Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
23 replies to this topic

#1 AshleyEmDee

AshleyEmDee

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 26 May 2012 - 04:07 PM

Hi, I've been having problems with my PC for the past couple of months.

It's been running really slow and every time whenever I type a website or search something through google, I get redirected to a totally irrelevant page.

My computer runs on Windows XP if that makes any difference.

This is the log from a recent run on Malware Bytes. There were 9 infected items that I was able to remove.


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.10.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Owner :: SAT [administrator]

5/26/2012 4:42:46 PM
mbam-log-2012-05-26 (16-42-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186474
Time elapsed: 10 minute(s), 34 second(s)

Memory Processes Detected: 1
C:\Program Files\LP\88C6\676.exe (Backdoor.CycBot) -> 3752 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Documents and Settings\Owner\Application Data\6C5EC\0FE88.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:52970 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|676.exe (Backdoor.CycBot) -> Data: C:\Program Files\LP\88C6\676.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Owner\My Documents\Downloads\oi_msgr11us.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\0479121.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\5728.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\LP\88C6\676.exe (Backdoor.CycBot) -> Delete on reboot.

(end)



I'm not completely sure if I still have the virus as my computer seems to be running faster, but I'd appreciate any confirmation on this or any help on what my next steps should be.


Thanks so much for your time!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 AM

Posted 26 May 2012 - 05:53 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 AM

Posted 28 May 2012 - 11:15 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 AM

Posted 01 June 2012 - 12:21 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 AM

Posted 03 July 2012 - 12:14 AM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 AM

Posted 05 July 2012 - 11:20 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 AshleyEmDee

AshleyEmDee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 08 July 2012 - 10:18 AM

SECURITY CHECK:


Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Security Scan Plus
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.60.1.1000
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader X (10.1.0)
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````




DDS

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Security Scan Plus
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.60.1.1000
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader X (10.1.0)
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````




ATTACH

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/27/2010 6:45:10 PM
System Uptime: 6/26/2012 1:44:18 PM (55 hours ago)
.
Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 63 GiB total, 38.746 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 10.965 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_01D51028&REV_02\3&172E68DD&0&EF
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_01D51028&REV_02\3&172E68DD&0&EF
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: D-Link DFE-530TX+ PCI Fast Ethernet Adapter (rev.F)
Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_14061186&REV_86\4&1C660DD6&0&00F0
Manufacturer: D-Link
Name: D-Link DFE-530TX+ PCI Fast Ethernet Adapter (rev.F)
PNP Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_14061186&REV_86\4&1C660DD6&0&00F0
Service: FETNDISB
.
==== System Restore Points ===================
.
RP461: 3/30/2012 11:07:24 PM - System Checkpoint
RP462: 3/31/2012 4:42:14 PM - Removed Google Talk Plugin
RP463: 4/2/2012 6:56:28 PM - System Checkpoint
RP464: 4/3/2012 10:45:33 PM - Removed Google Talk Plugin
RP465: 4/4/2012 11:28:31 PM - System Checkpoint
RP466: 4/6/2012 12:27:09 PM - System Checkpoint
RP467: 4/7/2012 1:26:27 PM - System Checkpoint
RP468: 4/8/2012 2:20:44 PM - System Checkpoint
RP469: 4/9/2012 11:40:33 PM - System Checkpoint
RP470: 4/11/2012 12:03:42 AM - System Checkpoint
RP471: 4/12/2012 12:53:53 AM - System Checkpoint
RP472: 4/12/2012 3:00:21 AM - Software Distribution Service 3.0
RP473: 4/13/2012 3:49:40 AM - System Checkpoint
RP474: 4/14/2012 6:19:14 PM - System Checkpoint
RP475: 4/15/2012 6:33:08 PM - System Checkpoint
RP476: 4/16/2012 9:14:44 PM - System Checkpoint
RP477: 4/17/2012 9:41:17 PM - System Checkpoint
RP478: 4/18/2012 9:46:34 PM - System Checkpoint
RP479: 4/19/2012 10:40:51 PM - System Checkpoint
RP480: 4/20/2012 11:35:08 PM - System Checkpoint
RP481: 4/21/2012 11:55:27 PM - System Checkpoint
RP482: 4/23/2012 8:13:05 PM - System Checkpoint
RP483: 4/24/2012 8:55:22 PM - System Checkpoint
RP484: 4/25/2012 9:56:05 PM - System Checkpoint
RP485: 4/26/2012 10:31:34 PM - System Checkpoint
RP486: 4/27/2012 11:44:44 PM - System Checkpoint
RP487: 4/29/2012 12:27:06 AM - System Checkpoint
RP488: 4/30/2012 5:39:10 PM - System Checkpoint
RP489: 5/1/2012 7:12:04 PM - System Checkpoint
RP490: 5/2/2012 7:45:11 PM - System Checkpoint
RP491: 5/3/2012 8:42:57 PM - System Checkpoint
RP492: 5/5/2012 12:46:11 AM - System Checkpoint
RP493: 5/6/2012 12:53:48 AM - System Checkpoint
RP494: 5/7/2012 3:45:38 PM - Removed Google Talk Plugin
RP495: 5/8/2012 5:30:01 PM - Software Distribution Service 3.0
RP496: 5/9/2012 6:03:43 PM - System Checkpoint
RP497: 5/10/2012 11:04:30 PM - System Checkpoint
RP498: 5/12/2012 12:34:44 AM - System Checkpoint
RP499: 5/13/2012 12:34:52 AM - System Checkpoint
RP500: 5/14/2012 1:34:53 AM - System Checkpoint
RP501: 5/15/2012 2:32:42 AM - System Checkpoint
RP502: 5/16/2012 9:58:47 PM - System Checkpoint
RP503: 5/17/2012 4:00:40 PM - Software Distribution Service 3.0
RP504: 5/18/2012 1:44:29 PM - Removed Google Talk Plugin
RP505: 5/19/2012 2:38:50 PM - System Checkpoint
RP506: 5/20/2012 3:32:45 PM - System Checkpoint
RP507: 5/21/2012 4:36:02 PM - System Checkpoint
RP508: 5/22/2012 5:24:46 PM - System Checkpoint
RP509: 5/23/2012 8:03:14 PM - System Checkpoint
RP510: 5/24/2012 10:29:38 PM - System Checkpoint
RP511: 5/25/2012 10:57:40 PM - System Checkpoint
RP512: 5/27/2012 12:12:02 AM - System Checkpoint
RP513: 5/28/2012 1:47:47 AM - System Checkpoint
RP514: 5/29/2012 1:51:22 AM - System Checkpoint
RP515: 5/30/2012 5:40:54 PM - System Checkpoint
RP516: 5/31/2012 5:59:36 PM - System Checkpoint
RP517: 6/2/2012 10:51:37 AM - System Checkpoint
RP518: 6/3/2012 11:34:08 AM - System Checkpoint
RP519: 6/4/2012 12:06:08 PM - System Checkpoint
RP520: 6/5/2012 3:04:00 PM - System Checkpoint
RP521: 6/6/2012 5:45:52 PM - System Checkpoint
RP522: 6/7/2012 9:36:39 PM - System Checkpoint
RP523: 6/8/2012 11:36:26 PM - System Checkpoint
RP524: 6/9/2012 11:46:39 PM - System Checkpoint
RP525: 6/11/2012 4:27:11 PM - System Checkpoint
RP526: 6/12/2012 10:23:42 PM - System Checkpoint
RP527: 6/14/2012 5:29:57 PM - System Checkpoint
RP528: 6/15/2012 7:05:35 PM - System Checkpoint
RP529: 6/16/2012 7:22:08 PM - System Checkpoint
RP530: 6/17/2012 8:18:38 PM - System Checkpoint
RP531: 6/18/2012 9:11:25 PM - System Checkpoint
RP532: 6/19/2012 10:09:35 PM - System Checkpoint
RP533: 6/20/2012 9:44:34 AM - Removed Google Talk Plugin
RP534: 6/22/2012 10:44:29 AM - Removed Google Talk Plugin
RP535: 6/23/2012 10:46:06 AM - System Checkpoint
RP536: 6/24/2012 10:53:31 AM - System Checkpoint
RP537: 6/24/2012 3:44:53 PM - Removed Google Talk Plugin
RP538: 6/25/2012 4:41:32 PM - System Checkpoint
RP539: 6/26/2012 5:12:05 PM - System Checkpoint
RP540: 6/27/2012 5:12:47 PM - System Checkpoint
RP541: 6/28/2012 5:49:39 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.6
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Compatibility Pack for the 2007 Office system
D-Link DFE-530TX+
D-Link PCI Fast Ethernet Adapter
Dell ResourceCD
Disney Toontown Online
Download Updater (AOL LLC)
Facebook Video Calling 1.2.0.159
Google Chrome
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
iTunes
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Monopoly City (remove only)
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 6 Service Pack 2 (KB973686)
ooVoo
Plants vs. Zombies
QuickTime
Safari
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Skype™ 5.5
SoundMAX
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vz In Home Agent
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows XP Service Pack 2
Xvid Video Codec
.
==== End Of File ===========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 AM

