Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

It started with easya-z redirection


  • This topic is locked This topic is locked
16 replies to this topic

#1 nelami

nelami

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 20 May 2012 - 02:21 PM

Hi, this is my first posting here. Sometime ago my PC (Win XP Pro SP3) was infected with a virus that randomly redirected Google searchs to easya-z.com. After several days effort (MBAM, ComboFix,Stopzilla) it seemed to disappear. However it has returned. Both McAfee & Stopzilla (my resident scanners) did not detect it. I have run a number of different scans which pick up various malwares but the cause still remains. I have temporarily installed the FireFox add-on Blocklist to prevent accessing Easya-z.com.
However I am getting a variety of viruses/trojans flagged up - Win32.Ertfor, Agent.gen, Win32.Phar, Win32.SystemProtector, Banload!E2, Winexec32EICAR.test, Vundo.A7, Catchme, Win32.Cognac, ZeroAccess plus a few more.

I have tried SuperAntiSpyware 5.0, Spyware Doctor, Emsisoft Anti-Malware, TDSSKiller, Dr Web, and ESET Online scanner which all detect various things but do'nt get to the root of the problem
Parts of the McAfee functionality is getting disabled including the firewall. I am also Webmaster for a family history society and that site has also been infected by a couple of things but I don't know if that was caused by my PC problem as most of the site development was carried out on a seperate laptop which does not appear to be infected.

Can anyone help me get rid of this pest please?

Here is DDS.txt - attach.txt & GMER logs are also attached
.
DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Nello at 17:03:48 on 2012-05-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.1254 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
FW: McAfee Firewall *Enabled* .
============== Running Processes ===============
.
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Roland\VSC32\vscvol.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
C:\program files\emsisoft anti-malware\a2guard.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Candy Clock\CandyClock.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\xampp\apache\bin\httpd.exe
C:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.bt.yahoo.com/
uSearch Page = hxxp://google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Page = hxxp://google.com
mStart Page = hxxp://home.bt.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: DebugBar BHO: {69fc0024-10eb-480a-bbf2-3bf4e78e17b1} - c:\program files\core services\debugbar\DebugInfoBar.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120429183829.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: DebugBar: {3e1201f4-1707-409f-bb45-a5f192381da0} - c:\program files\core services\debugbar\DebugToolBar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
EB: DebugBar: {947e34e9-1d85-43cb-9cbf-5c492118fdd5} - c:\program files\core services\debugbar\DebugInfoBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [vsc32cnf.exe] c:\program files\roland\vsc32\vsc32cnf.exe
mRun: [vscvol.exe] c:\program files\roland\vsc32\vscvol.exe
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\nello\startm~1\programs\startup\candyc~1.lnk - c:\program files\candy clock\CandyClock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.3.1/jinstall-1_3_1-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{15852D0C-5EF1-483F-A1E3-81C0B237D78A} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nello\application data\mozilla\firefox\profiles\ma1dj36v.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://home.bt.yahoo.com/
FF - plugin: c:\documents and settings\nello\application data\mozilla\firefox\profiles\ma1dj36v.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\javasoft\jre\1.3.1_02\bin\NPJava11.dll
FF - plugin: c:\program files\javasoft\jre\1.3.1_02\bin\NPJava12.dll
FF - plugin: c:\program files\javasoft\jre\1.3.1_02\bin\NPJava131_02.dll
FF - plugin: c:\program files\javasoft\jre\1.3.1_02\bin\NPJava32.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----

.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 475704]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-7-6 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-7-6 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-7-6 909728]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-4-17 56208]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2012-2-24 99728]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-4-11 73104]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-5-15 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2012-5-15 34768]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2012-5-15 11776]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-8-23 89792]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-7-6 254912]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-7-6 203088]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-4-17 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-4-17 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2012-4-17 101112]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.5 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2012-5-15 3065120]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2008-5-16 759072]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-8-22 29416]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-7-6 575416]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-4 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-23 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-23 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-23 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-8-23 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-8-23 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-8-23 159608]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-4-17 931640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-7-6 402336]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-7-6 1118648]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2009-1-8 262360]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-5-15 51632]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-3-20 98328]
R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.sys [2008-3-20 134168]
R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.sys [2008-3-20 309784]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-4 22344]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-8-23 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-8-23 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-8-23 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-8-23 83856]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-7-6 70536]
R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [2009-4-15 434176]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-2-24 99728]
S0 wuhcgal;wuhcgal;c:\windows\system32\drivers\dwsix.sys --> c:\windows\system32\drivers\dwsix.sys [?]
S1 MemAlloc;MemAlloc;c:\windows\system32\drivers\memalloc.sys --> c:\windows\system32\drivers\memalloc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\elock2burnerlockdriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\elock2fsctldriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-1 133104]
S2 MOBCleanup;MOBCleanup; [x]
S2 PIEUsb;Single Frame Film Scanner;c:\windows\system32\drivers\usbscan.sys [2009-1-11 15104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 257696]
S3 BTUsbrXP®;BT Voyager 1010 USB Adapter;c:\windows\system32\drivers\btusbrxp.sys --> c:\windows\system32\drivers\btusbrxp.sys [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-8-23 57600]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-3-20 98328]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-3-20 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-3-20 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-3-20 528920]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-3-20 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.sys [2008-3-20 163352]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.sys [2008-3-20 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.sys [2008-3-20 259096]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.sys [2008-3-20 259096]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.sys [2008-3-20 134168]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.sys [2008-3-20 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-3-20 99352]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-3-20 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-3-20 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-3-20 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-3-20 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-3-20 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-3-20 534040]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-3-20 534040]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-1 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-8-23 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-8-23 87656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-10 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-10 40552]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 129976]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-5-14 70736]
S3 synasusb;eLicenser;c:\windows\system32\drivers\synasusb.sys [2010-12-7 23696]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-05-20 06:03:12 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{acbbb8d0-9f47-415f-8575-317e6a05652d}\mpengine.dll
2012-05-18 17:54:31 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-05-17 07:38:24 -------- d-----w- c:\program files\XoftSpySE
2012-05-16 15:51:27 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-16 15:25:00 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-16 15:23:00 -------- d-----w- c:\program files\iPod
2012-05-16 15:22:52 -------- d-----w- c:\program files\iTunes
2012-05-15 16:30:29 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-05-15 10:50:52 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-05-15 10:50:52 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-05-15 10:50:52 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-05-15 10:50:08 -------- d-----w- c:\program files\NVIDIA Corporation
2012-05-15 06:25:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-14 19:29:45 70736 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-05-14 19:29:29 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-05-14 16:01:30 -------- d-----w- c:\documents and settings\nello\application data\SUPERAntiSpyware.com
2012-05-14 16:00:40 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-05-12 13:30:40 -------- d-----w- c:\program files\HitmanPro
2012-05-12 13:30:18 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-05-09 13:49:47 -------- d-----w- C:\sh4ldr
2012-05-09 13:49:47 -------- d-----w- c:\program files\Enigma Software Group
2012-05-09 13:49:15 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-05-09 13:49:11 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-05-09 12:59:14 -------- d-----w- c:\program files\stinger
2012-05-08 19:21:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-08 19:19:11 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-05-08 18:26:42 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-05-08 18:26:42 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-08 18:23:08 208896 ----a-w- c:\windows\MBR.exe
2012-05-08 17:30:04 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-05-06 18:15:31 -------- d-----w- c:\documents and settings\nello\local settings\application data\{6D3D7139-97A7-11E1-826E-B8AC6F996F26}
2012-05-06 18:05:11 -------- d-----w- c:\program files\common files\FTP
2012-04-29 17:38:08 29272 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2012-04-27 18:00:29 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-27 18:00:12 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-27 18:00:12 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-13 14:46:02 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-05-12 10:12:36 848 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2012-05-09 12:59:36 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-05-09 12:59:35 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-05-09 12:59:35 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-05-06 07:52:19 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 07:52:19 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-23 13:18:20 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-04-23 13:17:56 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-23 13:12:38 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-04-23 11:36:50 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-04-23 11:36:48 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-04-17 00:23:58 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-04-13 13:28:50 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-04-13 13:28:48 2271160 ----a-w- c:\windows\PCTBDCore.dll
2012-04-13 13:28:48 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-04-13 13:28:30 767928 ----a-w- c:\windows\BDTSupport.dll
2012-04-11 13:56:36 73104 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 12:13:38 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-04-04 12:13:26 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-04-04 12:13:22 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-03-20 19:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-28 10:43:06 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-02-28 10:43:00 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-02-24 14:28:26 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 14:28:26 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 13:09:44 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-02-23 13:09:42 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-02-23 13:09:42 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-02-23 13:09:40 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-02-23 13:09:34 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-02-23 13:09:34 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-02-23 13:09:32 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-02-23 13:09:32 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-02-23 13:09:30 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-02-22 12:29:46 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 12:29:46 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-02-22 12:29:46 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-02-22 12:29:46 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 12:29:46 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 12:29:46 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 12:29:46 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 12:29:46 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
============= FINISH: 17:10:12.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 21 May 2012 - 12:12 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Microsoft Security Essentials
AV: McAfee Anti-Virus and Anti-Spyware
AV: Emsisoft Anti-Malware


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 nelami

nelami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 21 May 2012 - 06:44 AM

Hi Gringo
The other virus scanners were added during my attempts to remove the problem. I have removed/disabled them as you have asked.
The PC is not behaving properly. I cannot use the CD drive; I am blocked from my BT Yahoo home page; Firefox is no longer my default browser and it reports "This website, or elements therof, are on the BlockSite blacklist (or not on the whitelist) and have not been loaded." - dont know if that is related to the problem or not. Also new hardware is found (unspecified) and it cannot find the appropriate driver.

