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\SecurityCheck.exe
[2012/05/10 19:39:30 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\gmer.exe
[2012/04/15 16:23:59 | 000,249,511 | ---- | C] () -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\frontierville neighbor request fail.JPG
[2012/04/15 16:21:38 | 000,203,900 | ---- | C] () -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\frontierville request fail.JPG
[2012/04/07 17:45:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\~tmp.INI
[2012/01/07 10:11:25 | 000,590,483 | ---- | C] () -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Local Settings\Application Data\census.cache
[2012/01/07 10:10:27 | 000,330,239 | ---- | C] () -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Local Settings\Application Data\ars.cache
[2011/07/11 21:34:26 | 000,008,246 | ---- | C] () -- C:\WINDOWS\extend.dat
[2011/05/21 08:22:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2011/05/05 18:57:35 | 000,186,783 | ---- | C] () -- C:\WINDOWS\hpwins23.dat
[2011/05/05 18:57:35 | 000,001,847 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat
[2011/04/30 11:02:46 | 000,003,372 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\f7328pw5jyg46d5ki83
[2011/04/25 22:24:39 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/09/25 19:22:11 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Application Data\hgksfg.bat

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >
[2002/01/26 10:27:46 | 000,000,000 | R--- | M] () -- C:\DOCUME~1\ANDREW~1.MAI\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Reference\MSCREATE.DIR

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\My Documents\00[1].jpg:SummaryInformation

< End of report >

Again, thank you for assisting me. I reran Security Check anyway, and here is what it showed:

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee AntiVirus Plus
```````````````````````````````
Anti-malware/Other Utilities Check:

Windows Defender
Windows Defender Signatures
Java™ 6 Update 17
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


Anyway, I look forward to your next post :-)

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 PM

Posted 11 May 2012 - 08:07 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 HeimlichManouver

HeimlichManouver
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 12 May 2012 - 04:56 PM

Hello Gringo

My apologies for it taking me awhile to respond. I did catch your reply first thing this morning. I downloaded and ran ComboFix.exe in normal mode. The first time I left to get some new tires put on my van (same one the lady smashed my rear bumper on a few weeks ago -- hence the bumper search). When I returned the PC had rebooted to the point of the logon screen, so I am unable to say what Combofix did up to that point. Also, when I logged back on in normal mode, the program didn't continue automatically, so I had to restart it. This time, I observed that AutoScan got as far as stage 5 but I only turned my attention away for a few minutes and when I turned back the PC was already rebooting. So I turned it off for the day while I went out to do some chores. Once I returned I restarted it, but because I wasn't sure if it was normal Combofix behavior or if some remnant of the malware or rootkit or whatever that was causing the reboot or keeping it from restarting automatically on reboot, I restarted in safe mode. I ran Combofix again in safe mode and this time it made it all the way through. The log is attached herewith:

ComboFix 12-05-12.01 - Administrator 05/12/2012 16:49:31.6.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2922 [GMT -4:00]
Running from: c:\documents and settings\Administrator.MAIN-COMPUTER\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\WINDOWS
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\offitems.log
c:\windows\system32\SET6A.tmp
c:\windows\system32\SET6D.tmp
c:\windows\system32\SET71.tmp
c:\windows\system32\SET79.tmp
c:\windows\system32\SET7B.tmp
c:\windows\system32\SETBC.tmp
c:\windows\system32\SETBE.tmp
c:\windows\system32\SETC1.tmp
c:\windows\system32\Temp
c:\windows\system32\Temp\DE99B447R3
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 22:22 . 2012-04-08 13:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 22:22 . 2012-03-14 00:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-20 17:11 . 2012-04-04 00:01 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-02-22 17:29 . 2012-04-04 00:15 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 17:29 . 2012-04-04 00:14 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-02-22 17:29 . 2012-04-04 00:14 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-02-22 17:29 . 2012-04-04 00:14 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 17:29 . 2012-04-04 00:14 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 17:29 . 2012-04-04 00:14 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 17:29 . 2012-04-04 00:14 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 17:29 . 2012-04-04 00:14 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 17:29 . 2011-10-15 16:16 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 17:29 . 2011-10-15 16:16 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
1997-06-23 17:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 456E0F5B9BEB184521B0EE8FA7CC92C7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-10 5513216]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 383424]
"nwiz"="nwiz.exe" [2005-01-10 1490944]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Logitech Utility"=Logi_MwX.Exe
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"VX1000"=c:\windows\vVX1000.exe
"zBrowser Launcher"=c:\program files\Logitech\iTouch\iTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50248:TCP"= 50248:TCP:Autodesk Content Service
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/3/2012 8:14 PM 89792]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [4/3/2012 8:15 PM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [4/3/2012 8:01 PM 151880]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/3/2012 8:14 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/3/2012 8:14 PM 83856]
S2 5640;5640;\??\c:\docume~1\ANDREW~1.MAI\LOCALS~1\Temp\5640.sys --> c:\docume~1\ANDREW~1.MAI\LOCALS~1\Temp\5640.sys [?]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [1/31/2012 10:46 AM 19232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [4/18/2010 11:31 AM 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/9/2012 3:20 PM 136176]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/3/2012 8:14 PM 214904]
S2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [11/23/2009 7:48 PM 71464]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/8/2012 9:05 AM 257696]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/3/2012 8:14 PM 57600]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [1/20/2010 12:59 AM 87336]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4/18/2010 11:31 AM 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/9/2012 3:20 PM 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/3/2012 8:14 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/3/2012 8:14 PM 87656]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 22:22]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-09 19:19]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-09 19:19]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
TCP: DhcpNameServer = 192.168.1.1
DPF: ChatSpace Full Java Client 4.0.0.320
DPF: Microsoft XML Parser for Java
DPF: Yahoo! Chat
DPF: {0000000A-9980-0010-8000-00AA00389B71}
DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxp://www.solidworks.com/sw/support/subscription/sldimdownload.cab
DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{67AAA2B4-6820-58C1-5533-3D3650EEF493} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{EECAFD3F-D032-40C9-BD1D-1C99763BA000} - (no file)
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
Notify-avgrsstarter - (no file)
MSConfigStartUp-AIM - c:\program files\AIM\aim.exe
MSConfigStartUp-tcactive - c:\program files\The Cleaner\tca.exe
AddRemove-Dust - c:\program files\Cyberflix\Dust\DUST.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-12 17:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(604)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\Autodesk\Inventor Fusion 2013\AcSignCore16.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2012-05-12 17:16:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-12 21:16
.
Pre-Run: 13,979,713,536 bytes free
Post-Run: 13,790,199,808 bytes free
.
- - End Of File - - F8506A70FE0850FE39D22EF3D4083877


If I was to rerun combofix now in normal mode would it return different results? Of course I won't unless or until you tell me to :-)

You also asked me to report how the computer was running now. Well, after running unhide of course I got (I think) all of my desktop functionality back in normal mode. It even seems that Windows Explorer is running faster than it was during the "infection". However, I still get messages that Windows has recovered from a serious error when I restart; when I fire up IE I still get the message that my original default search engine (which it thinks is Google, not Bing) was corrupted and pulls up a window for me to choose Bing (enabled) or one of two Googles (which I thought I had removed a few weeks ago using Add/Remove Programs). Also I just checked using Bing search and still was getting 2 redirects on a selected result before being allowed to go to the webpage I had chosen. That's how I believe I got infected in the first place. Now, just now it didn't behave this way on bleepingcomputer, but it was doing this same redirect behavior at least once each time I sought out this topic yesterday and last night. Again, it is still doing this in a normal Bing search. I should also add that although it hasn't done it lately, for awhile there it was returning my Bing search results in Deutsch!