Posted 08 July 2012 - 03:05 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 AshleyEmDee

AshleyEmDee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 09 July 2012 - 12:04 PM

ComboFix 12-07-05.04 - Owner 07/08/2012 23:50:07.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.674 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\1234567.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\LP
c:\program files\LP\88C6\10.tmp
c:\program files\LP\88C6\11.tmp
c:\program files\LP\88C6\110A.tmp
c:\program files\LP\88C6\11D.tmp
c:\program files\LP\88C6\12.exe
c:\program files\LP\88C6\12.tmp
c:\program files\LP\88C6\128.tmp
c:\program files\LP\88C6\13.tmp
c:\program files\LP\88C6\14.tmp
c:\program files\LP\88C6\145.tmp
c:\program files\LP\88C6\147.tmp
c:\program files\LP\88C6\149.tmp
c:\program files\LP\88C6\15.exe
c:\program files\LP\88C6\15.tmp
c:\program files\LP\88C6\15A.tmp
c:\program files\LP\88C6\16.tmp
c:\program files\LP\88C6\17.tmp
c:\program files\LP\88C6\18.tmp
c:\program files\LP\88C6\18D.tmp
c:\program files\LP\88C6\19.tmp
c:\program files\LP\88C6\195.tmp
c:\program files\LP\88C6\1A.tmp
c:\program files\LP\88C6\1A7.tmp
c:\program files\LP\88C6\1B.tmp
c:\program files\LP\88C6\1B3.tmp
c:\program files\LP\88C6\1C.tmp
c:\program files\LP\88C6\1C9.tmp
c:\program files\LP\88C6\1D.tmp
c:\program files\LP\88C6\1DE.tmp
c:\program files\LP\88C6\1E.tmp
c:\program files\LP\88C6\1EC.tmp
c:\program files\LP\88C6\1ED.tmp
c:\program files\LP\88C6\1EE.tmp
c:\program files\LP\88C6\1EF.tmp
c:\program files\LP\88C6\1F.tmp
c:\program files\LP\88C6\1F0.tmp
c:\program files\LP\88C6\20.tmp
c:\program files\LP\88C6\21.tmp
c:\program files\LP\88C6\22.tmp
c:\program files\LP\88C6\23.tmp
c:\program files\LP\88C6\24.tmp
c:\program files\LP\88C6\25.exe
c:\program files\LP\88C6\25.tmp
c:\program files\LP\88C6\250.tmp
c:\program files\LP\88C6\253.tmp
c:\program files\LP\88C6\258.tmp
c:\program files\LP\88C6\26.tmp
c:\program files\LP\88C6\264.tmp
c:\program files\LP\88C6\27.tmp
c:\program files\LP\88C6\279.tmp
c:\program files\LP\88C6\28.tmp
c:\program files\LP\88C6\29.tmp
c:\program files\LP\88C6\2A.tmp
c:\program files\LP\88C6\2B6.tmp
c:\program files\LP\88C6\2B9.tmp
c:\program files\LP\88C6\2D.tmp
c:\program files\LP\88C6\2F.tmp
c:\program files\LP\88C6\30.tmp
c:\program files\LP\88C6\30B.tmp
c:\program files\LP\88C6\30E.tmp
c:\program files\LP\88C6\31.tmp
c:\program files\LP\88C6\32.tmp
c:\program files\LP\88C6\33.tmp
c:\program files\LP\88C6\331.tmp
c:\program files\LP\88C6\33A.tmp
c:\program files\LP\88C6\33D.tmp
c:\program files\LP\88C6\33F.tmp
c:\program files\LP\88C6\34.tmp
c:\program files\LP\88C6\35.tmp
c:\program files\LP\88C6\35D.tmp
c:\program files\LP\88C6\36.tmp
c:\program files\LP\88C6\364.tmp
c:\program files\LP\88C6\37.tmp
c:\program files\LP\88C6\373.tmp
c:\program files\LP\88C6\38.tmp
c:\program files\LP\88C6\38F.tmp
c:\program files\LP\88C6\39A.tmp
c:\program files\LP\88C6\39B.tmp
c:\program files\LP\88C6\3AC.tmp
c:\program files\LP\88C6\3BA.tmp
c:\program files\LP\88C6\3BF.tmp
c:\program files\LP\88C6\3E.tmp
c:\program files\LP\88C6\3F.tmp
c:\program files\LP\88C6\40.exe
c:\program files\LP\88C6\40.tmp
c:\program files\LP\88C6\41.tmp
c:\program files\LP\88C6\413.tmp
c:\program files\LP\88C6\41A.tmp
c:\program files\LP\88C6\42.exe
c:\program files\LP\88C6\42.tmp
c:\program files\LP\88C6\427.tmp
c:\program files\LP\88C6\42E.tmp
c:\program files\LP\88C6\43.tmp
c:\program files\LP\88C6\438.tmp
c:\program files\LP\88C6\44.tmp
c:\program files\LP\88C6\440.tmp
c:\program files\LP\88C6\45.tmp
c:\program files\LP\88C6\455.tmp
c:\program files\LP\88C6\457.tmp
c:\program files\LP\88C6\45D.tmp
c:\program files\LP\88C6\45F.tmp
c:\program files\LP\88C6\46.tmp
c:\program files\LP\88C6\460.tmp
c:\program files\LP\88C6\461.tmp
c:\program files\LP\88C6\462.tmp
c:\program files\LP\88C6\463.tmp
c:\program files\LP\88C6\466.tmp
c:\program files\LP\88C6\467.tmp
c:\program files\LP\88C6\468.tmp
c:\program files\LP\88C6\469.tmp
c:\program files\LP\88C6\47.tmp
c:\program files\LP\88C6\474.tmp
c:\program files\LP\88C6\48.tmp
c:\program files\LP\88C6\481.tmp
c:\program files\LP\88C6\49.tmp
c:\program files\LP\88C6\4A.tmp
c:\program files\LP\88C6\4B.tmp
c:\program files\LP\88C6\4B3.tmp
c:\program files\LP\88C6\4BC.tmp
c:\program files\LP\88C6\4BD.tmp
c:\program files\LP\88C6\4C.exe
c:\program files\LP\88C6\4C.tmp
c:\program files\LP\88C6\4CC.tmp
c:\program files\LP\88C6\4D.tmp
c:\program files\LP\88C6\4D3.tmp
c:\program files\LP\88C6\4E.tmp
c:\program files\LP\88C6\4F.tmp
c:\program files\LP\88C6\50.tmp
c:\program files\LP\88C6\51.exe
c:\program files\LP\88C6\51.tmp
c:\program files\LP\88C6\51E.tmp
c:\program files\LP\88C6\52.tmp
c:\program files\LP\88C6\53.tmp
c:\program files\LP\88C6\533.tmp