Here the CheckSite log

Results of screen317's Security Check version 0.99.33
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Internet Security
Multi Virus Cleaner 2011
McAfee Virtual Technician
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Cleaner 5 EZ
Eusing Free Registry Cleaner
Multi Virus Cleaner 2011
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java™ 6 Update 20
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (12.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
``````````End of Log````````````



Here is the ComboFix log

ComboFix 12-05-20.10 - Nello 21/05/2012 11:45:48.6.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.1981 [GMT 1:00]
Running from: c:\documents and settings\Nello\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))
.
.
2012-05-21 10:42 . 2012-05-08 08:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{679F5473-AB51-4F97-B2E1-398F5C354E9A}\mpengine.dll
2012-05-20 06:03 . 2012-05-08 08:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-16 15:51 . 2012-05-16 15:52 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-16 15:25 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-16 15:23 . 2012-05-16 15:23 -------- d-----w- c:\program files\iPod
2012-05-16 15:22 . 2012-05-16 15:24 -------- d-----w- c:\program files\iTunes
2012-05-15 16:30 . 2012-05-21 09:51 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-05-15 10:50 . 2012-05-15 10:50 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-05-15 10:50 . 2012-05-15 10:50 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-05-15 10:50 . 2012-05-15 10:50 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-05-15 10:50 . 2012-05-15 10:50 -------- d-----w- c:\program files\NVIDIA Corporation
2012-05-14 19:27 . 2012-05-14 19:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\TestApp
2012-05-12 13:30 . 2012-05-12 13:30 -------- d-----w- c:\program files\HitmanPro
2012-05-12 13:30 . 2012-05-12 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-05-09 13:49 . 2012-05-09 15:41 -------- d-----w- C:\sh4ldr
2012-05-09 13:49 . 2012-05-09 13:49 -------- d-----w- c:\program files\Enigma Software Group
2012-05-09 13:49 . 2012-05-09 15:41 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-05-09 13:49 . 2012-05-09 13:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-05-09 12:59 . 2012-05-09 15:04 -------- d-----w- c:\program files\stinger
2012-05-09 12:41 . 2012-05-09 12:41 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-05-08 19:21 . 2012-05-13 14:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-08 18:26 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-05-08 18:26 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-08 17:30 . 2012-05-08 18:19 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-05-08 12:47 . 2012-05-08 12:47 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2012-05-08 12:47 . 2012-05-08 12:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
2012-05-08 12:47 . 2012-05-08 12:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Trusteer
2012-05-08 06:08 . 2012-05-09 12:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2012-05-08 06:08 . 2012-05-08 06:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2012-05-06 18:15 . 2012-05-06 18:15 -------- d-----w- c:\documents and settings\Nello\Local Settings\Application Data\{6D3D7139-97A7-11E1-826E-B8AC6F996F26}
2012-05-06 18:05 . 2012-05-07 06:14 -------- d-----w- c:\program files\Common Files\FTP
2012-04-29 17:38 . 2012-03-20 12:06 29272 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2012-04-27 18:00 . 2012-04-27 18:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-27 18:00 . 2012-04-27 18:00 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 18:00 . 2012-04-27 18:00 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 14:46 . 2011-08-16 18:24 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-05-12 10:12 . 2009-06-22 18:31 848 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2012-05-09 12:59 . 2011-08-23 19:01 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-05-09 12:59 . 2011-08-23 19:12 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-05-09 12:59 . 2011-03-13 10:20 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-05-06 07:52 . 2012-04-10 07:35 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 07:52 . 2011-06-26 17:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-17 00:23 . 2012-04-17 00:23 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-04-11 13:14 . 2007-02-28 09:55 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2007-03-08 13:47 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2007-02-28 08:15 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 14:56 . 2011-07-04 19:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 19:44 . 2012-03-20 19:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01 . 2007-04-18 12:46 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 05:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 05:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 05:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-22 12:29 . 2011-08-23 19:12 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 12:29 . 2011-08-23 19:12 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-02-22 12:29 . 2011-08-23 19:12 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-02-22 12:29 . 2011-08-23 19:12 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 12:29 . 2011-08-23 19:12 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 12:29 . 2011-08-23 19:12 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 12:29 . 2011-08-23 19:12 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 12:29 . 2011-03-13 10:20 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-04-27 18:00 . 2011-04-29 18:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 12:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"vsc32cnf.exe"="c:\program files\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"vscvol.exe"="c:\program files\Roland\VSC32\vscvol.exe" [2000-02-08 36864]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CTHelper"="CTHELPER.EXE" [2008-03-20 23040]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-03-20 23552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-02-20 81920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Nello\Start Menu\Programs\Startup\
CandyClock.lnk - c:\program files\Candy Clock\CandyClock.exe [2009-1-11 646144]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI2"=vscapi.dll
"WAVE2"=vscapi.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [17/04/2012 01:23 56208]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [23/08/2011 20:12 89792]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 20:57 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [17/04/2012 01:23 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [17/04/2012 01:23 164112]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [17/04/2012 19:18 101112]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [16/05/2008 12:31 759072]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [22/08/2010 19:22 29416]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [04/07/2011 20:35 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23/08/2011 20:12 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [23/08/2011 20:12 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [23/08/2011 20:12 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [23/08/2011 20:01 159608]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 21:22 34064]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/04/2012 01:23 931640]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [08/01/2009 10:34 262360]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [20/03/2008 18:23 98328]
R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.sys [20/03/2008 18:38 134168]
R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.sys [20/03/2008 18:37 309784]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/07/2011 20:35 22344]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [23/08/2011 20:12 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [23/08/2011 20:12 83856]
R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [15/04/2009 19:17 434176]
S0 wuhcgal;wuhcgal;c:\windows\system32\drivers\dwsix.sys --> c:\windows\system32\drivers\dwsix.sys [?]
S1 MemAlloc;MemAlloc;c:\windows\system32\DRIVERS\memalloc.sys --> c:\windows\system32\DRIVERS\memalloc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/09/2009 19:56 133104]
S2 MOBCleanup;MOBCleanup; [x]
S2 PIEUsb;Single Frame Film Scanner;c:\windows\system32\drivers\usbscan.sys [11/01/2009 17:40 15104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10/04/2012 08:35 257696]
S3 BTUsbrXP®;BT Voyager 1010 USB Adapter;c:\windows\system32\DRIVERS\btusbrxp.sys --> c:\windows\system32\DRIVERS\btusbrxp.sys [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [23/08/2011 20:12 57600]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [20/03/2008 18:23 98328]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [20/03/2008 18:36 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [20/03/2008 18:36 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [20/03/2008 18:23 528920]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [20/03/2008 18:23 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.sys [20/03/2008 18:26 163352]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.sys [20/03/2008 18:26 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.sys [20/03/2008 18:32 259096]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.sys [20/03/2008 18:32 259096]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.sys [20/03/2008 18:38 134168]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.sys [20/03/2008 18:37 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [20/03/2008 18:36 99352]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [20/03/2008 18:36 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [20/03/2008 18:40 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [20/03/2008 18:40 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [20/03/2008 18:37 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [20/03/2008 18:37 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [20/03/2008 18:25 534040]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [20/03/2008 18:25 534040]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [01/09/2009 19:56 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [23/08/2011 20:12 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [23/08/2011 20:12 87656]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27/04/2012 19:00 129976]
S3 synasusb;eLicenser;c:\windows\system32\drivers\synasusb.sys [07/12/2010 20:04 23696]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23/07/2009 04:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30/03/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 03:23 366936]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
*Deregistered* - RapportIaso
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zppinger
hwdatacard
KR10I
kbstuff
s217mgmt
wintab32
vmnetdhcp
sprtsvc_dellsupportcenter
SI3112
snareiis
dns4meclient
WSIMD
motmodem
aliadwdm
elosystemservice
PTDCBus
scan
NetPipeActivator
drvmcdb
bthidenum
Shockprf
lcs
ATKGFNEXSrv
dlbu_device
kservice
Jukebox
dlaboiom
enxpsvc
erecoveryservice
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 07:52]
.
2012-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 12:34]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 18:56]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 18:56]
.
2012-05-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.bt.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://home.bt.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nello\Application Data\Mozilla\Firefox\Profiles\ma1dj36v.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://home.bt.yahoo.com/

.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-26139942.sys