Again, thanks for assisting me. I am impressed that the response time has been far shorter than what I expected. I patiently await your further instructions :-)

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 PM

Posted 12 May 2012 - 05:48 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 HeimlichManouver

HeimlichManouver
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 13 May 2012 - 08:38 PM

Greetings Gringo,

I downloaded and ran the items you requested, in order. First I ran TDS Skiller while in normal mode last night. The log is attached herewith:

20:35:18.0640 0272 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
20:35:19.0078 0272 ============================================================
20:35:19.0078 0272 Current date / time: 2012/05/12 20:35:19.0078
20:35:19.0078 0272 SystemInfo:
20:35:19.0078 0272
20:35:19.0078 0272 OS Version: 5.1.2600 ServicePack: 3.0
20:35:19.0078 0272 Product type: Workstation
20:35:19.0078 0272 ComputerName: MAIN-COMPUTER
20:35:19.0093 0272 UserName: Andrew Deacon
20:35:19.0093 0272 Windows directory: C:\WINDOWS
20:35:19.0093 0272 System windows directory: C:\WINDOWS
20:35:19.0093 0272 Processor architecture: Intel x86
20:35:19.0093 0272 Number of processors: 1
20:35:19.0093 0272 Page size: 0x1000
20:35:19.0093 0272 Boot type: Normal boot
20:35:19.0093 0272 ============================================================
20:35:21.0343 0272 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:35:21.0468 0272 Drive \Device\Harddisk3\DR7 - Size: 0x1DF800000 (7.49 Gb), SectorSize: 0x200, Cylinders: 0x3D2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:35:21.0468 0272 ============================================================
20:35:21.0468 0272 \Device\Harddisk0\DR0:
20:35:21.0468 0272 MBR partitions:
20:35:21.0468 0272 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9849D95
20:35:21.0484 0272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x9849E13, BlocksNum 0x5E1D9
20:35:21.0484 0272 \Device\Harddisk3\DR7:
20:35:21.0484 0272 MBR partitions:
20:35:21.0484 0272 \Device\Harddisk3\DR7\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xEFBFC1
20:35:21.0484 0272 ============================================================
20:35:21.0546 0272 C: <-> \Device\Harddisk0\DR0\Partition0
20:35:21.0546 0272 D: <-> \Device\Harddisk0\DR0\Partition1
20:35:21.0546 0272 ============================================================
20:35:21.0546 0272 Initialize success
20:35:21.0546 0272 ============================================================
20:35:50.0031 1320 ============================================================
20:35:50.0031 1320 Scan started
20:35:50.0031 1320 Mode: Manual;
20:35:50.0031 1320 ============================================================
20:35:50.0203 1320 5640 - ok
20:35:50.0531 1320 Abiosdsk - ok
20:35:50.0531 1320 abp480n5 - ok
20:35:50.0593 1320 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:35:50.0609 1320 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
20:35:50.0609 1320 ACPI ( Virus.Win32.Rloader.a ) - infected
20:35:50.0609 1320 ACPI - detected Virus.Win32.Rloader.a (0)
20:35:50.0640 1320 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:35:50.0640 1320 ACPIEC - ok
20:35:50.0718 1320 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:35:50.0750 1320 AdobeFlashPlayerUpdateSvc - ok
20:35:50.0750 1320 adpu160m - ok
20:35:50.0796 1320 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:35:50.0812 1320 aec - ok
20:35:50.0859 1320 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
20:35:50.0875 1320 AFD - ok
20:35:50.0890 1320 Aha154x - ok
20:35:50.0890 1320 aic78u2 - ok
20:35:50.0906 1320 aic78xx - ok
20:35:50.0953 1320 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:35:51.0000 1320 Alerter - ok
20:35:51.0046 1320 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:35:51.0046 1320 ALG - ok
20:35:51.0046 1320 AliIde - ok
20:35:51.0062 1320 amsint - ok
20:35:51.0078 1320 AppMgmt - ok
20:35:51.0109 1320 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:35:51.0109 1320 Arp1394 - ok
20:35:51.0125 1320 asc - ok
20:35:51.0125 1320 asc3350p - ok
20:35:51.0140 1320 asc3550 - ok
20:35:51.0562 1320 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:35:51.0593 1320 aspnet_state - ok
20:35:51.0640 1320 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:35:51.0640 1320 AsyncMac - ok
20:35:51.0687 1320 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:35:51.0687 1320 atapi - ok
20:35:51.0687 1320 Atdisk - ok
20:35:51.0703 1320 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:35:51.0718 1320 Atmarpc - ok
20:35:51.0750 1320 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:35:51.0750 1320 AudioSrv - ok
20:35:51.0781 1320 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:35:51.0781 1320 audstub - ok
20:35:52.0062 1320 Autodesk Content Service (f431dc5d94f4b2fdbc927655d8a9b10e) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
20:35:52.0062 1320 Autodesk Content Service - ok
20:35:52.0109 1320 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:35:52.0109 1320 Beep - ok
20:35:52.0187 1320 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:35:52.0203 1320 BITS - ok
20:35:52.0234 1320 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:35:52.0250 1320 Browser - ok
20:35:52.0250 1320 catchme - ok
20:35:52.0281 1320 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:35:52.0296 1320 cbidf2k - ok
20:35:52.0328 1320 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:35:52.0343 1320 CCDECODE - ok
20:35:52.0359 1320 cd20xrnt - ok
20:35:52.0359 1320 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:35:52.0375 1320 Cdaudio - ok
20:35:52.0421 1320 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:35:52.0421 1320 Cdfs - ok
20:35:52.0437 1320 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:35:52.0453 1320 Cdrom - ok
20:35:52.0468 1320 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\WINDOWS\system32\drivers\cfwids.sys
20:35:52.0484 1320 cfwids - ok
20:35:52.0484 1320 Changer - ok
20:35:52.0515 1320 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:35:52.0515 1320 CiSvc - ok
20:35:52.0562 1320 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:35:52.0562 1320 ClipSrv - ok
20:35:52.0718 1320 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:35:52.0750 1320 clr_optimization_v2.0.50727_32 - ok
20:35:53.0125 1320 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:35:53.0140 1320 clr_optimization_v4.0.30319_32 - ok
20:35:53.0156 1320 CmdIde - ok
20:35:53.0156 1320 COMSysApp - ok
20:35:53.0890 1320 CoordinatorServiceHost (20d4df9fb904cae0dacdaa86fe6466b9) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
20:35:53.0890 1320 CoordinatorServiceHost - ok
20:35:53.0906 1320 Cpqarray - ok
20:35:53.0968 1320 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
20:35:54.0015 1320 cpudrv - ok
20:35:54.0046 1320 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
20:35:54.0046 1320 Creative Service for CDROM Access - ok
20:35:54.0078 1320 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:35:54.0093 1320 CryptSvc - ok
20:35:54.0125 1320 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
20:35:54.0140 1320 ctsfm2k - ok
20:35:54.0156 1320 dac2w2k - ok
20:35:54.0156 1320 dac960nt - ok