c:\program files\LP\88C6\54.tmp
c:\program files\LP\88C6\55.tmp
c:\program files\LP\88C6\56.tmp
c:\program files\LP\88C6\57.tmp
c:\program files\LP\88C6\58.tmp
c:\program files\LP\88C6\59.tmp
c:\program files\LP\88C6\5A.tmp
c:\program files\LP\88C6\5AD.tmp
c:\program files\LP\88C6\5B.tmp
c:\program files\LP\88C6\5C.tmp
c:\program files\LP\88C6\5D.tmp
c:\program files\LP\88C6\5E.tmp
c:\program files\LP\88C6\5F.tmp
c:\program files\LP\88C6\60.tmp
c:\program files\LP\88C6\60E.tmp
c:\program files\LP\88C6\61.tmp
c:\program files\LP\88C6\613.tmp
c:\program files\LP\88C6\62.tmp
c:\program files\LP\88C6\63.tmp
c:\program files\LP\88C6\64.tmp
c:\program files\LP\88C6\65.tmp
c:\program files\LP\88C6\65F.tmp
c:\program files\LP\88C6\66.tmp
c:\program files\LP\88C6\67.tmp
c:\program files\LP\88C6\674.tmp
c:\program files\LP\88C6\68.tmp
c:\program files\LP\88C6\69.tmp
c:\program files\LP\88C6\6A.tmp
c:\program files\LP\88C6\6B.tmp
c:\program files\LP\88C6\6C.tmp
c:\program files\LP\88C6\6E4.tmp
c:\program files\LP\88C6\6F.tmp
c:\program files\LP\88C6\70.tmp
c:\program files\LP\88C6\74.tmp
c:\program files\LP\88C6\77.tmp
c:\program files\LP\88C6\78.tmp
c:\program files\LP\88C6\784.tmp
c:\program files\LP\88C6\79.tmp
c:\program files\LP\88C6\7A.tmp
c:\program files\LP\88C6\7B.tmp
c:\program files\LP\88C6\7B8.tmp
c:\program files\LP\88C6\7C.tmp
c:\program files\LP\88C6\7C3.tmp
c:\program files\LP\88C6\7D.tmp
c:\program files\LP\88C6\7DB.tmp
c:\program files\LP\88C6\7E.tmp
c:\program files\LP\88C6\7E7.exe
c:\program files\LP\88C6\7E7.tmp
c:\program files\LP\88C6\7EA.tmp
c:\program files\LP\88C6\7F.tmp
c:\program files\LP\88C6\7FF.tmp
c:\program files\LP\88C6\8.tmp
c:\program files\LP\88C6\80.tmp
c:\program files\LP\88C6\81.tmp
c:\program files\LP\88C6\82.tmp
c:\program files\LP\88C6\86.tmp
c:\program files\LP\88C6\87.tmp
c:\program files\LP\88C6\872.tmp
c:\program files\LP\88C6\87F.tmp
c:\program files\LP\88C6\88.tmp
c:\program files\LP\88C6\880.tmp
c:\program files\LP\88C6\89.tmp
c:\program files\LP\88C6\8A.tmp
c:\program files\LP\88C6\8B.tmp
c:\program files\LP\88C6\9.tmp
c:\program files\LP\88C6\940.tmp
c:\program files\LP\88C6\941.tmp
c:\program files\LP\88C6\95.tmp
c:\program files\LP\88C6\9C5.tmp
c:\program files\LP\88C6\A.tmp
c:\program files\LP\88C6\B.tmp
c:\program files\LP\88C6\B9.tmp
c:\program files\LP\88C6\BFB.tmp
c:\program files\LP\88C6\BFC.tmp
c:\program files\LP\88C6\bl226935328_64.bat
c:\program files\LP\88C6\bl341562_64.bat
c:\program files\LP\88C6\C.tmp
c:\program files\LP\88C6\C1.tmp
c:\program files\LP\88C6\C9.tmp
c:\program files\LP\88C6\D.tmp
c:\program files\LP\88C6\DFC.tmp
c:\program files\LP\88C6\E.tmp
c:\program files\LP\88C6\F.tmp
c:\program files\Shop to Win
c:\program files\Shop to Win\InstallNotifier.exe
c:\program files\Shop to Win\unins000.exe
c:\program files\Shop to Win\UnInstallPlugin.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\rnaph.dll
.
c:\windows\system32\drivers\i8042prt.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 03:55 . 2004-08-04 04:14 52736 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-07-09 03:55 . 2004-08-04 04:14 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 01:48 . 2011-06-11 16:44 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-08-14 21975120]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Facebook Update"="c:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-08-17 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/22/2012 9:48 PM 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2052111302-573735546-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-17 23:48]
.
2012-07-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2052111302-573735546-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-17 23:48]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-573735546-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 21:13]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-573735546-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 21:13]
.
2012-07-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-573735546-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-06-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-573735546-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl390yw2.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52970
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ConMgr.exe - c:\program files\EarthLink 5.0\ConMgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-08 23:58
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-07-09 00:04:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 04:03
.
Pre-Run: 43,297,779,712 bytes free
Post-Run: 45,615,935,488 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 0A072B7E3A7B9D7B605225E62D6A2E9F