AddRemove-Multi Virus Cleaner 2011_is1 - c:\program files\AxBx\Multi Virus Cleaner 2011\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-21 11:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2E29FD1C-8E93-4d17-8893-DD18E3D36851}\Version*Version]
"Version"=hex:12,c4,aa,27,33,fe,bf,c4,45,1d,cc,ce,76,e3,85,09,67,99,da,d6,cc,
ef,d7,f9,d2,4d,0c,7e,e4,f2,09,4b,d1,db,47,45,fc,5e,b6,9d,f3,32,dd,44,96,21,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\discWelder BRONZE\Version*Version]
"Version"=hex:12,c4,aa,27,33,fe,bf,c4,45,1d,cc,ce,76,e3,85,09,67,99,da,d6,cc,
ef,d7,f9,d2,4d,0c,7e,e4,f2,09,4b,d1,db,47,45,fc,5e,b6,9d,f3,32,dd,44,96,21,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1256)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-05-21 11:56:09
ComboFix-quarantined-files.txt 2012-05-21 10:56
ComboFix2.txt 2012-05-08 19:40
ComboFix3.txt 2012-05-08 19:18
ComboFix4.txt 2010-05-05 18:15
.
Pre-Run: 255,356,600,320 bytes free
Post-Run: 255,513,677,824 bytes free
.
- - End Of File - - 1A68682277735EA43B5C6E7F3A59376D

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 21 May 2012 - 07:19 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 nelami

nelami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 21 May 2012 - 11:32 AM

Hi Gringo
The two log files you requested
Nello

TDSS KILLER LOG
13:44:21.0218 2556 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
13:44:21.0656 2556 ============================================================
13:44:21.0656 2556 Current date / time: 2012/05/21 13:44:21.0656
13:44:21.0656 2556 SystemInfo:
13:44:21.0656 2556
13:44:21.0656 2556 OS Version: 5.1.2600 ServicePack: 3.0
13:44:21.0656 2556 Product type: Workstation
13:44:21.0656 2556 ComputerName: NELAMI-PC
13:44:21.0656 2556 UserName: Nello
13:44:21.0656 2556 Windows directory: C:\WINDOWS
13:44:21.0656 2556 System windows directory: C:\WINDOWS
13:44:21.0656 2556 Processor architecture: Intel x86
13:44:21.0656 2556 Number of processors: 4
13:44:21.0656 2556 Page size: 0x1000
13:44:21.0656 2556 Boot type: Normal boot
13:44:21.0656 2556 ============================================================
13:44:23.0875 2556 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:44:23.0968 2556 ============================================================
13:44:23.0968 2556 \Device\Harddisk0\DR0:
13:44:23.0968 2556 MBR partitions:
13:44:23.0968 2556 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1385000, BlocksNum 0x24AAB000
13:44:23.0968 2556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x25E30000, BlocksNum 0x24A27800
13:44:23.0968 2556 ============================================================
13:44:24.0000 2556 C: <-> \Device\Harddisk0\DR0\Partition0
13:44:24.0109 2556 D: <-> \Device\Harddisk0\DR0\Partition1
13:44:24.0109 2556 ============================================================
13:44:24.0109 2556 Initialize success
13:44:24.0109 2556 ============================================================
13:44:35.0328 4684 ============================================================
13:44:35.0328 4684 Scan started
13:44:35.0328 4684 Mode: Manual; SigCheck; TDLFS;
13:44:35.0328 4684 ============================================================
13:44:35.0781 4684 ABBYY.Licensing.FineReader.Professional.9.0 (fd8e0ae4b245b78fb17c468cd1d49730) C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
13:44:35.0906 4684 ABBYY.Licensing.FineReader.Professional.9.0 - ok
13:44:36.0000 4684 Abiosdsk - ok
13:44:36.0000 4684 abp480n5 - ok
13:44:36.0031 4684 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:44:36.0453 4684 ACPI - ok
13:44:36.0468 4684 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:44:36.0578 4684 ACPIEC - ok
13:44:36.0625 4684 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:44:36.0640 4684 AdobeFlashPlayerUpdateSvc - ok
13:44:36.0640 4684 adpu160m - ok
13:44:36.0656 4684 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:44:36.0750 4684 aec - ok
13:44:36.0796 4684 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:44:36.0812 4684 AFD - ok
13:44:36.0828 4684 Aha154x - ok
13:44:36.0828 4684 aic78u2 - ok
13:44:36.0828 4684 aic78xx - ok
13:44:36.0859 4684 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:44:36.0968 4684 Alerter - ok
13:44:36.0984 4684 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:44:37.0078 4684 ALG - ok
13:44:37.0093 4684 AliIde - ok
13:44:37.0093 4684 amsint - ok
13:44:37.0156 4684 Apache2.2 (fb32f046a2578755fa0da5052c6a9cd3) C:\xampp\apache\bin\httpd.exe
13:44:37.0171 4684 Apache2.2 - ok
13:44:37.0234 4684 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:44:37.0234 4684 Apple Mobile Device - ok
13:44:37.0265 4684 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:44:37.0375 4684 AppMgmt - ok
13:44:37.0390 4684 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:44:37.0484 4684 Arp1394 - ok
13:44:37.0484 4684 asc - ok
13:44:37.0500 4684 asc3350p - ok
13:44:37.0500 4684 asc3550 - ok
13:44:37.0562 4684 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:44:37.0593 4684 aspnet_state - ok
13:44:37.0609 4684 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:44:37.0703 4684 AsyncMac - ok
13:44:37.0734 4684 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:44:37.0828 4684 atapi - ok
13:44:37.0828 4684 Atdisk - ok
13:44:37.0843 4684 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:44:37.0937 4684 Atmarpc - ok
13:44:37.0968 4684 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:44:38.0062 4684 AudioSrv - ok
13:44:38.0078 4684 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:44:38.0156 4684 audstub - ok
13:44:38.0218 4684 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
13:44:38.0234 4684 BcmSqlStartupSvc - ok
13:44:38.0250 4684 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:44:38.0343 4684 Beep - ok
13:44:38.0375 4684 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:44:38.0562 4684 BITS - ok
13:44:38.0593 4684 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:44:38.0625 4684 Bonjour Service - ok
13:44:38.0656 4684 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:44:38.0734 4684 Browser - ok
13:44:38.0750 4684 bthidenum - ok
13:44:38.0765 4684 BTUsbrXP® - ok
13:44:38.0843 4684 catchme - ok
13:44:38.0859 4684 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:44:38.0953 4684 cbidf2k - ok
13:44:38.0984 4684 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:44:39.0078 4684 CCDECODE - ok
13:44:39.0078 4684 cd20xrnt - ok
13:44:39.0093 4684 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:44:39.0187 4684 Cdaudio - ok
13:44:39.0218 4684 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:44:39.0296 4684 Cdfs - ok
13:44:39.0328 4684 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:44:39.0406 4684 Cdrom - ok
13:44:39.0421 4684 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\WINDOWS\system32\drivers\cfwids.sys
13:44:39.0484 4684 cfwids - ok
13:44:39.0484 4684 Changer - ok
13:44:39.0500 4684 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:44:39.0609 4684 CiSvc - ok
13:44:39.0609 4684 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:44:39.0687 4684 ClipSrv - ok
13:44:39.0750 4684 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:44:39.0765 4684 clr_optimization_v2.0.50727_32 - ok
13:44:39.0812 4684 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:44:39.0859 4684 clr_optimization_v4.0.30319_32 - ok
13:44:39.0859 4684 CmdIde - ok
13:44:39.0921 4684 COMMONFX (334d77efc9f3d22dee021a9bb3f4e13e) C:\WINDOWS\system32\drivers\COMMONFX.SYS
13:44:39.0921 4684 COMMONFX - ok
13:44:39.0937 4684 COMMONFX.SYS (334d77efc9f3d22dee021a9bb3f4e13e) C:\WINDOWS\System32\drivers\COMMONFX.SYS
13:44:39.0937 4684 COMMONFX.SYS - ok
13:44:39.0953 4684 COMSysApp - ok
13:44:39.0953 4684 Cpqarray - ok
13:44:39.0984 4684 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:44:40.0078 4684 CryptSvc - ok
13:44:40.0109 4684 CT20XUT (270dfada559691363a276478bab36b68) C:\WINDOWS\system32\drivers\CT20XUT.SYS
13:44:40.0125 4684 CT20XUT - ok
13:44:40.0140 4684 CT20XUT.SYS (270dfada559691363a276478bab36b68) C:\WINDOWS\System32\drivers\CT20XUT.SYS
13:44:40.0156 4684 CT20XUT.SYS - ok
13:44:40.0203 4684 ctac32k (34ac8a1dc4299a34ff06949011eb53ef) C:\WINDOWS\system32\drivers\ctac32k.sys
13:44:40.0218 4684 ctac32k - ok
13:44:40.0250 4684 ctaud2k (bbe95f29eabc46371dadfacc586d420b) C:\WINDOWS\system32\drivers\ctaud2k.sys
13:44:40.0281 4684 ctaud2k - ok
13:44:40.0312 4684 CTAUDFX (be7dcee4191c74156288b1d217350189) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
13:44:40.0343 4684 CTAUDFX - ok
13:44:40.0343 4684 CTAUDFX.SYS (be7dcee4191c74156288b1d217350189) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
13:44:40.0375 4684 CTAUDFX.SYS - ok
13:44:40.0375 4684 CTEAPSFX (e55f88b27498a4b5e17eac75425a7755) C:\WINDOWS\system32\drivers\CTEAPSFX.SYS
13:44:40.0390 4684 CTEAPSFX - ok
13:44:40.0390 4684 CTEAPSFX.SYS (e55f88b27498a4b5e17eac75425a7755) C:\WINDOWS\System32\drivers\CTEAPSFX.SYS
13:44:40.0406 4684 CTEAPSFX.SYS - ok
13:44:40.0437 4684 CTEDSPFX (6be4e4dcb76874765c55ecb1f474f7fd) C:\WINDOWS\system32\drivers\CTEDSPFX.SYS
13:44:40.0453 4684 CTEDSPFX - ok
13:44:40.0468 4684 CTEDSPFX.SYS (6be4e4dcb76874765c55ecb1f474f7fd) C:\WINDOWS\System32\drivers\CTEDSPFX.SYS
13:44:40.0468 4684 CTEDSPFX.SYS - ok
13:44:40.0484 4684 CTEDSPIO (1e7d07d669a2572b73006fede47e173f) C:\WINDOWS\system32\drivers\CTEDSPIO.SYS
13:44:40.0500 4684 CTEDSPIO - ok
13:44:40.0515 4684 CTEDSPIO.SYS (1e7d07d669a2572b73006fede47e173f) C:\WINDOWS\System32\drivers\CTEDSPIO.SYS
13:44:40.0515 4684 CTEDSPIO.SYS - ok
13:44:40.0546 4684 CTEDSPSY (b70dfa869ee0b63b9fa01b038c886640) C:\WINDOWS\system32\drivers\CTEDSPSY.SYS
13:44:40.0562 4684 CTEDSPSY - ok
13:44:40.0578 4684 CTEDSPSY.SYS (b70dfa869ee0b63b9fa01b038c886640) C:\WINDOWS\System32\drivers\CTEDSPSY.SYS
13:44:40.0593 4684 CTEDSPSY.SYS - ok
13:44:40.0609 4684 CTERFXFX (10bc33d886bcd3f0add4aab8051015c1) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
13:44:40.0625 4684 CTERFXFX - ok
13:44:40.0625 4684 CTERFXFX.SYS (10bc33d886bcd3f0add4aab8051015c1) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
13:44:40.0640 4684 CTERFXFX.SYS - ok
13:44:40.0703 4684 CTEXFIFX (6337bdb64b1b94fac817a6a9b83b5800) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
13:44:40.0781 4684 CTEXFIFX - ok
13:44:40.0921 4684 CTEXFIFX.SYS (6337bdb64b1b94fac817a6a9b83b5800) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
13:44:40.0968 4684 CTEXFIFX.SYS - ok
13:44:41.0046 4684 CTHWIUT (a6c62ae40fc06ea5dbcf82ac24f7ea4e) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
13:44:41.0062 4684 CTHWIUT - ok
13:44:41.0062 4684 CTHWIUT.SYS (a6c62ae40fc06ea5dbcf82ac24f7ea4e) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
13:44:41.0078 4684 CTHWIUT.SYS - ok
13:44:41.0093 4684 ctprxy2k (da5ea613e3e77e64d7191bb85675dc45) C:\WINDOWS\system32\drivers\ctprxy2k.sys
13:44:41.0109 4684 ctprxy2k - ok
13:44:41.0125 4684 CTSBLFX (6ea007e24f959fc3cc342aee53838a38) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
13:44:41.0156 4684 CTSBLFX - ok
13:44:41.0156 4684 CTSBLFX.SYS (6ea007e24f959fc3cc342aee53838a38) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
13:44:41.0187 4684 CTSBLFX.SYS - ok
13:44:41.0203 4684 ctsfm2k (8cc0d8a826974a2fde2d24b2739ad177) C:\WINDOWS\system32\drivers\ctsfm2k.sys
13:44:41.0218 4684 ctsfm2k - ok
13:44:41.0218 4684 dac2w2k - ok
13:44:41.0218 4684 dac960nt - ok
13:44:41.0250 4684 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:44:41.0312 4684 DcomLaunch - ok
13:44:41.0343 4684 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:44:41.0437 4684 Dhcp - ok
13:44:41.0468 4684 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:44:41.0546 4684 Disk - ok
13:44:41.0546 4684 dlaboiom - ok
13:44:41.0546 4684 dlbu_device - ok
13:44:41.0562 4684 dmadmin - ok
13:44:41.0609 4684 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:44:41.0703 4684 dmboot - ok
13:44:41.0718 4684 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:44:41.0812 4684 dmio - ok
13:44:41.0812 4684 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:44:41.0921 4684 dmload - ok