20:35:54.0218 1320 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:35:54.0250 1320 DcomLaunch - ok
20:35:54.0296 1320 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:35:54.0296 1320 Dhcp - ok
20:35:54.0328 1320 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:35:54.0359 1320 Disk - ok
20:35:54.0359 1320 dmadmin - ok
20:35:54.0437 1320 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:35:54.0484 1320 dmboot - ok
20:35:54.0515 1320 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:35:54.0546 1320 dmio - ok
20:35:54.0578 1320 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:35:54.0578 1320 dmload - ok
20:35:54.0609 1320 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:35:54.0625 1320 dmserver - ok
20:35:54.0640 1320 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:35:54.0640 1320 DMusic - ok
20:35:54.0687 1320 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:35:54.0687 1320 Dnscache - ok
20:35:54.0718 1320 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:35:54.0734 1320 Dot3svc - ok
20:35:54.0750 1320 dpti2o - ok
20:35:54.0781 1320 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:35:54.0781 1320 drmkaud - ok
20:35:54.0796 1320 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:35:54.0828 1320 EapHost - ok
20:35:54.0859 1320 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:35:54.0859 1320 ERSvc - ok
20:35:54.0890 1320 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:35:54.0890 1320 Eventlog - ok
20:35:54.0921 1320 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:35:54.0937 1320 EventSystem - ok
20:35:55.0031 1320 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:35:55.0078 1320 Fastfat - ok
20:35:55.0125 1320 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:35:55.0125 1320 FastUserSwitchingCompatibility - ok
20:35:55.0171 1320 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
20:35:55.0187 1320 Fax - ok
20:35:55.0218 1320 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:35:55.0234 1320 Fdc - ok
20:35:55.0265 1320 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:35:55.0265 1320 Fips - ok
20:35:55.0625 1320 FLEXnet Licensing Service (acefeea621dca62efb7a7eea59f5e91b) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:35:55.0671 1320 FLEXnet Licensing Service - ok
20:35:55.0703 1320 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:35:55.0718 1320 Flpydisk - ok
20:35:55.0750 1320 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:35:55.0765 1320 FltMgr - ok
20:35:55.0890 1320 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:35:55.0890 1320 FontCache3.0.0.0 - ok
20:35:55.0921 1320 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
20:35:55.0937 1320 FsUsbExDisk - ok
20:35:56.0015 1320 FsUsbExService (d3f9205cc4cb07553f2f9472c767ea87) C:\WINDOWS\system32\FsUsbExService.Exe
20:35:56.0015 1320 FsUsbExService - ok
20:35:56.0046 1320 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:35:56.0046 1320 Fs_Rec - ok
20:35:56.0078 1320 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:35:56.0093 1320 Ftdisk - ok
20:35:56.0125 1320 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:35:56.0140 1320 Gpc - ok
20:35:56.0281 1320 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:35:56.0281 1320 gupdate - ok
20:35:56.0281 1320 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:35:56.0281 1320 gupdatem - ok
20:35:56.0312 1320 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:35:56.0328 1320 HDAudBus - ok
20:35:56.0390 1320 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:35:56.0390 1320 helpsvc - ok
20:35:56.0406 1320 HidServ - ok
20:35:56.0421 1320 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:35:56.0437 1320 HidUsb - ok
20:35:56.0484 1320 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:35:56.0484 1320 hkmsvc - ok
20:35:56.0500 1320 hpn - ok
20:35:56.0718 1320 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:35:56.0718 1320 hpqcxs08 - ok
20:35:56.0765 1320 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:35:56.0765 1320 hpqddsvc - ok
20:35:56.0828 1320 HPSLPSVC (14229263aa19c704e0d6d2e7404a8455) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
20:35:56.0828 1320 HPSLPSVC - ok
20:35:56.0875 1320 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:35:56.0875 1320 HPZid412 - ok
20:35:56.0906 1320 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:35:56.0906 1320 HPZipr12 - ok
20:35:56.0937 1320 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:35:56.0953 1320 HPZius12 - ok
20:35:57.0031 1320 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
20:35:57.0046 1320 HSFHWBS2 - ok
20:35:57.0140 1320 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
20:35:57.0171 1320 HSF_DP - ok
20:35:57.0218 1320 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:35:57.0250 1320 HTTP - ok
20:35:57.0281 1320 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:35:57.0281 1320 HTTPFilter - ok
20:35:57.0296 1320 i2omgmt - ok
20:35:57.0296 1320 i2omp - ok
20:35:57.0343 1320 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:35:57.0359 1320 i8042prt - ok
20:35:57.0546 1320 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:35:57.0593 1320 idsvc - ok
20:35:57.0640 1320 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:35:57.0640 1320 Imapi - ok
20:35:57.0671 1320 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:35:57.0687 1320 ImapiService - ok
20:35:57.0703 1320 ini910u - ok
20:35:57.0718 1320 IntelIde - ok
20:35:57.0734 1320 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:35:57.0750 1320 intelppm - ok
20:35:57.0781 1320 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:35:57.0781 1320 Ip6Fw - ok
20:35:57.0812 1320 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:35:57.0828 1320 IpFilterDriver - ok
20:35:57.0859 1320 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:35:57.0859 1320 IpInIp - ok
20:35:57.0906 1320 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:35:57.0921 1320 IpNat - ok
20:35:57.0953 1320 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:35:57.0968 1320 IPSec - ok
20:35:58.0000 1320 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:35:58.0015 1320 IRENUM - ok
20:35:58.0046 1320 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:35:58.0062 1320 isapnp - ok
20:35:58.0093 1320 itchfltr (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
20:35:58.0093 1320 itchfltr - ok
20:35:58.0234 1320 JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
20:35:58.0234 1320 JavaQuickStarterService - ok
20:35:58.0250 1320 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:35:58.0250 1320 Kbdclass - ok
20:35:58.0296 1320 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:35:58.0312 1320 kmixer - ok
20:35:58.0343 1320 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:35:58.0359 1320 KSecDD - ok
20:35:58.0390 1320 L8042PR2 (4103dbb6caa85e40d271c1ad12bbf776) C:\WINDOWS\system32\Drivers\l8042pr2.sys
20:35:58.0406 1320 L8042PR2 - ok
20:35:58.0453 1320 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:35:58.0453 1320 lanmanserver - ok
20:35:58.0500 1320 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:35:58.0515 1320 lanmanworkstation - ok
20:35:58.0531 1320 lbrtfdc - ok
20:35:58.0578 1320 LHidFlt2 (b97d05e656818572b6b04ba682d3aa8f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