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 AM

Posted 09 July 2012 - 12:42 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 AshleyEmDee

AshleyEmDee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 11 July 2012 - 01:24 PM

TDSSKiller:


14:17:50.0953 2496 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
14:17:51.0171 2496 ============================================================
14:17:51.0171 2496 Current date / time: 2012/07/11 14:17:51.0171
14:17:51.0171 2496 SystemInfo:
14:17:51.0171 2496
14:17:51.0171 2496 OS Version: 5.1.2600 ServicePack: 2.0
14:17:51.0171 2496 Product type: Workstation
14:17:51.0171 2496 ComputerName: SAT
14:17:51.0171 2496 UserName: Owner
14:17:51.0171 2496 Windows directory: C:\WINDOWS
14:17:51.0171 2496 System windows directory: C:\WINDOWS
14:17:51.0171 2496 Processor architecture: Intel x86
14:17:51.0171 2496 Number of processors: 1
14:17:51.0171 2496 Page size: 0x1000
14:17:51.0171 2496 Boot type: Normal boot
14:17:51.0171 2496 ============================================================
14:17:53.0125 2496 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:17:53.0125 2496 ============================================================
14:17:53.0125 2496 \Device\Harddisk0\DR0:
14:17:53.0125 2496 MBR partitions:
14:17:53.0125 2496 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7EF2A9F
14:17:53.0156 2496 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x7EF2B1D, BlocksNum 0x160BEA0
14:17:53.0156 2496 ============================================================
14:17:53.0187 2496 C: <-> \Device\Harddisk0\DR0\Partition0
14:17:53.0218 2496 D: <-> \Device\Harddisk0\DR0\Partition1
14:17:53.0234 2496 ============================================================
14:17:53.0234 2496 Initialize success
14:17:53.0234 2496 ============================================================
14:18:00.0078 2520 ============================================================
14:18:00.0078 2520 Scan started
14:18:00.0078 2520 Mode: Manual;
14:18:00.0078 2520 ============================================================
14:18:00.0421 2520 Abiosdsk - ok
14:18:00.0437 2520 abp480n5 - ok
14:18:00.0484 2520 ACPI (3b67b435fddf777c595f0ec736b03c37) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:18:00.0500 2520 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: 3b67b435fddf777c595f0ec736b03c37, Fake md5: a10c7534f7223f4a73a948967d00e69b
14:18:00.0500 2520 ACPI ( Virus.Win32.Rloader.a ) - infected
14:18:00.0500 2520 ACPI - detected Virus.Win32.Rloader.a (0)
14:18:00.0562 2520 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:18:00.0562 2520 ACPIEC - ok
14:18:00.0562 2520 adpu160m - ok
14:18:00.0609 2520 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
14:18:00.0609 2520 aec - ok
14:18:00.0656 2520 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
14:18:00.0656 2520 AFD - ok
14:18:00.0671 2520 Aha154x - ok
14:18:00.0687 2520 aic78u2 - ok
14:18:00.0687 2520 aic78xx - ok
14:18:00.0718 2520 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
14:18:00.0718 2520 Alerter - ok
14:18:00.0750 2520 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
14:18:00.0750 2520 ALG - ok
14:18:00.0750 2520 AliIde - ok
14:18:00.0765 2520 amsint - ok
14:18:00.0859 2520 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:18:00.0859 2520 Apple Mobile Device - ok
14:18:00.0875 2520 AppMgmt - ok
14:18:00.0875 2520 asc - ok
14:18:00.0890 2520 asc3350p - ok
14:18:00.0890 2520 asc3550 - ok
14:18:00.0984 2520 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:18:00.0984 2520 aspnet_state - ok
14:18:01.0031 2520 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:18:01.0031 2520 AsyncMac - ok
14:18:01.0062 2520 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:18:01.0062 2520 atapi - ok
14:18:01.0062 2520 Atdisk - ok
14:18:01.0109 2520 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:18:01.0109 2520 Atmarpc - ok
14:18:01.0156 2520 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
14:18:01.0156 2520 AudioSrv - ok
14:18:01.0187 2520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:18:01.0187 2520 audstub - ok
14:18:01.0234 2520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:18:01.0234 2520 Beep - ok
14:18:01.0281 2520 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
14:18:01.0328 2520 BITS - ok
14:18:01.0406 2520 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:18:01.0421 2520 Bonjour Service - ok
14:18:01.0484 2520 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
14:18:01.0484 2520 Browser - ok
14:18:01.0515 2520 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
14:18:01.0515 2520 BVRPMPR5 - ok
14:18:01.0515 2520 catchme - ok
14:18:01.0562 2520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:18:01.0562 2520 cbidf2k - ok
14:18:01.0609 2520 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:18:01.0609 2520 CCDECODE - ok
14:18:01.0609 2520 cd20xrnt - ok
14:18:01.0656 2520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:18:01.0656 2520 Cdaudio - ok
14:18:01.0671 2520 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
14:18:01.0671 2520 Cdfs - ok
14:18:01.0703 2520 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:18:01.0703 2520 Cdrom - ok
14:18:01.0718 2520 Changer - ok
14:18:01.0750 2520 cis1284 (7e1d1616c7e2fbba784e5dbd05d88eca) C:\WINDOWS\system32\drivers\cis1284.sys
14:18:01.0750 2520 cis1284 - ok
14:18:01.0781 2520 cisvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
14:18:01.0796 2520 cisvc - ok
14:18:01.0812 2520 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
14:18:01.0812 2520 ClipSrv - ok
14:18:01.0890 2520 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:18:01.0906 2520 clr_optimization_v2.0.50727_32 - ok
14:18:01.0906 2520 CmdIde - ok
14:18:01.0921 2520 COMSysApp - ok
14:18:01.0937 2520 Cpqarray - ok
14:18:01.0984 2520 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
14:18:01.0984 2520 CryptSvc - ok
14:18:02.0000 2520 dac2w2k - ok
14:18:02.0000 2520 dac960nt - ok
14:18:02.0062 2520 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
14:18:02.0062 2520 DcomLaunch - ok
14:18:02.0109 2520 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
14:18:02.0109 2520 Dhcp - ok
14:18:02.0140 2520 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
14:18:02.0140 2520 Disk - ok
14:18:02.0156 2520 dmadmin - ok
14:18:02.0218 2520 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
14:18:02.0234 2520 dmboot - ok
14:18:02.0265 2520 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
14:18:02.0265 2520 dmio - ok
14:18:02.0296 2520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:18:02.0296 2520 dmload - ok
14:18:02.0343 2520 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
14:18:02.0343 2520 dmserver - ok
14:18:02.0390 2520 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
14:18:02.0390 2520 DMusic - ok
14:18:02.0437 2520 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
14:18:02.0437 2520 Dnscache - ok
14:18:02.0453 2520 dpti2o - ok