13:44:42.0000 4684 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:44:42.0093 4684 dmserver - ok
13:44:42.0109 4684 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:44:42.0187 4684 DMusic - ok
13:44:42.0203 4684 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:44:42.0296 4684 Dnscache - ok
13:44:42.0328 4684 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:44:42.0406 4684 Dot3svc - ok
13:44:42.0421 4684 dpti2o - ok
13:44:42.0437 4684 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:44:42.0515 4684 drmkaud - ok
13:44:42.0546 4684 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:44:42.0625 4684 EapHost - ok
13:44:42.0625 4684 eLock2BurnerLockDriver - ok
13:44:42.0625 4684 eLock2FSCTLDriver - ok
13:44:42.0625 4684 elosystemservice - ok
13:44:42.0671 4684 emupia (dcf87151c15f56b4ecea370e94ca1297) C:\WINDOWS\system32\drivers\emupia2k.sys
13:44:42.0671 4684 emupia - ok
13:44:42.0687 4684 enxpsvc - ok
13:44:42.0687 4684 erecoveryservice - ok
13:44:42.0703 4684 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:44:42.0796 4684 ERSvc - ok
13:44:42.0843 4684 esgiguard - ok
13:44:42.0859 4684 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:44:42.0890 4684 Eventlog - ok
13:44:42.0937 4684 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\Es.dll
13:44:42.0984 4684 EventSystem - ok
13:44:43.0015 4684 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:44:43.0109 4684 Fastfat - ok
13:44:43.0140 4684 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:44:43.0203 4684 FastUserSwitchingCompatibility - ok
13:44:43.0234 4684 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
13:44:43.0328 4684 Fax - ok
13:44:43.0328 4684 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:44:43.0421 4684 Fdc - ok
13:44:43.0437 4684 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:44:43.0515 4684 Fips - ok
13:44:43.0531 4684 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:44:43.0625 4684 Flpydisk - ok
13:44:43.0640 4684 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:44:43.0734 4684 FltMgr - ok
13:44:43.0796 4684 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:44:43.0812 4684 FontCache3.0.0.0 - ok
13:44:43.0859 4684 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:44:43.0953 4684 Fs_Rec - ok
13:44:43.0968 4684 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:44:44.0046 4684 Ftdisk - ok
13:44:44.0062 4684 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:44:44.0078 4684 GEARAspiWDM - ok
13:44:44.0093 4684 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:44:44.0171 4684 Gpc - ok
13:44:44.0234 4684 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:44:44.0250 4684 gupdate - ok
13:44:44.0250 4684 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:44:44.0265 4684 gupdatem - ok
13:44:44.0328 4684 ha10kx2k (36322cd973a20f189422bc25562142d7) C:\WINDOWS\system32\drivers\ha10kx2k.sys
13:44:44.0359 4684 ha10kx2k - ok
13:44:44.0390 4684 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:44:44.0484 4684 HDAudBus - ok
13:44:44.0531 4684 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:44:44.0609 4684 helpsvc - ok
13:44:44.0625 4684 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:44:44.0718 4684 HidServ - ok
13:44:44.0734 4684 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:44:44.0812 4684 HidUsb - ok
13:44:44.0859 4684 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:44:44.0953 4684 hkmsvc - ok
13:44:44.0953 4684 hpn - ok
13:44:44.0984 4684 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:44:45.0046 4684 HTTP - ok
13:44:45.0062 4684 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:44:45.0156 4684 HTTPFilter - ok
13:44:45.0156 4684 hwdatacard - ok
13:44:45.0156 4684 i2omgmt - ok
13:44:45.0156 4684 i2omp - ok
13:44:45.0171 4684 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:44:45.0250 4684 i8042prt - ok
13:44:45.0359 4684 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:44:45.0406 4684 idsvc - ok
13:44:45.0468 4684 IISADMIN (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
13:44:45.0546 4684 IISADMIN - ok
13:44:45.0562 4684 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:44:45.0640 4684 Imapi - ok
13:44:45.0671 4684 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:44:45.0765 4684 ImapiService - ok
13:44:45.0781 4684 ini910u - ok
13:44:46.0000 4684 IntcAzAudAddService (f7f3328544e1ac2e97caea9b39d9b9de) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:44:46.0218 4684 IntcAzAudAddService - ok
13:44:46.0312 4684 IntelIde - ok
13:44:46.0328 4684 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:44:46.0421 4684 intelppm - ok
13:44:46.0437 4684 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:44:46.0515 4684 Ip6Fw - ok
13:44:46.0531 4684 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:44:46.0625 4684 IpFilterDriver - ok
13:44:46.0640 4684 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:44:46.0718 4684 IpInIp - ok
13:44:46.0750 4684 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:44:46.0843 4684 IpNat - ok
13:44:46.0937 4684 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
13:44:46.0968 4684 iPod Service - ok
13:44:46.0984 4684 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:44:47.0078 4684 IPSec - ok
13:44:47.0093 4684 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:44:47.0171 4684 IRENUM - ok
13:44:47.0187 4684 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:44:47.0281 4684 isapnp - ok
13:44:47.0343 4684 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
13:44:47.0359 4684 JavaQuickStarterService - ok
13:44:47.0375 4684 Jukebox - ok
13:44:47.0390 4684 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:44:47.0468 4684 Kbdclass - ok
13:44:47.0484 4684 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:44:47.0562 4684 kbdhid - ok
13:44:47.0562 4684 kbstuff - ok
13:44:47.0609 4684 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:44:47.0703 4684 kmixer - ok
13:44:47.0718 4684 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:44:47.0765 4684 KSecDD - ok
13:44:47.0765 4684 kservice - ok
13:44:47.0812 4684 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:44:47.0859 4684 lanmanserver - ok
13:44:47.0875 4684 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:44:47.0921 4684 lanmanworkstation - ok
13:44:47.0921 4684 lbrtfdc - ok
13:44:47.0937 4684 lcs - ok
13:44:47.0968 4684 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:44:48.0046 4684 LmHosts - ok
13:44:48.0062 4684 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
13:44:48.0078 4684 MBAMProtector - ok
13:44:48.0156 4684 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:44:48.0187 4684 MBAMService - ok
13:44:48.0281 4684 McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:44:48.0296 4684 McAfee SiteAdvisor Service - ok
13:44:48.0312 4684 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:44:48.0312 4684 mcmscsvc - ok
13:44:48.0328 4684 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:44:48.0328 4684 McNaiAnn - ok
13:44:48.0343 4684 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:44:48.0359 4684 McNASvc - ok
13:44:48.0421 4684 McODS (42117cbc4849a5cf11129912dabbdeca) C:\Program Files\McAfee\VirusScan\mcods.exe
13:44:48.0437 4684 McODS - ok
13:44:48.0437 4684 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:44:48.0453 4684 McProxy - ok
13:44:48.0515 4684 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
13:44:48.0531 4684 McShield - ok
13:44:48.0625 4684 MemAlloc - ok
13:44:48.0640 4684 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:44:48.0734 4684 Messenger - ok
13:44:48.0750 4684 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\WINDOWS\system32\drivers\mfeapfk.sys
13:44:48.0765 4684 mfeapfk - ok
13:44:48.0796 4684 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\WINDOWS\system32\drivers\mfeavfk.sys
13:44:48.0828 4684 mfeavfk - ok
13:44:48.0828 4684 mfeavfk01 - ok
13:44:48.0828 4684 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\WINDOWS\system32\drivers\mfebopk.sys
13:44:48.0843 4684 mfebopk - ok
13:44:48.0875 4684 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
13:44:48.0906 4684 mfefire - ok
13:44:48.0937 4684 mfefirek (4ea6ff90015424517843e931448e00f1) C:\WINDOWS\system32\drivers\mfefirek.sys
13:44:48.0953 4684 mfefirek - ok
13:44:49.0000 4684 mfehidk (37800fbb68d88e3c3e49bb9c97233e87) C:\WINDOWS\system32\drivers\mfehidk.sys
13:44:49.0031 4684 mfehidk - ok
13:44:49.0062 4684 mfendisk (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
13:44:49.0078 4684 mfendisk - ok
13:44:49.0078 4684 mfendiskmp (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
13:44:49.0093 4684 mfendiskmp - ok
13:44:49.0125 4684 mferkdet (47c91e229b129047f0138011ddf9f92f) C:\WINDOWS\system32\drivers\mferkdet.sys
13:44:49.0140 4684 mferkdet - ok
13:44:49.0171 4684 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
13:44:49.0187 4684 mferkdk - ok
13:44:49.0203 4684 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
13:44:49.0218 4684 mfesmfk - ok
13:44:49.0234 4684 mfetdi2k (070d3faf2eac417c59d8674a8752f7a6) C:\WINDOWS\system32\drivers\mfetdi2k.sys
13:44:49.0250 4684 mfetdi2k - ok
13:44:49.0265 4684 mfevtp (9f09caa8dc12fc1626f82a5c212f6f9c) C:\WINDOWS\system32\mfevtps.exe
13:44:49.0296 4684 mfevtp - ok
13:44:49.0312 4684 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:44:49.0406 4684 mnmdd - ok
13:44:49.0421 4684 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:44:49.0500 4684 mnmsrvc - ok
13:44:49.0531 4684 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:44:49.0625 4684 Modem - ok
13:44:49.0640 4684 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:44:49.0718 4684 Mouclass - ok
13:44:49.0734 4684 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:44:49.0843 4684 mouhid - ok
13:44:49.0843 4684 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:44:49.0937 4684 MountMgr - ok
13:44:49.0968 4684 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:44:50.0000 4684 MozillaMaintenance - ok
13:44:50.0031 4684 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:44:50.0046 4684 MpFilter - ok
13:44:50.0062 4684 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys
13:44:50.0078 4684 MPFP - ok
13:44:50.0125 4684 MpKsl1bd62470 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4377CFB5-66EE-4CC5-810A-8515B7589283}\MpKsl1bd62470.sys
13:44:50.0140 4684 MpKsl1bd62470 - ok
13:44:50.0140 4684 mraid35x - ok
13:44:50.0156 4684 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:44:50.0250 4684 MRxDAV - ok
13:44:50.0281 4684 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:44:50.0343 4684 MRxSmb - ok
13:44:50.0359 4684 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:44:50.0453 4684 MSDTC - ok
13:44:50.0468 4684 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:44:50.0562 4684 Msfs - ok
13:44:50.0578 4684 MSIServer - ok
13:44:50.0625 4684 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:44:50.0640 4684 MSK80Service - ok
13:44:50.0640 4684 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:44:50.0734 4684 MSKSSRV - ok
13:44:50.0765 4684 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
13:44:50.0781 4684 MsMpSvc - ok
13:44:50.0812 4684 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:44:50.0890 4684 MSPCLOCK - ok
13:44:50.0906 4684 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:44:51.0000 4684 MSPQM - ok
13:44:51.0015 4684 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:44:51.0093 4684 mssmbios - ok
13:44:51.0109 4684 MSSQL$MSSMLBIZ - ok
13:44:51.0156 4684 MSSQL$SQLEXPRESS - ok
13:44:51.0171 4684 MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:44:51.0187 4684 MSSQLServerADHelper - ok
13:44:51.0234 4684 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:44:51.0250 4684 MSSQLServerADHelper100 - ok
13:44:51.0265 4684 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:44:51.0359 4684 MSTEE - ok
13:44:51.0390 4684 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:44:51.0406 4684 Mup - ok
13:44:51.0718 4684 MySQL (21eef976d53a0bcb603abff4ab6e4c88) C:\xampp\mysql\bin\mysqld.exe