20:35:58.0593 1320 LHidFlt2 - ok
20:35:58.0640 1320 LHidUsb (a8742865e15a57b426efcc5ff744d6d3) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
20:35:58.0640 1320 LHidUsb - ok
20:35:58.0671 1320 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:35:58.0671 1320 LmHosts - ok
20:35:58.0703 1320 LMouFlt2 (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\Drivers\LMouFlt2.sys
20:35:58.0703 1320 LMouFlt2 - ok
20:35:58.0843 1320 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:35:58.0843 1320 mcmscsvc - ok
20:35:58.0843 1320 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:35:58.0843 1320 McNaiAnn - ok
20:35:58.0859 1320 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:35:58.0859 1320 McNASvc - ok
20:35:58.0984 1320 McODS (42117cbc4849a5cf11129912dabbdeca) C:\Program Files\McAfee\VirusScan\mcods.exe
20:35:59.0078 1320 McODS - ok
20:35:59.0078 1320 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:35:59.0078 1320 McProxy - ok
20:35:59.0156 1320 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:35:59.0171 1320 McShield - ok
20:35:59.0203 1320 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:35:59.0218 1320 mdmxsdk - ok
20:35:59.0250 1320 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:35:59.0265 1320 Messenger - ok
20:35:59.0296 1320 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\WINDOWS\system32\drivers\mfeapfk.sys
20:35:59.0296 1320 mfeapfk - ok
20:35:59.0343 1320 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\WINDOWS\system32\drivers\mfeavfk.sys
20:35:59.0343 1320 mfeavfk - ok
20:35:59.0343 1320 mfeavfk01 - ok
20:35:59.0375 1320 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\WINDOWS\system32\drivers\mfebopk.sys
20:35:59.0375 1320 mfebopk - ok
20:35:59.0421 1320 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:35:59.0421 1320 mfefire - ok
20:35:59.0468 1320 mfefirek (4ea6ff90015424517843e931448e00f1) C:\WINDOWS\system32\drivers\mfefirek.sys
20:35:59.0468 1320 mfefirek - ok
20:35:59.0515 1320 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\WINDOWS\system32\drivers\mfehidk.sys
20:35:59.0562 1320 mfehidk - ok
20:35:59.0593 1320 mfendisk (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
20:35:59.0593 1320 mfendisk - ok
20:35:59.0593 1320 mfendiskmp (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
20:35:59.0609 1320 mfendiskmp - ok
20:35:59.0640 1320 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\WINDOWS\system32\drivers\mferkdet.sys
20:35:59.0640 1320 mferkdet - ok
20:35:59.0671 1320 mfetdi2k (070d3faf2eac417c59d8674a8752f7a6) C:\WINDOWS\system32\drivers\mfetdi2k.sys
20:35:59.0671 1320 mfetdi2k - ok
20:35:59.0687 1320 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\WINDOWS\system32\mfevtps.exe
20:35:59.0687 1320 mfevtp - ok
20:35:59.0718 1320 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:35:59.0718 1320 mnmdd - ok
20:35:59.0765 1320 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:35:59.0781 1320 mnmsrvc - ok
20:35:59.0812 1320 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:35:59.0812 1320 Modem - ok
20:35:59.0843 1320 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:35:59.0859 1320 Mouclass - ok
20:35:59.0906 1320 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:35:59.0906 1320 mouhid - ok
20:35:59.0937 1320 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:35:59.0953 1320 MountMgr - ok
20:35:59.0968 1320 mraid35x - ok
20:36:00.0000 1320 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:36:00.0015 1320 MRxDAV - ok
20:36:00.0109 1320 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:36:00.0140 1320 MRxSmb - ok
20:36:00.0281 1320 MSCamSvc (641199534871783dd74138fe0bcfdae7) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
20:36:00.0281 1320 MSCamSvc - ok
20:36:00.0328 1320 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:36:00.0328 1320 MSDTC - ok
20:36:00.0375 1320 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:36:00.0390 1320 Msfs - ok
20:36:00.0406 1320 MSIServer - ok
20:36:00.0437 1320 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:36:00.0437 1320 MSKSSRV - ok
20:36:00.0453 1320 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:36:00.0453 1320 MSPCLOCK - ok
20:36:00.0484 1320 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:36:00.0484 1320 MSPQM - ok
20:36:00.0515 1320 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:36:00.0515 1320 mssmbios - ok
20:36:00.0859 1320 msvsmon80 (73fa09b84b23a1897809a84f976d5d99) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
20:36:00.0968 1320 msvsmon80 - ok
20:36:01.0296 1320 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
20:36:01.0312 1320 Mup - ok
20:36:01.0375 1320 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:36:01.0375 1320 NABTSFEC - ok
20:36:01.0437 1320 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:36:01.0453 1320 napagent - ok
20:36:01.0500 1320 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:36:01.0515 1320 NDIS - ok
20:36:01.0546 1320 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:36:01.0562 1320 NdisIP - ok
20:36:01.0578 1320 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:36:01.0578 1320 NdisTapi - ok
20:36:01.0593 1320 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:36:01.0609 1320 Ndisuio - ok
20:36:01.0625 1320 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:36:01.0640 1320 NdisWan - ok
20:36:01.0671 1320 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:36:01.0671 1320 NDProxy - ok
20:36:01.0906 1320 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:36:01.0906 1320 Nero BackItUp Scheduler 4.0 - ok
20:36:01.0937 1320 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
20:36:01.0937 1320 Net Driver HPZ12 - ok
20:36:01.0984 1320 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:36:01.0984 1320 NetBIOS - ok
20:36:02.0031 1320 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:36:02.0046 1320 NetBT - ok
20:36:02.0093 1320 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:36:02.0093 1320 NetDDE - ok
20:36:02.0109 1320 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:36:02.0109 1320 NetDDEdsdm - ok
20:36:02.0140 1320 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:36:02.0140 1320 Netlogon - ok
20:36:02.0203 1320 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:36:02.0218 1320 Netman - ok
20:36:02.0625 1320 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:36:02.0640 1320 NetTcpPortSharing - ok
20:36:02.0671 1320 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:36:02.0687 1320 NIC1394 - ok
20:36:02.0750 1320 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:36:02.0765 1320 Nla - ok
20:36:02.0796 1320 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:36:02.0812 1320 Npfs - ok
20:36:02.0890 1320 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:36:02.0921 1320 Ntfs - ok
20:36:02.0953 1320 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:36:02.0953 1320 NtLmSsp - ok
20:36:03.0015 1320 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:36:03.0046 1320 NtmsSvc - ok
20:36:03.0078 1320 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:36:03.0078 1320 Null - ok
20:36:03.0312 1320 nv (c7993894984c271e49381cc649cdf8bd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:36:03.0437 1320 nv - ok