14:18:02.0484 2520 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
14:18:02.0484 2520 drmkaud - ok
14:18:02.0531 2520 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:18:02.0546 2520 E100B - ok
14:18:02.0593 2520 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
14:18:02.0593 2520 ERSvc - ok
14:18:02.0640 2520 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
14:18:02.0640 2520 Eventlog - ok
14:18:02.0703 2520 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\System32\es.dll
14:18:02.0703 2520 EventSystem - ok
14:18:02.0734 2520 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
14:18:02.0750 2520 Fastfat - ok
14:18:02.0796 2520 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
14:18:02.0796 2520 FastUserSwitchingCompatibility - ok
14:18:02.0859 2520 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:18:02.0859 2520 Fdc - ok
14:18:02.0890 2520 FETNDISB (95bc4d8493fe30312f5e1ab57ef36083) C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys
14:18:02.0890 2520 FETNDISB - ok
14:18:02.0937 2520 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
14:18:02.0937 2520 Fips - ok
14:18:02.0937 2520 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:18:02.0937 2520 Flpydisk - ok
14:18:02.0984 2520 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
14:18:02.0984 2520 FltMgr - ok
14:18:03.0078 2520 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:18:03.0078 2520 FontCache3.0.0.0 - ok
14:18:03.0125 2520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:18:03.0125 2520 Fs_Rec - ok
14:18:03.0140 2520 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:18:03.0156 2520 Ftdisk - ok
14:18:03.0171 2520 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:18:03.0171 2520 GEARAspiWDM - ok
14:18:03.0218 2520 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:18:03.0218 2520 Gpc - ok
14:18:03.0265 2520 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:18:03.0265 2520 helpsvc - ok
14:18:03.0328 2520 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
14:18:03.0328 2520 HidServ - ok
14:18:03.0359 2520 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:18:03.0359 2520 hidusb - ok
14:18:03.0375 2520 hpn - ok
14:18:03.0375 2520 hpt3xx - ok
14:18:03.0421 2520 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
14:18:03.0437 2520 HTTP - ok
14:18:03.0468 2520 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
14:18:03.0468 2520 HTTPFilter - ok
14:18:03.0484 2520 i2omgmt - ok
14:18:03.0500 2520 i2omp - ok
14:18:03.0562 2520 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:18:03.0578 2520 ialm - ok
14:18:03.0687 2520 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:18:03.0718 2520 idsvc - ok
14:18:03.0796 2520 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\drivers\Imapi.sys
14:18:03.0796 2520 Imapi - ok
14:18:03.0843 2520 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
14:18:03.0843 2520 ImapiService - ok
14:18:03.0859 2520 ini910u - ok
14:18:03.0875 2520 IntelIde - ok
14:18:03.0906 2520 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:18:03.0921 2520 intelppm - ok
14:18:03.0953 2520 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
14:18:03.0953 2520 ip6fw - ok
14:18:03.0984 2520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:18:03.0984 2520 IpFilterDriver - ok
14:18:03.0984 2520 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:18:03.0984 2520 IpInIp - ok
14:18:04.0015 2520 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:18:04.0015 2520 IpNat - ok
14:18:04.0125 2520 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
14:18:04.0140 2520 iPod Service - ok
14:18:04.0171 2520 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:18:04.0171 2520 IPSec - ok
14:18:04.0203 2520 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:18:04.0203 2520 IRENUM - ok
14:18:04.0250 2520 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:18:04.0250 2520 isapnp - ok
14:18:04.0265 2520 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:18:04.0265 2520 Kbdclass - ok
14:18:04.0296 2520 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:18:04.0296 2520 kbdhid - ok
14:18:04.0312 2520 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
14:18:04.0328 2520 kmixer - ok
14:18:04.0359 2520 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
14:18:04.0359 2520 KSecDD - ok
14:18:04.0406 2520 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
14:18:04.0406 2520 lanmanserver - ok
14:18:04.0437 2520 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
14:18:04.0453 2520 lanmanworkstation - ok
14:18:04.0453 2520 lbrtfdc - ok
14:18:04.0500 2520 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
14:18:04.0500 2520 LmHosts - ok
14:18:04.0578 2520 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
14:18:04.0578 2520 McComponentHostService - ok
14:18:04.0609 2520 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
14:18:04.0609 2520 Messenger - ok
14:18:04.0640 2520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:18:04.0656 2520 mnmdd - ok
14:18:04.0687 2520 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\System32\mnmsrvc.exe
14:18:04.0687 2520 mnmsrvc - ok
14:18:04.0734 2520 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
14:18:04.0734 2520 Modem - ok
14:18:04.0750 2520 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:18:04.0765 2520 Mouclass - ok
14:18:04.0781 2520 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:18:04.0781 2520 mouhid - ok
14:18:04.0796 2520 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
14:18:04.0796 2520 MountMgr - ok
14:18:04.0843 2520 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:18:04.0843 2520 MozillaMaintenance - ok
14:18:04.0859 2520 mraid35x - ok
14:18:04.0875 2520 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:18:04.0875 2520 MRxDAV - ok
14:18:04.0921 2520 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:18:04.0953 2520 MRxSmb - ok
14:18:04.0984 2520 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\System32\msdtc.exe
14:18:05.0000 2520 MSDTC - ok
14:18:05.0046 2520 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
14:18:05.0046 2520 Msfs - ok
14:18:05.0046 2520 MSIServer - ok
14:18:05.0078 2520 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:18:05.0078 2520 MSKSSRV - ok
14:18:05.0125 2520 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:18:05.0125 2520 MSPCLOCK - ok
14:18:05.0171 2520 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
14:18:05.0171 2520 MSPQM - ok
14:18:05.0218 2520 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:18:05.0218 2520 mssmbios - ok
14:18:05.0265 2520 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
14:18:05.0265 2520 MSTEE - ok
14:18:05.0296 2520 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
14:18:05.0296 2520 Mup - ok
14:18:05.0359 2520 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:18:05.0359 2520 NABTSFEC - ok
14:18:05.0390 2520 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
14:18:05.0406 2520 NDIS - ok