13:44:51.0953 4684 MySQL - ok
13:44:52.0062 4684 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:44:52.0156 4684 NABTSFEC - ok
13:44:52.0203 4684 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:44:52.0296 4684 napagent - ok
13:44:52.0328 4684 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:44:52.0421 4684 NDIS - ok
13:44:52.0437 4684 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:44:52.0531 4684 NdisIP - ok
13:44:52.0546 4684 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:44:52.0562 4684 NdisTapi - ok
13:44:52.0609 4684 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:44:52.0687 4684 Ndisuio - ok
13:44:52.0703 4684 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:44:52.0781 4684 NdisWan - ok
13:44:52.0812 4684 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:44:52.0843 4684 NDProxy - ok
13:44:52.0859 4684 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:44:52.0937 4684 NetBIOS - ok
13:44:52.0953 4684 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:44:53.0046 4684 NetBT - ok
13:44:53.0078 4684 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:44:53.0171 4684 NetDDE - ok
13:44:53.0171 4684 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:44:53.0250 4684 NetDDEdsdm - ok
13:44:53.0265 4684 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:44:53.0359 4684 Netlogon - ok
13:44:53.0375 4684 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:44:53.0468 4684 Netman - ok
13:44:53.0546 4684 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:44:53.0562 4684 NetTcpPortSharing - ok
13:44:53.0578 4684 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:44:53.0656 4684 NIC1394 - ok
13:44:53.0703 4684 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:44:53.0734 4684 Nla - ok
13:44:53.0750 4684 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
13:44:53.0843 4684 nm - ok
13:44:53.0875 4684 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
13:44:53.0890 4684 NPF - ok
13:44:53.0890 4684 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:44:53.0984 4684 Npfs - ok
13:44:54.0015 4684 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:44:54.0093 4684 Ntfs - ok
13:44:54.0109 4684 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:44:54.0187 4684 NtLmSsp - ok
13:44:54.0234 4684 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:44:54.0343 4684 NtmsSvc - ok
13:44:54.0359 4684 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:44:54.0453 4684 Null - ok
13:44:55.0031 4684 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:44:55.0468 4684 nv - ok
13:44:56.0765 4684 NVENETFD (d314fe034d68c09d412727886e24f5fb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:44:56.0796 4684 NVENETFD - ok
13:44:56.0828 4684 nvnetbus (f99fbb623ed78367574ee461b5b32c2c) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:44:56.0859 4684 nvnetbus - ok
13:44:56.0906 4684 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
13:44:56.0921 4684 nvsmu - ok
13:44:57.0156 4684 NVSvc (c666be18ed0728b2a38096cf26023791) C:\WINDOWS\system32\nvsvc32.exe
13:44:57.0234 4684 NVSvc - ok
13:44:57.0265 4684 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:44:57.0359 4684 NwlnkFlt - ok
13:44:57.0406 4684 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:44:57.0515 4684 NwlnkFwd - ok
13:44:58.0296 4684 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:44:58.0453 4684 odserv - ok
13:44:58.0562 4684 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:44:58.0656 4684 ohci1394 - ok
13:44:58.0890 4684 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:44:58.0906 4684 ose - ok
13:44:59.0156 4684 ossrv (f8f7fe5d67c47c2f1016f7a139e0f664) C:\WINDOWS\system32\drivers\ctoss2k.sys
13:44:59.0171 4684 ossrv - ok
13:44:59.0312 4684 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:44:59.0406 4684 Parport - ok
13:44:59.0453 4684 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:44:59.0562 4684 PartMgr - ok
13:44:59.0625 4684 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:44:59.0750 4684 ParVdm - ok
13:44:59.0796 4684 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:44:59.0906 4684 PCI - ok
13:44:59.0906 4684 PCIDump - ok
13:44:59.0906 4684 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:45:00.0015 4684 PCIIde - ok
13:45:00.0140 4684 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:45:00.0250 4684 Pcmcia - ok
13:45:00.0265 4684 PDCOMP - ok
13:45:00.0265 4684 PDFRAME - ok
13:45:00.0265 4684 PDRELI - ok
13:45:00.0281 4684 PDRFRAME - ok
13:45:00.0281 4684 perc2 - ok
13:45:00.0296 4684 perc2hib - ok
13:45:00.0328 4684 PfModNT (28157deb9473631ba94fe9965b5e0050) C:\WINDOWS\system32\drivers\PfModNT.sys
13:45:00.0343 4684 PfModNT - ok
13:45:00.0390 4684 PIEUsb (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\Drivers\usbscan.sys
13:45:00.0484 4684 PIEUsb - ok
13:45:00.0515 4684 PinnacleMarvinAVS (c463f4e36e7a90bed38483939adab014) C:\WINDOWS\system32\DRIVERS\MarvinAVS.sys
13:45:00.0578 4684 PinnacleMarvinAVS - ok
13:45:00.0593 4684 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:45:00.0609 4684 PlugPlay - ok
13:45:00.0625 4684 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:45:00.0703 4684 PolicyAgent - ok
13:45:00.0734 4684 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:45:00.0812 4684 PptpMiniport - ok
13:45:00.0828 4684 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:45:00.0906 4684 ProtectedStorage - ok
13:45:00.0953 4684 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\WINDOWS\system32\PSIService.exe
13:45:00.0968 4684 ProtexisLicensing - ok
13:45:00.0984 4684 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:45:01.0062 4684 PSched - ok
13:45:01.0078 4684 psdfilter - ok
13:45:01.0078 4684 psdvdisk - ok
13:45:01.0140 4684 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
13:45:01.0156 4684 PSI_SVC_2 - ok
13:45:01.0171 4684 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:45:01.0281 4684 Ptilink - ok
13:45:01.0281 4684 ql1080 - ok
13:45:01.0281 4684 Ql10wnt - ok
13:45:01.0296 4684 ql12160 - ok
13:45:01.0296 4684 ql1240 - ok
13:45:01.0296 4684 ql1280 - ok
13:45:01.0375 4684 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
13:45:01.0406 4684 RapportCerberus_34302 - ok
13:45:01.0437 4684 RapportEI (ce5e57cd3eea7cdda06b4ad78a425074) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
13:45:01.0453 4684 RapportEI - ok
13:45:01.0453 4684 RapportKELL (f0480e9fa9adfe6ec45361c2e70627e7) C:\WINDOWS\system32\Drivers\RapportKELL.sys
13:45:01.0468 4684 RapportKELL - ok
13:45:01.0515 4684 RapportMgmtService (f63424f1555ff49397ec6f430752241c) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
13:45:01.0562 4684 RapportMgmtService - ok
13:45:01.0578 4684 RapportPG (1d3297c3872c0531a50f20d4e6dfe7cc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
13:45:01.0593 4684 RapportPG - ok
13:45:01.0687 4684 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:45:01.0781 4684 RasAcd - ok
13:45:01.0812 4684 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:45:01.0906 4684 RasAuto - ok
13:45:01.0968 4684 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:45:02.0046 4684 Rasl2tp - ok
13:45:02.0093 4684 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:45:02.0203 4684 RasMan - ok
13:45:02.0203 4684 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:45:02.0281 4684 RasPppoe - ok
13:45:02.0281 4684 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:45:02.0375 4684 Raspti - ok
13:45:02.0390 4684 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:45:02.0484 4684 Rdbss - ok
13:45:02.0500 4684 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:45:02.0578 4684 RDPCDD - ok
13:45:02.0609 4684 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:45:02.0687 4684 rdpdr - ok
13:45:02.0734 4684 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:45:02.0843 4684 RDPWD - ok
13:45:02.0875 4684 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:45:02.0968 4684 RDSessMgr - ok
13:45:02.0984 4684 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:45:03.0062 4684 redbook - ok
13:45:03.0093 4684 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:45:03.0187 4684 RemoteAccess - ok
13:45:03.0218 4684 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:45:03.0296 4684 RemoteRegistry - ok
13:45:03.0343 4684 rpcapd (e51a8d02b4bd33eba1f7a5b76c3766ed) C:\Program Files\WinPcap\rpcapd.exe
13:45:03.0343 4684 rpcapd - ok
13:45:03.0375 4684 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:45:03.0468 4684 RpcLocator - ok
13:45:03.0500 4684 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:45:03.0531 4684 RpcSs - ok
13:45:03.0578 4684 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
13:45:03.0593 4684 RsFx0103 - ok
13:45:03.0625 4684 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:45:03.0718 4684 RSVP - ok
13:45:03.0718 4684 s217mgmt - ok
13:45:03.0734 4684 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:45:03.0812 4684 SamSs - ok
13:45:03.0859 4684 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\WINDOWS\system32\drivers\SBREDrv.sys
13:45:03.0890 4684 SBRE - ok
13:45:03.0921 4684 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:45:04.0031 4684 SCardSvr - ok
13:45:04.0062 4684 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:45:04.0187 4684 Schedule - ok
13:45:04.0218 4684 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:45:04.0296 4684 Secdrv - ok
13:45:04.0312 4684 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:45:04.0406 4684 seclogon - ok
13:45:04.0421 4684 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:45:04.0515 4684 SENS - ok
13:45:04.0531 4684 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:45:04.0609 4684 serenum - ok
13:45:04.0640 4684 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:45:04.0718 4684 Serial - ok
13:45:04.0765 4684 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:45:04.0843 4684 Sfloppy - ok
13:45:04.0875 4684 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:45:04.0968 4684 SharedAccess - ok
13:45:05.0000 4684 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:45:05.0015 4684 ShellHWDetection - ok
13:45:05.0015 4684 Shockprf - ok
13:45:05.0031 4684 SI3112 - ok
13:45:05.0031 4684 Simbad - ok
13:45:05.0031 4684 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:45:05.0109 4684 SLIP - ok
13:45:05.0125 4684 snareiis - ok
13:45:05.0125 4684 Sparrow - ok
13:45:05.0140 4684 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:45:05.0218 4684 splitter - ok
13:45:05.0234 4684 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:45:05.0281 4684 Spooler - ok
13:45:05.0359 4684 SQLAgent$SQLEXPRESS (a687b5b326afcfcf182c4931d1ff9771) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
13:45:05.0390 4684 SQLAgent$SQLEXPRESS - ok
13:45:05.0437 4684 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:45:05.0453 4684 SQLBrowser - ok
13:45:05.0484 4684 SQLWriter (637a0f23f9012358e92e6f99835494d1) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:45:05.0500 4684 SQLWriter - ok
13:45:05.0531 4684 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:45:05.0609 4684 sr - ok
13:45:05.0640 4684 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:45:05.0734 4684 srservice - ok
13:45:05.0765 4684 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:45:05.0796 4684 Srv - ok
13:45:05.0859 4684 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:45:05.0953 4684 SSDPSRV - ok
13:45:05.0984 4684 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:45:06.0093 4684 stisvc - ok
13:45:06.0109 4684 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:45:06.0187 4684 streamip - ok
13:45:06.0203 4684 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:45:06.0281 4684 swenum - ok
13:45:06.0312 4684 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:45:06.0390 4684 swmidi - ok
13:45:06.0406 4684 SwPrv - ok
13:45:06.0406 4684 symc810 - ok
13:45:06.0406 4684 symc8xx - ok
13:45:06.0421 4684 sym_hi - ok
13:45:06.0421 4684 sym_u3 - ok
13:45:06.0437 4684 synasusb (af9a16163545685856ffd8b17aaa5e0b) C:\WINDOWS\system32\Drivers\synasusb.sys