20:36:03.0781 1320 NVSvc (e4276284b9c54c4ece7e4e2b810a9dee) C:\WINDOWS\system32\nvsvc32.exe
20:36:03.0796 1320 NVSvc - ok
20:36:03.0859 1320 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:36:03.0875 1320 NwlnkFlt - ok
20:36:03.0890 1320 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:36:03.0906 1320 NwlnkFwd - ok
20:36:03.0937 1320 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:36:03.0937 1320 ohci1394 - ok
20:36:03.0984 1320 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
20:36:04.0000 1320 ossrv - ok
20:36:04.0078 1320 P17 (abfb35446f754702f7edba131a2b43fe) C:\WINDOWS\system32\drivers\P17.sys
20:36:04.0109 1320 P17 - ok
20:36:04.0140 1320 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:36:04.0156 1320 Parport - ok
20:36:04.0187 1320 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:36:04.0203 1320 PartMgr - ok
20:36:04.0218 1320 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:36:04.0218 1320 ParVdm - ok
20:36:04.0265 1320 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
20:36:04.0281 1320 pccsmcfd - ok
20:36:04.0312 1320 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:36:04.0328 1320 PCI - ok
20:36:04.0343 1320 PCIDump - ok
20:36:04.0375 1320 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:36:04.0375 1320 PCIIde - ok
20:36:04.0421 1320 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:36:04.0437 1320 Pcmcia - ok
20:36:04.0437 1320 PDCOMP - ok
20:36:04.0453 1320 PDFRAME - ok
20:36:04.0468 1320 PDRELI - ok
20:36:04.0468 1320 PDRFRAME - ok
20:36:04.0484 1320 perc2 - ok
20:36:04.0500 1320 perc2hib - ok
20:36:04.0578 1320 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:36:04.0578 1320 PlugPlay - ok
20:36:04.0656 1320 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
20:36:04.0656 1320 Pml Driver HPZ12 - ok
20:36:04.0687 1320 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:36:04.0687 1320 PolicyAgent - ok
20:36:04.0734 1320 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:36:04.0750 1320 PptpMiniport - ok
20:36:04.0765 1320 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:36:04.0765 1320 ProtectedStorage - ok
20:36:04.0796 1320 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:36:04.0796 1320 PSched - ok
20:36:04.0828 1320 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:36:04.0843 1320 Ptilink - ok
20:36:04.0875 1320 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
20:36:04.0890 1320 PxHelp20 - ok
20:36:04.0890 1320 ql1080 - ok
20:36:04.0906 1320 Ql10wnt - ok
20:36:04.0921 1320 ql12160 - ok
20:36:04.0921 1320 ql1240 - ok
20:36:04.0937 1320 ql1280 - ok
20:36:04.0953 1320 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:36:04.0968 1320 RasAcd - ok
20:36:05.0000 1320 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:36:05.0015 1320 RasAuto - ok
20:36:05.0078 1320 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:36:05.0093 1320 Rasl2tp - ok
20:36:05.0140 1320 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:36:05.0171 1320 RasMan - ok
20:36:05.0203 1320 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:36:05.0218 1320 RasPppoe - ok
20:36:05.0218 1320 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:36:05.0234 1320 Raspti - ok
20:36:05.0265 1320 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:36:05.0281 1320 Rdbss - ok
20:36:05.0296 1320 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:36:05.0296 1320 RDPCDD - ok
20:36:05.0343 1320 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
20:36:05.0359 1320 RDPWD - ok
20:36:05.0406 1320 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:36:05.0421 1320 RDSessMgr - ok
20:36:05.0437 1320 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:36:05.0453 1320 redbook - ok
20:36:05.0734 1320 Remote Solver for Flow Simulation 2010 (7c02efbf8b3a2933700c323ed13d0789) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
20:36:05.0734 1320 Remote Solver for Flow Simulation 2010 - ok
20:36:05.0781 1320 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:36:05.0781 1320 RemoteAccess - ok
20:36:05.0828 1320 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:36:05.0843 1320 RpcLocator - ok
20:36:05.0890 1320 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:36:05.0890 1320 RpcSs - ok
20:36:05.0937 1320 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:36:05.0953 1320 RSVP - ok
20:36:05.0984 1320 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:36:06.0000 1320 rtl8139 - ok
20:36:06.0031 1320 RTSTOR (578d3aa8c0b8a575839d451a142d2973) C:\WINDOWS\system32\drivers\RTSTOR.SYS
20:36:06.0046 1320 RTSTOR - ok
20:36:06.0078 1320 SABProcEnum - ok
20:36:06.0109 1320 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:36:06.0109 1320 SamSs - ok
20:36:06.0140 1320 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:36:06.0156 1320 SCardSvr - ok
20:36:06.0203 1320 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:36:06.0218 1320 Schedule - ok
20:36:06.0296 1320 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:36:06.0296 1320 SeaPort - ok
20:36:06.0328 1320 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:36:06.0343 1320 Secdrv - ok
20:36:06.0375 1320 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:36:06.0375 1320 seclogon - ok
20:36:06.0390 1320 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:36:06.0406 1320 SENS - ok
20:36:06.0437 1320 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:36:06.0453 1320 serenum - ok
20:36:06.0468 1320 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:36:06.0484 1320 Serial - ok
20:36:06.0734 1320 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:36:06.0812 1320 ServiceLayer - ok
20:36:06.0875 1320 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:36:06.0890 1320 Sfloppy - ok
20:36:06.0953 1320 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:36:06.0968 1320 SharedAccess - ok
20:36:07.0000 1320 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:36:07.0015 1320 ShellHWDetection - ok
20:36:07.0015 1320 Simbad - ok
20:36:07.0046 1320 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:36:07.0062 1320 SLIP - ok
20:36:07.0093 1320 smbusp (8c1a8ad2dfe2cfe9f7ae1cee14773b18) C:\WINDOWS\system32\DRIVERS\intelsmb.sys
20:36:07.0109 1320 smbusp - ok
20:36:07.0203 1320 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
20:36:07.0203 1320 SolidWorks Licensing Service - ok
20:36:07.0218 1320 Sparrow - ok
20:36:07.0250 1320 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:36:07.0250 1320 splitter - ok
20:36:07.0296 1320 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:36:07.0296 1320 Spooler - ok
20:36:07.0328 1320 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:36:07.0343 1320 sr - ok
20:36:07.0375 1320 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:36:07.0390 1320 srservice - ok
20:36:07.0453 1320 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:36:07.0468 1320 Srv - ok
20:36:07.0500 1320 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
20:36:07.0515 1320 sscdbus - ok
20:36:07.0781 1320 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
20:36:07.0781 1320 sscdmdfl - ok
20:36:07.0812 1320 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
20:36:07.0828 1320 sscdmdm - ok
20:36:07.0859 1320 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