14:18:05.0437 2520 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:18:05.0437 2520 NdisIP - ok
14:18:05.0484 2520 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:18:05.0484 2520 NdisTapi - ok
14:18:05.0500 2520 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:18:05.0500 2520 Ndisuio - ok
14:18:05.0546 2520 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:18:05.0546 2520 NdisWan - ok
14:18:05.0578 2520 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
14:18:05.0578 2520 NDProxy - ok
14:18:05.0593 2520 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:18:05.0593 2520 NetBIOS - ok
14:18:05.0625 2520 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:18:05.0640 2520 NetBT - ok
14:18:05.0671 2520 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
14:18:05.0671 2520 NetDDE - ok
14:18:05.0687 2520 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
14:18:05.0687 2520 NetDDEdsdm - ok
14:18:05.0718 2520 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:18:05.0718 2520 Netlogon - ok
14:18:05.0750 2520 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
14:18:05.0750 2520 Netman - ok
14:18:05.0859 2520 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:18:05.0859 2520 NetTcpPortSharing - ok
14:18:05.0921 2520 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
14:18:05.0937 2520 Nla - ok
14:18:05.0968 2520 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
14:18:05.0968 2520 Npfs - ok
14:18:06.0015 2520 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
14:18:06.0031 2520 Ntfs - ok
14:18:06.0031 2520 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
14:18:06.0046 2520 NtLmSsp - ok
14:18:06.0093 2520 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
14:18:06.0109 2520 NtmsSvc - ok
14:18:06.0171 2520 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
14:18:06.0171 2520 NuidFltr - ok
14:18:06.0203 2520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:18:06.0203 2520 Null - ok
14:18:06.0250 2520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:18:06.0250 2520 NwlnkFlt - ok
14:18:06.0265 2520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:18:06.0265 2520 NwlnkFwd - ok
14:18:06.0312 2520 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
14:18:06.0312 2520 OMCI - ok
14:18:06.0375 2520 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:18:06.0375 2520 ose - ok
14:18:06.0421 2520 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
14:18:06.0421 2520 Parport - ok
14:18:06.0468 2520 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
14:18:06.0468 2520 PartMgr - ok
14:18:06.0484 2520 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:18:06.0484 2520 ParVdm - ok
14:18:06.0500 2520 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
14:18:06.0500 2520 PCI - ok
14:18:06.0500 2520 PCIDump - ok
14:18:06.0531 2520 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:18:06.0531 2520 PCIIde - ok
14:18:06.0562 2520 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:18:06.0578 2520 Pcmcia - ok
14:18:06.0578 2520 PDCOMP - ok
14:18:06.0593 2520 PDFRAME - ok
14:18:06.0609 2520 PDRELI - ok
14:18:06.0609 2520 PDRFRAME - ok
14:18:06.0625 2520 perc2 - ok
14:18:06.0625 2520 perc2hib - ok
14:18:06.0687 2520 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
14:18:06.0687 2520 PlugPlay - ok
14:18:06.0703 2520 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:18:06.0703 2520 PolicyAgent - ok
14:18:06.0734 2520 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:18:06.0734 2520 PptpMiniport - ok
14:18:06.0750 2520 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
14:18:06.0750 2520 Processor - ok
14:18:06.0765 2520 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:18:06.0765 2520 ProtectedStorage - ok
14:18:06.0781 2520 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
14:18:06.0781 2520 PSched - ok
14:18:06.0812 2520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:18:06.0812 2520 Ptilink - ok
14:18:06.0812 2520 ql1080 - ok
14:18:06.0828 2520 Ql10wnt - ok
14:18:06.0843 2520 ql12160 - ok
14:18:06.0843 2520 ql1240 - ok
14:18:06.0859 2520 ql1280 - ok
14:18:06.0875 2520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:18:06.0875 2520 RasAcd - ok
14:18:06.0921 2520 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
14:18:06.0921 2520 RasAuto - ok
14:18:06.0953 2520 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:18:06.0953 2520 Rasl2tp - ok
14:18:06.0984 2520 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
14:18:07.0000 2520 RasMan - ok
14:18:07.0015 2520 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:18:07.0015 2520 RasPppoe - ok
14:18:07.0031 2520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:18:07.0031 2520 Raspti - ok
14:18:07.0062 2520 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:18:07.0078 2520 Rdbss - ok
14:18:07.0093 2520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:18:07.0093 2520 RDPCDD - ok
14:18:07.0140 2520 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
14:18:07.0156 2520 RDPWD - ok
14:18:07.0187 2520 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
14:18:07.0203 2520 RDSessMgr - ok
14:18:07.0234 2520 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:18:07.0234 2520 redbook - ok
14:18:07.0265 2520 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
14:18:07.0281 2520 RemoteAccess - ok
14:18:07.0328 2520 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
14:18:07.0343 2520 RpcLocator - ok
14:18:07.0421 2520 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\System32\rpcss.dll
14:18:07.0421 2520 RpcSs - ok
14:18:07.0468 2520 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
14:18:07.0484 2520 RSVP - ok
14:18:07.0515 2520 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:18:07.0531 2520 SamSs - ok
14:18:07.0562 2520 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
14:18:07.0562 2520 SCardSvr - ok
14:18:07.0609 2520 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
14:18:07.0625 2520 Schedule - ok
14:18:07.0656 2520 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:18:07.0656 2520 Secdrv - ok
14:18:07.0703 2520 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
14:18:07.0703 2520 seclogon - ok
14:18:07.0765 2520 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
14:18:07.0796 2520 senfilt - ok
14:18:07.0828 2520 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
14:18:07.0828 2520 SENS - ok
14:18:07.0875 2520 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:18:07.0875 2520 serenum - ok
14:18:07.0890 2520 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
14:18:07.0890 2520 Serial - ok
14:18:07.0921 2520 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:18:07.0921 2520 Sfloppy - ok
14:18:07.0968 2520 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
14:18:08.0000 2520 SharedAccess - ok
14:18:08.0031 2520 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
14:18:08.0031 2520 ShellHWDetection - ok
14:18:08.0046 2520 Simbad - ok
14:18:08.0078 2520 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:18:08.0078 2520 SLIP - ok