13:45:06.0453 4684 synasusb - ok
13:45:06.0468 4684 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:45:06.0546 4684 sysaudio - ok
13:45:06.0562 4684 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:45:06.0656 4684 SysmonLog - ok
13:45:06.0671 4684 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:45:06.0750 4684 TapiSrv - ok
13:45:06.0796 4684 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:45:06.0859 4684 Tcpip - ok
13:45:06.0890 4684 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:45:06.0984 4684 TDPIPE - ok
13:45:07.0000 4684 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:45:07.0093 4684 TDTCP - ok
13:45:07.0109 4684 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:45:07.0187 4684 TermDD - ok
13:45:07.0218 4684 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:45:07.0312 4684 TermService - ok
13:45:07.0343 4684 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:45:07.0359 4684 Themes - ok
13:45:07.0390 4684 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:45:07.0468 4684 TlntSvr - ok
13:45:07.0484 4684 TosIde - ok
13:45:07.0484 4684 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:45:07.0578 4684 TrkWks - ok
13:45:07.0609 4684 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:45:07.0703 4684 Udfs - ok
13:45:07.0703 4684 ultra - ok
13:45:07.0734 4684 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:45:07.0828 4684 Update - ok
13:45:07.0875 4684 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:45:07.0968 4684 upnphost - ok
13:45:07.0968 4684 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:45:08.0062 4684 UPS - ok
13:45:08.0093 4684 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:45:08.0187 4684 usbccgp - ok
13:45:08.0218 4684 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:45:08.0296 4684 usbehci - ok
13:45:08.0390 4684 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:45:08.0468 4684 usbhub - ok
13:45:08.0500 4684 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:45:08.0578 4684 usbohci - ok
13:45:08.0593 4684 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:45:08.0671 4684 usbprint - ok
13:45:08.0703 4684 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:45:08.0781 4684 usbscan - ok
13:45:08.0796 4684 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:45:08.0875 4684 USBSTOR - ok
13:45:08.0906 4684 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:45:08.0984 4684 VgaSave - ok
13:45:09.0000 4684 ViaIde - ok
13:45:09.0031 4684 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:45:09.0109 4684 VolSnap - ok
13:45:09.0125 4684 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:45:09.0218 4684 VSS - ok
13:45:09.0234 4684 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:45:09.0328 4684 W32Time - ok
13:45:09.0375 4684 W3SVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
13:45:09.0453 4684 W3SVC - ok
13:45:09.0468 4684 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:45:09.0546 4684 Wanarp - ok
13:45:09.0546 4684 WDICA - ok
13:45:09.0562 4684 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:45:09.0640 4684 wdmaud - ok
13:45:09.0656 4684 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:45:09.0734 4684 WebClient - ok
13:45:09.0781 4684 WebUpdate4 (a0f28966756f161290b7320bafd92cc8) C:\WINDOWS\system32\WebUpdateSvc4.exe
13:45:09.0812 4684 WebUpdate4 - ok
13:45:09.0875 4684 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:45:09.0953 4684 winmgmt - ok
13:45:09.0968 4684 wintab32 - ok
13:45:10.0000 4684 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:45:10.0046 4684 WmdmPmSN - ok
13:45:10.0093 4684 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:45:10.0140 4684 Wmi - ok
13:45:10.0156 4684 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:45:10.0234 4684 WmiAcpi - ok
13:45:10.0265 4684 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:45:10.0359 4684 WmiApSrv - ok
13:45:10.0437 4684 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:45:10.0484 4684 WMPNetworkSvc - ok
13:45:10.0640 4684 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:45:10.0687 4684 WPFFontCache_v0400 - ok
13:45:10.0750 4684 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:45:10.0843 4684 WS2IFSL - ok
13:45:10.0890 4684 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:45:10.0984 4684 wscsvc - ok
13:45:11.0031 4684 WSearch - ok
13:45:11.0078 4684 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:45:11.0156 4684 WSTCODEC - ok
13:45:11.0171 4684 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:45:11.0265 4684 wuauserv - ok
13:45:11.0281 4684 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:45:11.0296 4684 WudfPf - ok
13:45:11.0328 4684 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:45:11.0359 4684 WudfRd - ok
13:45:11.0375 4684 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:45:11.0406 4684 WudfSvc - ok
13:45:11.0421 4684 wuhcgal - ok
13:45:11.0453 4684 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:45:11.0546 4684 WZCSVC - ok
13:45:11.0578 4684 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:45:11.0671 4684 xmlprov - ok
13:45:11.0703 4684 MBR (0x1B8) (1953fad32fd5676de5ada9e54b2d0e97) \Device\Harddisk0\DR0
13:45:12.0046 4684 \Device\Harddisk0\DR0 - ok
13:45:12.0062 4684 Boot (0x1200) (8cafc35f6f3bbb5e1ed202a86027538f) \Device\Harddisk0\DR0\Partition0
13:45:12.0078 4684 \Device\Harddisk0\DR0\Partition0 - ok
13:45:12.0093 4684 Boot (0x1200) (def58dc6be3572b78df2b7ca7ca527ba) \Device\Harddisk0\DR0\Partition1
13:45:12.0093 4684 \Device\Harddisk0\DR0\Partition1 - ok
13:45:12.0093 4684 ============================================================
13:45:12.0093 4684 Scan finished
13:45:12.0093 4684 ============================================================
13:45:12.0203 2184 Detected object count: 0
13:45:12.0203 2184 Actual detected object count: 0
13:54:06.0625 1148 Deinitialize success


aswMBR log - scan of C: rather than Quick

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-15 13:53:10
-----------------------------
13:53:10.125 OS Version: Windows 5.1.2600 Service Pack 3
13:53:10.125 Number of processors: 4 586 0xF0B
13:53:10.125 ComputerName: NELAMI-PC UserName: Nello
13:53:13.359 Initialize success
13:55:49.671 AVAST engine defs: 12051500
13:56:03.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
13:56:03.531 Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3
13:56:03.546 Disk 0 MBR read successfully
13:56:03.546 Disk 0 MBR scan
13:56:03.578 Disk 0 unknown MBR code
13:56:03.578 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9993 MB offset 63
13:56:03.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300374 MB offset 20467712
13:56:03.625 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 300111 MB offset 635633664
13:56:03.640 Disk 0 scanning sectors +1250260992
13:56:03.734 Disk 0 scanning C:\WINDOWS\system32\drivers
13:56:15.484 Service scanning
13:56:35.359 Modules scanning
13:57:05.546 Disk 0 trace - called modules:
13:57:05.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:57:05.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b292ab8]
13:57:05.562 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8b27e950]
13:57:05.562 5 PCTCore.sys[b9e5182d] -> nt!IofCallDriver -> \Device\0000009a[0x8b2fbf18]
13:57:05.562 7 ACPI.sys[b9f20620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8b266d98]
13:57:06.281 AVAST engine scan C:\WINDOWS
13:57:30.375 AVAST engine scan C:\WINDOWS\system32
14:01:11.671 AVAST engine scan C:\WINDOWS\system32\drivers
14:01:31.703 AVAST engine scan C:\Documents and Settings\Nello
14:09:06.359 AVAST engine scan C:\Documents and Settings\All Users
14:14:20.218 Scan finished successfully
14:40:55.937 Verifying
14:41:05.953 Disk 0 Windows 501 MBR fixed successfully
14:41:56.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nello\Desktop\MBR.dat"
14:41:56.093 The log file has been saved successfully to "C:\Documents and Settings\Nello\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-17 08:11:42
-----------------------------
08:11:42.343 OS Version: Windows 5.1.2600 Service Pack 3
08:11:42.343 Number of processors: 4 586 0xF0B
08:11:42.343 ComputerName: NELAMI-PC UserName: Nello
08:12:06.250 Initialize success
08:17:54.765 AVAST engine defs: 12051601
08:19:07.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
08:19:07.296 Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3
08:19:07.312 Disk 0 MBR read successfully
08:19:07.312 Disk 0 MBR scan
08:19:07.484 Disk 0 Windows XP default MBR code
08:19:07.500 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9993 MB offset 63
08:19:07.515 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300374 MB offset 20467712
08:19:07.546 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 300111 MB offset 635633664
08:19:07.562 Disk 0 scanning sectors +1250260992
08:19:07.609 Disk 0 scanning C:\WINDOWS\system32\drivers
08:19:33.953 Service scanning
08:19:54.406 Service MpKsl321af56a C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B7AA01E9-B92F-41AD-9929-7C9CD73B2058}\MpKsl321af56a.sys **LOCKED** 32
08:20:20.078 Modules scanning
08:20:24.968 Disk 0 trace - called modules:
08:20:24.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:20:24.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0b5030]
08:20:24.984 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> [0x8b07d020]
08:20:25.000 5 PCTCore.sys[b7e5182d] -> nt!IofCallDriver -> \Device\0000009c[0x8b0d36f8]
08:20:25.000 7 ACPI.sys[b7f20620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8b0952f8]
08:20:25.765 AVAST engine scan C:\
14:12:43.812 Scan finished successfully
14:49:24.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nello\Desktop\MBR.dat"
14:49:24.468 The log file has been saved successfully to "C:\Documents and Settings\Nello\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-21 13:55:52
-----------------------------
13:55:52.937 OS Version: Windows 5.1.2600 Service Pack 3
13:55:52.937 Number of processors: 4 586 0xF0B
13:55:52.937 ComputerName: NELAMI-PC UserName: Nello
13:55:53.671 Initialize success
13:58:14.921 AVAST engine defs: 12052100
13:59:05.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
13:59:05.625 Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3
13:59:05.640 Disk 0 MBR read successfully
13:59:05.640 Disk 0 MBR scan
13:59:05.687 Disk 0 Windows XP default MBR code
13:59:05.687 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9993 MB offset 63
13:59:05.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300374 MB offset 20467712
13:59:05.718 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 300111 MB offset 635633664
13:59:05.734 Disk 0 scanning sectors +1250260992
13:59:05.781 Disk 0 scanning C:\WINDOWS\system32\drivers
13:59:18.875 Service scanning
13:59:24.734 Service MpKsl1bd62470 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4377CFB5-66EE-4CC5-810A-8515B7589283}\MpKsl1bd62470.sys **LOCKED** 32
13:59:35.359 Modules scanning
13:59:39.015 Disk 0 trace - called modules:
13:59:39.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:59:39.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b267ab8]
13:59:39.046 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000092[0x8b21ff18]
13:59:39.062 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8b2b0940]
13:59:39.937 AVAST engine scan C:\
17:26:05.234 Scan finished successfully
17:26:19.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nello\Desktop\MBR.dat"
17:26:19.671 The log file has been saved successfully to "C:\Documents and Settings\Nello\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 21 May 2012 - 06:28 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\AskBarDis

Driver::
wuhcgal

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 nelami

nelami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 22 May 2012 - 02:14 AM

Hi Gringo

The ComboFix log is below. While running it generated an error warning at about Stage 6 (I think) statting thet PEV could not read a memory location (didn't make a note of the address). Pressed Cancel rather than Debug to continue. Otherwise no problems.