20:36:07.0859 1320 sscdserd - ok
20:36:07.0906 1320 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:36:07.0921 1320 SSDPSRV - ok
20:36:07.0953 1320 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:36:07.0984 1320 stisvc - ok
20:36:08.0015 1320 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:36:08.0031 1320 streamip - ok
20:36:08.0062 1320 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:36:08.0062 1320 swenum - ok
20:36:08.0109 1320 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:36:08.0109 1320 swmidi - ok
20:36:08.0125 1320 SwPrv - ok
20:36:08.0140 1320 symc810 - ok
20:36:08.0140 1320 symc8xx - ok
20:36:08.0156 1320 sym_hi - ok
20:36:08.0171 1320 sym_u3 - ok
20:36:08.0203 1320 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:36:08.0203 1320 sysaudio - ok
20:36:08.0250 1320 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:36:08.0265 1320 SysmonLog - ok
20:36:08.0312 1320 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:36:08.0328 1320 TapiSrv - ok
20:36:08.0390 1320 Tcpip (456e0f5b9beb184521b0ee8fa7cc92c7) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:36:08.0406 1320 Tcpip - ok
20:36:08.0421 1320 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:36:08.0437 1320 TDPIPE - ok
20:36:08.0453 1320 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:36:08.0468 1320 TDTCP - ok
20:36:08.0500 1320 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:36:08.0500 1320 TermDD - ok
20:36:08.0578 1320 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:36:08.0593 1320 TermService - ok
20:36:08.0656 1320 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:36:08.0656 1320 Themes - ok
20:36:08.0671 1320 TMPassthruMP - ok
20:36:08.0687 1320 TosIde - ok
20:36:08.0718 1320 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:36:08.0734 1320 TrkWks - ok
20:36:08.0765 1320 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:36:08.0765 1320 Udfs - ok
20:36:08.0781 1320 ultra - ok
20:36:08.0843 1320 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:36:08.0859 1320 Update - ok
20:36:08.0906 1320 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:36:08.0921 1320 upnphost - ok
20:36:08.0953 1320 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:36:08.0953 1320 UPS - ok
20:36:09.0000 1320 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:36:09.0000 1320 usbaudio - ok
20:36:09.0046 1320 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:36:09.0046 1320 usbccgp - ok
20:36:09.0078 1320 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:36:09.0078 1320 usbehci - ok
20:36:09.0125 1320 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:36:09.0125 1320 usbhub - ok
20:36:09.0156 1320 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:36:09.0171 1320 usbprint - ok
20:36:09.0203 1320 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:36:09.0203 1320 usbscan - ok
20:36:09.0234 1320 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:36:09.0234 1320 USBSTOR - ok
20:36:09.0250 1320 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:36:09.0265 1320 usbuhci - ok
20:36:09.0312 1320 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
20:36:09.0328 1320 USRpdA - ok
20:36:09.0343 1320 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:36:09.0359 1320 VgaSave - ok
20:36:09.0375 1320 ViaIde - ok
20:36:09.0406 1320 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:36:09.0406 1320 VolSnap - ok
20:36:09.0437 1320 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:36:09.0468 1320 VSS - ok
20:36:09.0640 1320 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys
20:36:09.0640 1320 VX1000 - ok
20:36:09.0953 1320 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:36:09.0968 1320 W32Time - ok
20:36:10.0031 1320 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:36:10.0062 1320 Wanarp - ok
20:36:10.0078 1320 WDICA - ok
20:36:10.0109 1320 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:36:10.0109 1320 wdmaud - ok
20:36:10.0156 1320 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:36:10.0156 1320 WebClient - ok
20:36:10.0218 1320 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
20:36:10.0250 1320 winachsf - ok
20:36:10.0328 1320 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
20:36:10.0343 1320 WinDefend - ok
20:36:10.0421 1320 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:36:10.0437 1320 winmgmt - ok
20:36:10.0515 1320 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
20:36:10.0578 1320 WLSetupSvc - ok
20:36:10.0640 1320 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe
20:36:10.0640 1320 WMDM PMSP Service - ok
20:36:10.0671 1320 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:36:10.0671 1320 WmdmPmSN - ok
20:36:10.0718 1320 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:36:10.0734 1320 WmiApSrv - ok
20:36:10.0843 1320 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:36:10.0875 1320 WMPNetworkSvc - ok
20:36:11.0312 1320 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:36:11.0359 1320 WPFFontCache_v0400 - ok
20:36:11.0484 1320 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:36:11.0484 1320 WS2IFSL - ok
20:36:11.0531 1320 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:36:11.0562 1320 wscsvc - ok
20:36:11.0609 1320 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:36:11.0625 1320 WSTCODEC - ok
20:36:11.0656 1320 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:36:11.0671 1320 wuauserv - ok
20:36:11.0703 1320 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:36:11.0703 1320 WudfPf - ok
20:36:11.0718 1320 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:36:11.0734 1320 WudfRd - ok
20:36:11.0781 1320 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:36:11.0796 1320 WudfSvc - ok
20:36:11.0843 1320 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:36:11.0875 1320 WZCSVC - ok
20:36:11.0906 1320 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:36:11.0921 1320 xmlprov - ok
20:36:12.0078 1320 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:36:12.0078 1320 YahooAUService - ok
20:36:12.0125 1320 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
20:36:12.0140 1320 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:36:12.0140 1320 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:36:12.0187 1320 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR7
20:36:15.0437 1320 \Device\Harddisk3\DR7 - ok
20:36:15.0437 1320 Boot (0x1200) (a5c650788a3a73828c13ba32e9c4e012) \Device\Harddisk0\DR0\Partition0
20:36:15.0437 1320 \Device\Harddisk0\DR0\Partition0 - ok
20:36:15.0468 1320 Boot (0x1200) (6a7ffb33ef142404f5361edee2359a0d) \Device\Harddisk0\DR0\Partition1
20:36:15.0468 1320 \Device\Harddisk0\DR0\Partition1 - ok
20:36:15.0484 1320 Boot (0x1200) (cdcfa2ebd248320f3f99b7a3275841d2) \Device\Harddisk3\DR7\Partition0
20:36:15.0484 1320 \Device\Harddisk3\DR7\Partition0 - ok
20:36:15.0484 1320 ============================================================
20:36:15.0484 1320 Scan finished
20:36:15.0484 1320 ============================================================
20:36:15.0500 3460 Detected object count: 2
20:36:15.0500 3460 Actual detected object count: 2
20:38:13.0546 3460 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
20:38:14.0078 3460 Backup copy found, using it..