14:18:08.0140 2520 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
14:18:08.0156 2520 smwdm - ok
14:18:08.0171 2520 Sparrow - ok
14:18:08.0203 2520 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
14:18:08.0218 2520 splitter - ok
14:18:08.0250 2520 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
14:18:08.0250 2520 Spooler - ok
14:18:08.0281 2520 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
14:18:08.0296 2520 sr - ok
14:18:08.0328 2520 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
14:18:08.0343 2520 srservice - ok
14:18:08.0390 2520 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
14:18:08.0406 2520 Srv - ok
14:18:08.0437 2520 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
14:18:08.0437 2520 SSDPSRV - ok
14:18:08.0515 2520 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
14:18:08.0531 2520 stisvc - ok
14:18:08.0703 2520 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:18:08.0703 2520 streamip - ok
14:18:08.0750 2520 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:18:08.0781 2520 swenum - ok
14:18:08.0812 2520 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
14:18:08.0812 2520 swmidi - ok
14:18:08.0828 2520 SwPrv - ok
14:18:08.0843 2520 symc810 - ok
14:18:08.0859 2520 symc8xx - ok
14:18:08.0859 2520 sym_hi - ok
14:18:08.0875 2520 sym_u3 - ok
14:18:08.0906 2520 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
14:18:08.0906 2520 sysaudio - ok
14:18:08.0968 2520 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
14:18:08.0968 2520 SysmonLog - ok
14:18:09.0000 2520 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
14:18:09.0015 2520 TapiSrv - ok
14:18:09.0078 2520 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:18:09.0093 2520 Tcpip - ok
14:18:09.0125 2520 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:18:09.0125 2520 TDPIPE - ok
14:18:09.0140 2520 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
14:18:09.0140 2520 TDTCP - ok
14:18:09.0171 2520 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:18:09.0171 2520 TermDD - ok
14:18:09.0218 2520 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
14:18:09.0234 2520 TermService - ok
14:18:09.0265 2520 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
14:18:09.0265 2520 Themes - ok
14:18:09.0281 2520 TosIde - ok
14:18:09.0296 2520 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
14:18:09.0312 2520 TrkWks - ok
14:18:09.0343 2520 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
14:18:09.0343 2520 Udfs - ok
14:18:09.0359 2520 ultra - ok
14:18:09.0406 2520 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
14:18:09.0421 2520 Update - ok
14:18:09.0453 2520 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
14:18:09.0468 2520 upnphost - ok
14:18:09.0500 2520 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
14:18:09.0515 2520 UPS - ok
14:18:09.0546 2520 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:18:09.0546 2520 USBAAPL - ok
14:18:09.0593 2520 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
14:18:09.0593 2520 usbaudio - ok
14:18:09.0609 2520 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:18:09.0609 2520 usbccgp - ok
14:18:09.0640 2520 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:18:09.0640 2520 usbhub - ok
14:18:09.0671 2520 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:18:09.0671 2520 usbscan - ok
14:18:09.0687 2520 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:18:09.0687 2520 USBSTOR - ok
14:18:09.0703 2520 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:18:09.0703 2520 usbuhci - ok
14:18:09.0750 2520 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
14:18:09.0750 2520 usbvideo - ok
14:18:09.0781 2520 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
14:18:09.0781 2520 VgaSave - ok
14:18:09.0796 2520 ViaIde - ok
14:18:09.0812 2520 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
14:18:09.0812 2520 VolSnap - ok
14:18:09.0875 2520 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
14:18:09.0875 2520 VSS - ok
14:18:09.0921 2520 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
14:18:09.0937 2520 W32Time - ok
14:18:09.0984 2520 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:18:09.0984 2520 Wanarp - ok
14:18:10.0046 2520 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:18:10.0046 2520 Wdf01000 - ok
14:18:10.0062 2520 WDICA - ok
14:18:10.0093 2520 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
14:18:10.0093 2520 wdmaud - ok
14:18:10.0125 2520 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
14:18:10.0140 2520 WebClient - ok
14:18:10.0187 2520 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:18:10.0203 2520 winmgmt - ok
14:18:10.0250 2520 WmdmPmSN (c086483e3dba8c1c0a687ec8d5b3d4c1) C:\WINDOWS\System32\mspmsnsv.dll
14:18:10.0250 2520 WmdmPmSN - ok
14:18:10.0296 2520 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:18:10.0312 2520 WmiApSrv - ok
14:18:10.0375 2520 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:18:10.0375 2520 WS2IFSL - ok
14:18:10.0421 2520 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
14:18:10.0421 2520 wscsvc - ok
14:18:10.0484 2520 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:18:10.0484 2520 WSTCODEC - ok
14:18:10.0531 2520 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
14:18:10.0531 2520 wuauserv - ok
14:18:10.0578 2520 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
14:18:10.0593 2520 WZCSVC - ok
14:18:10.0640 2520 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
14:18:10.0656 2520 xmlprov - ok
14:18:10.0687 2520 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:18:10.0703 2520 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
14:18:10.0703 2520 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
14:18:10.0718 2520 Boot (0x1200) (328c173ca020180899a5c489a68cdf1a) \Device\Harddisk0\DR0\Partition0
14:18:10.0718 2520 \Device\Harddisk0\DR0\Partition0 - ok
14:18:10.0750 2520 Boot (0x1200) (bf2b84259b714aa35788919439a7e109) \Device\Harddisk0\DR0\Partition1
14:18:10.0750 2520 \Device\Harddisk0\DR0\Partition1 - ok
14:18:10.0750 2520 ============================================================
14:18:10.0750 2520 Scan finished
14:18:10.0750 2520 ============================================================
14:18:10.0765 2512 Detected object count: 2
14:18:10.0765 2512 Actual detected object count: 2
14:18:14.0109 2512 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
14:18:16.0046 2512 Backup copy found, using it..
14:18:16.0062 2512 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
14:18:16.0062 2512 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
14:18:16.0765 2512 \Device\Harddisk0\DR0\# - copied to quarantine
14:18:16.0765 2512 \Device\Harddisk0\DR0 - copied to quarantine
14:18:16.0796 2512 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
14:18:16.0843 2512 \Device\Harddisk0\DR0 - ok
14:18:16.0843 2512 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
14:18:20.0468 1812 Deinitialize success