I have not had a chance to check out the PC yet - will do that later although it does seem faster after removing the extra virus scanners. I do need to re-install some new drivers for various bits of hardware (DVD drive, scanner & Sound card).

ComboFix 12-05-22.01 - Nello 22/05/2012 7:45.7.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.1920 [GMT 1:00]
Running from: c:\documents and settings\Nello\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nello\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wuhcgal
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-21 18:35 . 2012-05-21 18:35 -------- d-----w- c:\documents and settings\Nello\Application Data\ElevatedDiagnostics
2012-05-21 11:44 . 2012-05-08 08:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4377CFB5-66EE-4CC5-810A-8515B7589283}\mpengine.dll
2012-05-20 06:03 . 2012-05-08 08:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-16 15:51 . 2012-05-16 15:52 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-16 15:25 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-16 15:23 . 2012-05-16 15:23 -------- d-----w- c:\program files\iPod
2012-05-16 15:22 . 2012-05-16 15:24 -------- d-----w- c:\program files\iTunes
2012-05-15 16:30 . 2012-05-21 09:51 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-05-15 10:50 . 2012-05-15 10:50 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-05-15 10:50 . 2012-05-15 10:50 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-05-15 10:50 . 2012-05-15 10:50 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-05-15 10:50 . 2012-05-15 10:50 -------- d-----w- c:\program files\NVIDIA Corporation
2012-05-14 19:27 . 2012-05-14 19:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\TestApp
2012-05-12 13:30 . 2012-05-12 13:30 -------- d-----w- c:\program files\HitmanPro
2012-05-12 13:30 . 2012-05-12 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-05-09 13:49 . 2012-05-09 15:41 -------- d-----w- C:\sh4ldr
2012-05-09 13:49 . 2012-05-09 13:49 -------- d-----w- c:\program files\Enigma Software Group
2012-05-09 13:49 . 2012-05-09 15:41 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-05-09 13:49 . 2012-05-09 13:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-05-09 12:59 . 2012-05-09 15:04 -------- d-----w- c:\program files\stinger
2012-05-09 12:41 . 2012-05-09 12:41 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-05-08 19:21 . 2012-05-13 14:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-08 18:26 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-05-08 18:26 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-08 17:30 . 2012-05-08 18:19 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-05-08 12:47 . 2012-05-08 12:47 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2012-05-08 12:47 . 2012-05-08 12:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
2012-05-08 12:47 . 2012-05-08 12:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Trusteer
2012-05-08 06:08 . 2012-05-09 12:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2012-05-08 06:08 . 2012-05-08 06:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2012-05-06 18:15 . 2012-05-06 18:15 -------- d-----w- c:\documents and settings\Nello\Local Settings\Application Data\{6D3D7139-97A7-11E1-826E-B8AC6F996F26}
2012-05-06 18:05 . 2012-05-07 06:14 -------- d-----w- c:\program files\Common Files\FTP
2012-04-29 17:38 . 2012-03-20 12:06 29272 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2012-04-27 18:00 . 2012-04-27 18:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-27 18:00 . 2012-04-27 18:00 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 18:00 . 2012-04-27 18:00 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 14:46 . 2011-08-16 18:24 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-05-12 10:12 . 2009-06-22 18:31 848 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2012-05-09 12:59 . 2011-08-23 19:01 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-05-09 12:59 . 2011-08-23 19:12 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-05-09 12:59 . 2011-03-13 10:20 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-05-06 07:52 . 2012-04-10 07:35 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 07:52 . 2011-06-26 17:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-17 00:23 . 2012-04-17 00:23 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-04-11 13:14 . 2007-02-28 09:55 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2007-03-08 13:47 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2007-02-28 08:15 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 14:56 . 2011-07-04 19:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 19:44 . 2012-03-20 19:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01 . 2007-04-18 12:46 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 05:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 05:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 05:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-22 12:29 . 2011-08-23 19:12 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 12:29 . 2011-08-23 19:12 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-02-22 12:29 . 2011-08-23 19:12 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-02-22 12:29 . 2011-08-23 19:12 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 12:29 . 2011-08-23 19:12 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 12:29 . 2011-08-23 19:12 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 12:29 . 2011-08-23 19:12 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 12:29 . 2011-03-13 10:20 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-04-27 18:00 . 2011-04-29 18:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-21_10.54.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-22 06:57 . 2012-05-22 06:57 16384 c:\windows\temp\Perflib_Perfdata_b60.dat
+ 2012-05-22 06:56 . 2012-05-22 06:56 16384 c:\windows\temp\Perflib_Perfdata_670.dat
+ 2012-05-21 18:31 . 2007-11-01 04:48 20992 c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
+ 2010-05-06 14:09 . 2012-05-21 17:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-06 14:09 . 2012-05-20 18:08 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-10 00:49 . 2012-05-20 18:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-10 00:49 . 2012-05-21 17:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-05-21 11:30 . 2012-05-21 17:00 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2012-05-13 18:30 . 2012-05-20 18:08 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-05-21 18:32 . 2012-05-21 18:32 65536 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2012-05-21 18:32 . 2012-05-21 18:32 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2012-05-21 18:32 . 2012-05-21 18:32 32768 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2012-05-21 18:32 . 2012-05-21 18:32 11264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
+ 2012-05-21 18:31 . 2007-06-30 18:49 4608 c:\windows\system32\windowspowershell\v1.0\pwrshmsg.dll
+ 2012-05-21 18:32 . 2012-05-21 18:32 8704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
+ 2012-05-21 18:31 . 2007-10-30 09:15 330240 c:\windows\system32\windowspowershell\v1.0\powershell.exe
+ 2011-07-09 17:18 . 2012-05-22 07:01 213205 c:\windows\system32\inetsrv\MetaBase.bin
+ 2012-05-21 18:32 . 2012-05-21 18:32 163840 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
+ 2012-05-21 18:32 . 2012-05-21 18:32 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2012-05-21 18:32 . 2012-05-21 18:32 294912 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2012-05-21 18:32 . 2012-05-21 18:32 139264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2012-05-21 18:32 . 2012-05-21 18:32 1564672 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"vsc32cnf.exe"="c:\program files\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"vscvol.exe"="c:\program files\Roland\VSC32\vscvol.exe" [2000-02-08 36864]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CTHelper"="CTHELPER.EXE" [2008-03-20 23040]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-03-20 23552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-02-20 81920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Nello\Start Menu\Programs\Startup\
CandyClock.lnk - c:\program files\Candy Clock\CandyClock.exe [2009-1-11 646144]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI2"=vscapi.dll
"WAVE2"=vscapi.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [17/04/2012 01:23 56208]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [23/08/2011 20:12 89792]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 20:57 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [17/04/2012 01:23 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [17/04/2012 01:23 164112]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [17/04/2012 19:18 101112]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [16/05/2008 12:31 759072]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [22/08/2010 19:22 29416]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [04/07/2011 20:35 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23/08/2011 20:12 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [23/08/2011 20:12 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [23/08/2011 20:12 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [23/08/2011 20:01 159608]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 21:22 34064]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/04/2012 01:23 931640]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [08/01/2009 10:34 262360]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [20/03/2008 18:23 98328]
R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.sys [20/03/2008 18:38 134168]
R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.sys [20/03/2008 18:37 309784]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/07/2011 20:35 22344]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [23/08/2011 20:12 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [23/08/2011 20:12 83856]
R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [15/04/2009 19:17 434176]
S1 MemAlloc;MemAlloc;c:\windows\system32\DRIVERS\memalloc.sys --> c:\windows\system32\DRIVERS\memalloc.sys [?]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/09/2009 19:56 133104]
S2 MOBCleanup;MOBCleanup; [x]
S2 PIEUsb;Single Frame Film Scanner;c:\windows\system32\drivers\usbscan.sys [11/01/2009 17:40 15104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10/04/2012 08:35 257696]
S3 BTUsbrXP®;BT Voyager 1010 USB Adapter;c:\windows\system32\DRIVERS\btusbrxp.sys --> c:\windows\system32\DRIVERS\btusbrxp.sys [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [23/08/2011 20:12 57600]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [20/03/2008 18:23 98328]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [20/03/2008 18:36 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [20/03/2008 18:36 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [20/03/2008 18:23 528920]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [20/03/2008 18:23 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.sys [20/03/2008 18:26 163352]
S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.sys [20/03/2008 18:26 163352]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.sys [20/03/2008 18:32 259096]
S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.sys [20/03/2008 18:32 259096]
S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.sys [20/03/2008 18:38 134168]