20:38:14.0093 3460 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
20:38:14.0093 3460 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
20:38:14.0843 3460 \Device\Harddisk0\DR0\# - copied to quarantine
20:38:14.0843 3460 \Device\Harddisk0\DR0 - copied to quarantine
20:38:14.0890 3460 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:38:14.0906 3460 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:38:14.0906 3460 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:38:14.0921 3460 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:38:14.0921 3460 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:38:14.0921 3460 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:38:14.0968 3460 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:38:14.0968 3460 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:38:15.0000 3460 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:38:15.0000 3460 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:38:15.0000 3460 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:38:15.0015 3460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:38:15.0015 3460 \Device\Harddisk0\DR0 - ok
20:38:16.0046 3460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:39:02.0703 0204 Deinitialize success


Next just out of curiosity (since it allowed me to run something in normal mode without doing a reboot), I tried a Bing search and was surprised that I was still getting results in Deutsch & English, but not surprised that some redirects were still happening. Then I attempted to run aswMBR overnight. This morning when I came back to my PC it was on the login screen, so it had rebooted sometime in the night, and I don't know what had caused that. So I rebooted in safe mode as administrator and got a successful run of aswMBR. However this was so fast and I noticed it only really checked the administrator part of docs & settings (whereas the infection must have come through my own docs & settings in normal mode). Therefore, I rebooted as myself in normal mode and let it run again while I was out squiring my Honey around for Mother's Day. When I returned tonight (expecting to find the login screen again), I was delighted to find a completed scan, which I was able to log. Here are the results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-13 06:23:12
-----------------------------
06:23:12.187 OS Version: Windows 5.1.2600 Service Pack 3
06:23:12.187 Number of processors: 1 586 0x401
06:23:12.187 ComputerName: MAIN-COMPUTER UserName: Administrator
06:23:13.359 Initialize success
06:25:15.578 AVAST engine defs: 12051300
06:31:33.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
06:31:33.109 Disk 0 Vendor: Maxtor_6L080P0 BAH41G10 Size: 78167MB BusType: 3
06:31:33.156 Disk 0 MBR read successfully
06:31:33.171 Disk 0 MBR scan
06:31:33.250 Disk 0 Windows XP default MBR code
06:31:33.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 77971 MB offset 63
06:31:33.312 Disk 0 Partition - 00 0F Extended LBA 188 MB offset 159686100
06:31:33.359 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 188 MB offset 159686163
06:31:33.390 Disk 0 scanning sectors +160071660
06:31:33.468 Disk 0 scanning C:\WINDOWS\system32\drivers
06:31:48.343 Service scanning
06:32:20.031 Modules scanning
06:32:33.125 Disk 0 trace - called modules:
06:32:33.453 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
06:32:33.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b1b4ab8]
06:32:34.046 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000067[0x8b1c69e8]
06:32:34.359 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b23ed98]
06:32:35.171 AVAST engine scan C:\WINDOWS
06:33:01.484 AVAST engine scan C:\WINDOWS\system32
06:38:45.671 AVAST engine scan C:\WINDOWS\system32\drivers
06:39:08.984 AVAST engine scan C:\Documents and Settings\Administrator.MAIN-COMPUTER
06:41:47.781 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
06:49:13.921 Scan finished successfully
07:01:13.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\MBR.dat"
07:01:13.765 The log file has been saved successfully to "C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-13 07:11:12
-----------------------------
07:11:12.828 OS Version: Windows 5.1.2600 Service Pack 3
07:11:12.828 Number of processors: 1 586 0x401
07:11:12.828 ComputerName: MAIN-COMPUTER UserName: Andrew Deacon
07:11:17.484 Initialize success
07:11:40.234 AVAST engine defs: 12051201
07:12:01.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
07:12:01.562 Disk 0 Vendor: Maxtor_6L080P0 BAH41G10 Size: 78167MB BusType: 3
07:12:01.578 Disk 0 MBR read successfully
07:12:01.578 Disk 0 MBR scan
07:12:01.609 Disk 0 Windows XP default MBR code
07:12:01.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 77971 MB offset 63
07:12:01.640 Disk 0 Partition - 00 0F Extended LBA 188 MB offset 159686100
07:12:01.656 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 188 MB offset 159686163
07:12:01.656 Disk 0 scanning sectors +160071660
07:12:01.718 Disk 0 scanning C:\WINDOWS\system32\drivers
07:12:18.578 Service scanning
07:12:45.296 Modules scanning
07:12:53.625 Disk 0 trace - called modules:
07:12:53.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:12:53.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b36aab8]
07:12:53.640 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000067[0x8b39c618]
07:12:53.656 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b3cb940]
07:12:54.359 AVAST engine scan C:\WINDOWS
07:13:19.359 AVAST engine scan C:\WINDOWS\system32
07:19:14.765 AVAST engine scan C:\WINDOWS\system32\drivers
07:19:36.437 AVAST engine scan C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER
07:40:26.968 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
07:52:06.437 Scan finished successfully
20:56:47.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\MBR.dat"
20:56:47.546 The log file has been saved successfully to "C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\aswMBR.txt"


Note it contains both the scan results under administrator and under my own name. At this point I am not getting any pop-up warnings about Windows recovering from anything, or IE recovering from anything. I am also not getting Bing results in Deutsch, and I don't appear to be having any redirect issues. So where do we go from here?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 PM

Posted 13 May 2012 - 08:49 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\system32\Msxbse35.dll

Driver::
5640

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 HeimlichManouver

HeimlichManouver
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 14 May 2012 - 07:37 AM

Good morning, Gringo

I added the script into ComboFix as you requested, and ran it a few times last noght in normal mode as myself. It would get to stage 50, sit there for awhile (hd light on or blinking) and then would reboot. Upon logging onto my desktop, Combofix wouldn't restart itself to continue or report or anything, so I would recopy the script into a text file and drag it once again to the program icon to restart ComboFix. The second time it finished and rebooted, I noticed my HD light was blinking slowly but repeatedly while I was back on my desktop, so I left it up overnight, thinking the program was preparing to run. This morning though there was nothing blinking and nothing running. Therefore, I rebooted my PC in safe mode and added the script to ComboFix again. This time it got to stage 50, rebooted, and as long as I camer back into safe mode it did produce the following file:

#10 HeimlichManouver

HeimlichManouver
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 14 May 2012 - 07:41 AM

First portion of ComboFix log:

ComboFix 12-05-12.01 - Administrator 05/14/2012 7:14.10.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2921 [GMT -4:00]
Running from: c:\documents and settings\Administrator.MAIN-COMPUTER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator.MAIN-COMPUTER\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
FILE ::
"c:\windows\system32\Msxbse35.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_5640
-------\Service_5640
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-13 07:30 . 2012-05-13 08:50 -------- d-----w- c:\windows\SxsCaPendDel
2012-05-13 00:38 . 2012-05-13 00:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-12 11:48 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-05-12 11:44 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-05-12 11:43 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-05-12 11:43 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-12 11:43 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 08:30 . 2011-09-04 00:38 416 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-05-13 00:40 . 2004-08-04 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-05-06 22:22 . 2012-04-08 13:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 22:22 . 2012-03-14 00:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:12 . 2004-08-04 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2004-08-04 12:00 2192640 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-03 22:59 2069120 ------w- c:\windows\system32\ntkrnlpa.exe
2012-03-20 17:11 . 2012-04-04 00:01 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-22 17:29 . 2012-04-04 00:15 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 17:29 . 2012-04-04 00:14 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-02-22 17:29 . 2012-04-04 00:14 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-02-22 17:29 . 2012-04-04 00:14 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 17:29 . 2012-04-04 00:14 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 17:29 . 2012-04-04 00:14 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 17:29 . 2012-04-04 00:14 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 17:29 . 2012-04-04 00:14 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 17:29 . 2011-10-15 16:16 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 17:29 . 2011-10-15 16:16 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 456E0F5B9BEB184521B0EE8FA7CC92C7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.