S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.sys [20/03/2008 18:37 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [20/03/2008 18:36 99352]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [20/03/2008 18:36 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [20/03/2008 18:40 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [20/03/2008 18:40 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [20/03/2008 18:37 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [20/03/2008 18:37 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [20/03/2008 18:25 534040]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [20/03/2008 18:25 534040]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [01/09/2009 19:56 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [23/08/2011 20:12 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [23/08/2011 20:12 87656]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27/04/2012 19:00 129976]
S3 synasusb;eLicenser;c:\windows\system32\drivers\synasusb.sys [07/12/2010 20:04 23696]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23/07/2009 04:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30/03/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 03:23 366936]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
NETSVCS REQUIRES REPAIRS - current entries shown
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 07:52]
.
2012-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 12:34]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 18:56]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 18:56]
.
2012-05-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.bt.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://home.bt.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nello\Application Data\Mozilla\Firefox\Profiles\ma1dj36v.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://home.bt.yahoo.com/

.
- - - - ORPHANS REMOVED - - - -
.
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-22 07:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2E29FD1C-8E93-4d17-8893-DD18E3D36851}\Version*Version]
"Version"=hex:12,c4,aa,27,33,fe,bf,c4,45,1d,cc,ce,76,e3,85,09,67,99,da,d6,cc,
ef,d7,f9,d2,4d,0c,7e,e4,f2,09,4b,d1,db,47,45,fc,5e,b6,9d,f3,32,dd,44,96,21,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\discWelder BRONZE\Version*Version]
"Version"=hex:12,c4,aa,27,33,fe,bf,c4,45,1d,cc,ce,76,e3,85,09,67,99,da,d6,cc,
ef,d7,f9,d2,4d,0c,7e,e4,f2,09,4b,d1,db,47,45,fc,5e,b6,9d,f3,32,dd,44,96,21,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5616)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ctagent.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\xampp\mysql\bin\mysqld.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\CTHELPER.EXE
c:\program files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-05-22 08:04:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-22 07:03
ComboFix2.txt 2012-05-21 10:56
ComboFix3.txt 2012-05-08 19:40
ComboFix4.txt 2012-05-08 19:18
ComboFix5.txt 2012-05-22 06:43
.
Pre-Run: 255,305,187,328 bytes free
Post-Run: 255,453,151,232 bytes free
.
- - End Of File - - 79F6C7922A31DB0CFBAADA0EFFEB800E

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 22 May 2012 - 03:31 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 nelami

nelami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 22 May 2012 - 04:41 AM

Hi Gringo

Here is the listing you resquested

2007 Microsoft Office system
ABBYY FineReader 9.0 Professional Edition
Acer eProtection
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Premiere 6.0
Adobe Reader 8.3.1
Adobe Shockwave Player 11.5
Advanced RealMedia Export Plug-in for Premiere 6.0
Agelong Tree 4
AIFHS Transcriptions Wizard
Amaya
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Autostar Suite
Batch PDF Merger
Bonjour
Business Contact Manager for Outlook 2007 SP2
Candy Clock
Canon CanoScan Toolbox 4.6
Canon iP4600 series Printer Driver
Canon iP4600 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CD-LabelPrint
Cleaner 5 EZ
Cool Edit 2000
Corel MediaOne
Corel Paint Shop Pro Photo X2
Corel Painter Photo Essentials 4
Critical Update for Windows Media Player 11 (KB959772)
CyberView X - SF v1.30 (build 20110526)
DebugBar v5.4.1 for Internet Explorer (remove only)
DECAdry Express Christmas
DECAdry Express Labels 3.0
DECAdry Font Manager
Digital Audio System
discWelder BRONZE
DrayTek Router Tools V4.2.0
DreamStation DXi2
E-muPatchMix DSP
eLicenser Control
eSobi v2
ESPR340 User's Guide
Eusing Free Registry Cleaner
ExamDiff 1.7
Family Tree Maker
FileZilla Client 3.5.3
Foxit Creator
Foxit PDF Editor
Foxit Reader
Foxit Toolbar
GEDC Setup
Google Earth Plug-in
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IETester v0.4.10 (remove only)
ImTOO DVD Ripper Platinum 5
InfoRapid Search & Replace
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java Auto Updater
Java™ 6 Update 20
Karen's Directory Printer
LightScribe 1.4.142.1
Lizardtech DjVu Control
Malwarebytes Anti-Malware version 1.61.0.1400
Manual CanoScan 4200F
McAfee Internet Security
McAfee Virtual Technician
Meade LPI
Membership Database Client
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft ActiveSync 3.8
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Help Viewer 1.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 6.0 Professional Edition
Microsoft Visual Web Developer 2010 Express - ENU
Microsoft Web Platform Installer 2.0
Microsoft Web Publishing Wizard 1.53
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSDN Library - Visual Studio 6.0a
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
MySQL Workbench 5.2 CE
Nerocode MySQL Client (remove only)
Neuratron PhotoScore Lite
Notepad++
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Drivers
OCA Client history tool install
OGA Notifier 2.0.0048.0
OmniPage SE 2.0
Paint Shop Pro 7 Anniversary Edition
PDF Version Converter 2.01
Pdf995
PHOTORECOVERY LE
PIF DESIGNER
Pinnacle Hollywood FX 4.6
Pinnacle Instant DVD Recorder
Pinnacle Studio 12
Pinnacle Video Driver
PowerDVD
Proteus X LE
PSPad editor
QSE Level II 2009
QuickTime
Rapport
Realtek High Definition Audio Driver
Registry Mechanic 8.0
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
Security Update for Microsoft Visual Web Developer 2010 Express - ENU (KB2251489)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Service Pack 1 for SQL Server 2008 (KB968369)
Shockwave
Sitemap Generator 1.0
Software Update Wizard (Redist) 4.5
Sql Server Customer Experience Improvement Program
Steinberg Cubase Essential 5
Steinberg HALionOne
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
SureThing Express Labeler
Tomb Raider: Anniversary 1.0
TreeDraw
Ulead COOL 3D 3.5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Virtual Sound Canvas 3.2
Virtual Sound Canvas DXi
Virtual Sound Canvas VST
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Web Deployment Tool
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Driver Package - PIE Image 10/22/2002 1.1.1
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Search 4.0
Windows XP Service Pack 3
WinPcap 4.0.2
Wireshark 1.0.6
Xenu's Link Sleuth
Yahoo! Toolbar

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 22 May 2012 - 07:45 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8.3.1
Foxit Toolbar
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java™ 6 Update 20
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 nelami

nelami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 22 May 2012 - 09:12 AM

Hi Gringo,
I have removed all but Foxit Toolbar as it was not shown.
MBAM did not offer the Show Results option so could not remove anything.

I have not yet had a chance to check out the PC but so far there does not seem to be any problems.

Logs are below.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.22.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Nello :: NELAMI-PC [administrator]

Protection: Disabled

22/05/2012 14:29:49
mbam-log-2012-05-22 (14-29-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232659
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:04:09, on 22/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Roland\VSC32\vscvol.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Candy Clock\CandyClock.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120429183829.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Program Files\Roland\VSC32\vsc32cnf.exe
O4 - HKLM\..\Run: [vscvol.exe] C:\Program Files\Roland\VSC32\vscvol.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CandyClock.lnk = C:\Program Files\Candy Clock\CandyClock.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Raidmagt (bthidenum) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - (no file)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: MySQL - MySQL AB - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trufos (sprtsvc_dellsupportcenter) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe

--
End of file - 12923 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 22 May 2012 - 01:42 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
      O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
      O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Program Files\Roland\VSC32\vsc32cnf.exe
      O4 - HKLM\..\Run: [vscvol.exe] C:\Program Files\Roland\VSC32\vscvol.exe
      O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - Startup: CandyClock.lnk = C:\Program Files\Candy Clock\CandyClock.exe
      O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 nelami

nelami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 23 May 2012 - 05:10 AM

Hi Gringo.

Ran HJT as requested and had no problems
Ran ESET and log is below.

The only oddity that I have found ids that Firefox has a banner stating "This website, or elements thereof, are on the BlockSite blacklist etc" for this site but not for other sites that I have tried. Anything to worry about?

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b3ccd35b58c5684faef32f1253f5b2c5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-22 08:49:25
# local_time=2012-05-22 09:49:25 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 100476812 100476812 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777189 100 75 1146038 38201110 0 0
# compatibility_mode=5891 16776869 42 92 8667 5444196 0 0
# compatibility_mode=8192 67108863 100 0 236 236 0 0
# scanned=180151
# found=0
# cleaned=0
# scan_time=6517
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b3ccd35b58c5684faef32f1253f5b2c5
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-23 07:11:04
# local_time=2012-05-23 08:11:04 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 100518232 100518232 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777173 100 75 1187458 38242530 0 0
# compatibility_mode=5891 16776533 42 93 1862 5485616 0 0
# compatibility_mode=8192 67108863 100 0 41656 41656 0 0
# scanned=76638
# found=0
# cleaned=0
# scan_time=2396
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b3ccd35b58c5684faef32f1253f5b2c5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-23 08:54:23
# local_time=2012-05-23 09:54:23 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 100520682 100520682 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777189 100 75 1189908 38244980 0 0
# compatibility_mode=5891 16776869 42 93 4312 5488066 0 0
# compatibility_mode=8192 67108863 100 0 44106 44106 0 0
# scanned=180480
# found=0
# cleaned=0
# scan_time=6145

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 23 May 2012 - 07:38 AM

Greetings

"This website, or elements thereof, are on the BlockSite blacklist etc


This is an add/on for firefox that can be removed by going to tools --> addons and removing BlockSite




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 nelami

nelami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 23 May 2012 - 08:41 AM

Many thanks Gringo. Glad to have my PC back in working order. I very much appreciate the time and effort you have spent on me. I know where to come if I have further problems.
I have tried to uninstall McAfee with their MCPR tool to replace it with the ESET scanner I use on my laptop. Something stops the installation and had to re-install McAfee. I'll persevere as I suspect that I would have the same problem if I try to replace it with something else.
Regards
Nello




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users