#11 HeimlichManouver

HeimlichManouver
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 14 May 2012 - 07:44 AM

((((((((((((((((((((((((((((( SnapShot@2012-05-12_21.09.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-14 00:17 . 2011-05-14 00:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
- 2012-04-07 12:13 . 2012-04-07 12:13 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
+ 2012-05-13 08:03 . 2012-05-13 08:03 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
+ 2012-05-14 11:32 . 2012-05-14 11:32 16384 c:\windows\temp\Perflib_Perfdata_24c.dat
- 2011-02-20 03:03 . 2011-02-20 03:03 51024 c:\windows\system32\vcomp100.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 51024 c:\windows\system32\vcomp100.dll
- 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2004-08-04 12:00 . 2012-05-13 08:16 91494 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2004-08-04 12:00 . 2011-09-26 15:41 20480 c:\windows\system32\oleaccrc.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 66560 c:\windows\system32\mshtmled.dll
+ 2006-11-08 02:03 . 2012-03-01 11:01 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 02:03 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 81744 c:\windows\system32\mfcm100u.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 81744 c:\windows\system32\mfcm100u.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 81744 c:\windows\system32\mfcm100.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 81744 c:\windows\system32\mfcm100.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 60752 c:\windows\system32\mfc100rus.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 60752 c:\windows\system32\mfc100rus.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 43344 c:\windows\system32\mfc100kor.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 43344 c:\windows\system32\mfc100kor.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 43856 c:\windows\system32\mfc100jpn.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 43856 c:\windows\system32\mfc100jpn.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 62288 c:\windows\system32\mfc100ita.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 62288 c:\windows\system32\mfc100ita.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 64336 c:\windows\system32\mfc100fra.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 64336 c:\windows\system32\mfc100fra.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 63824 c:\windows\system32\mfc100esn.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 63824 c:\windows\system32\mfc100esn.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 55120 c:\windows\system32\mfc100enu.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 55120 c:\windows\system32\mfc100enu.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 64336 c:\windows\system32\mfc100deu.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 64336 c:\windows\system32\mfc100deu.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 36176 c:\windows\system32\mfc100cht.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 36176 c:\windows\system32\mfc100cht.dll
+ 2011-06-11 05:58 . 2011-06-11 05:58 36176 c:\windows\system32\mfc100chs.dll
- 2011-02-20 03:03 . 2011-02-20 03:03 36176 c:\windows\system32\mfc100chs.dll
+ 2004-08-04 12:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
+ 2009-07-16 00:44 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-07-16 00:44 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2004-08-04 12:00 . 2011-09-26 15:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-09 01:51 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 01:51 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-04 12:00 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
- 2004-08-04 12:00 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2005-12-20 03:35 . 2012-05-14 07:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-20 03:35 . 2012-05-12 11:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2012-04-06 00:25 . 2012-05-12 11:14 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-04-06 00:25 . 2012-05-14 07:38 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-05-13 01:02 . 2012-05-14 07:38 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2012-04-06 00:25 . 2012-05-12 11:14 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 PM

Posted 14 May 2012 - 07:45 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 HeimlichManouver

HeimlichManouver
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 14 May 2012 - 07:45 AM

Something is causing IE to run really slowly and using up to 98% of my CPU. I'll post the rest of the log when I return from my doctor's appointment in a few hours, and I'll also detail the slow behavior then...

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 PM

Posted 14 May 2012 - 07:50 AM

make sure to restart the computer and then let me know how things are


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 HeimlichManouver

HeimlichManouver
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 14 May 2012 - 09:07 AM

Here's the text from qoobox:


32 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
6500_E709a
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Advertising Center
AEC Details 3
All File to All File Converter 3000 7.3
AutoCAD 2000
AutoCAD 2004
AutoCAD 2011 - English
AutoCAD 2011 - English Version 2.1
AutoCAD 2011 Language Pack - English
AutoCAD 2011 Subscription Advantage Pack
AutoCAD Express Tools Volumes 1-9
AutoCAD LT 2011 - English
AutoCAD LT 2011 Language Pack - English
AutoCAD LT 2012 - English
AutoCAD LT 2012 - English SP1
AutoCAD LT 2012 Language Pack - English
AutoCAD LT 2013 - English
AutoCAD LT 2013 Language Pack - English
AutoCAD WS plug-in for AutoCAD 2011
Autodesk Architectural Desktop 3.3
Autodesk Content Service
Autodesk Content Service Language Pack
Autodesk Design Review 2013
Autodesk Express Viewer
Autodesk Impression 3
Autodesk Inventor Fusion 2013
Autodesk Inventor Fusion for Inventor LT 2013 Add-in
Autodesk Inventor LT 2011
Autodesk Inventor LT 2011 English
Autodesk Inventor LT 2011 English Language Pack
Autodesk Inventor LT 2012
Autodesk Inventor LT 2012 English
Autodesk Inventor LT 2012 English Language Pack
Autodesk Inventor LT 2013
Autodesk Inventor LT 2013 English
Autodesk Inventor LT 2013 English Language Pack
Autodesk Learning Assistance
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Autodesk Material Library 2011 Medium Image library
Autodesk Material Library 2012
Autodesk Material Library 2013
Autodesk Material Library Base Resolution Image Library 2012
Autodesk Material Library Base Resolution Image Library 2013
Autodesk Material Library Low Resolution Image Library 2012
Autodesk Material Library Medium Resolution Image Library 2012
Autodesk Revit Architecture 2012
Autodesk SketchBook Designer 2013
Autodesk Sync
Bing Rewards Client Installer
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
BurnInTest v6.0 Standard
Buzzsaw.com Plans & Specs Publishing Tools
ccCommon
CCHelp
CCScore
CommunityCommands for AutoCAD Vertical Products
Compatibility Pack for the 2007 Office system
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Deadly Dozen 2: Pacific Theater
Destination Component
DeviceDiscovery
DevVicky Word 1.00
DocMgr
DocProc
DolbyFiles
DWG TrueView 2011
DWG TrueView 2013
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
ESSvpaht
ESSvpot
FARO LS 1.1.406.58
Fax
Google SketchUp 8
Google Update Helper
GPBaseService2
High Definition Audio Driver Package - KB835221
Highlight Viewer (Windows Live Toolbar)
HLPIndex
HLPRFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Officejet 6500 E709 Series
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HPProductAssistant
HPSSupply
ImagXpress
Java™ 6 Update 17
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
kSolo Recorder
KSU
LEGO Creator
LeoCAD
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79
Logitech Resource Center
Map Button (Windows Live Toolbar)
MarketResearch
McAfee AntiVirus Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chat 2.5
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft GIF Animator
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 97, Professional Edition
Microsoft Picture It! Express 7.0
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft Windows Journal Viewer
Microsoft WSE 3.0 Runtime
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Online Upgrade
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
Nero Vision
Nero Vision Help
NeroExpress
neroxml
netbrdg
Network
Notifier
NVIDIA Drivers
OCR Software by I.R.I.S. 12.0
OfotoXMI
OpenOffice.org 3.3
OTtBP
OTtBPSDK
PC Connectivity Solution
PCDADDIN
PCDHELP
PhotoView 360
ProductContext
progeCAD 2009 Smart! ENG
Revit Architecture 2012
Revit Architecture 2012 Language Pack - English
Rhapsody Player Engine
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Scan
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SFR
SFR2
SHASTA
Shop for HP Supplies
SKIN0001
SKINXSDK
Smart Menus (Windows Live Toolbar)
SmartWebPrinting
SolidProfessor LMS
SolidWorks 2010 SP02.1
SolidWorks 2011 SP02
SolidWorks eDrawings 2010
SolidWorks eDrawings 2011 SP02
SolidWorks Flow Simulation 2010 SP02.1
SolutionCenter
Sound Blaster Live! 24-bit
staticcr
Status
System Requirements Lab for Intel
The Bible Collection Installer
Toolbox
tooltips
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA (2627.01)
Viewpoint Media Player
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
VLC media player 1.0.2
Volo View Express
VPRINTOL
WebFldrs XP
WebReg
Windows Defender
Windows Defender Signatures
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Software Update


I don't know if being in safe mode has anything to do with it, but it wasn't letting me bring up the link to the etxra combofix report. Let me finish posting the rest of the combofix log I was pating, and then I'll have to try restarting in normal mode and coming back on in order to see if the link works...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users