#12 AshleyEmDee

AshleyEmDee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 11 July 2012 - 02:12 PM

MBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-11 14:25:05
-----------------------------
14:25:05.015 OS Version: Windows 5.1.2600 Service Pack 2
14:25:05.015 Number of processors: 1 586 0x401
14:25:05.015 ComputerName: SAT UserName:
14:25:07.171 Initialize success
14:25:58.171 AVAST engine defs: 12071101
14:26:01.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:26:01.843 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
14:26:01.859 Disk 0 MBR read successfully
14:26:01.859 Disk 0 MBR scan
14:26:01.890 Disk 0 Windows XP default MBR code
14:26:01.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 64997 MB offset 63
14:26:01.890 Disk 0 Partition - 00 0F Extended LBA 11287 MB offset 133114590
14:26:01.906 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11287 MB offset 133114653
14:26:01.921 Disk 0 scanning sectors +156232125
14:26:01.937 Disk 0 malicious Win32:MBRoot code @ sector 156232128 !
14:26:02.000 Disk 0 scanning C:\WINDOWS\system32\drivers
14:26:14.015 Service scanning
14:26:33.890 Modules scanning
14:26:46.812 Disk 0 trace - called modules:
14:26:46.828 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
14:26:46.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f88ab8]
14:26:46.828 3 CLASSPNP.SYS[f75d805b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f65d98]
14:26:48.031 AVAST engine scan C:\WINDOWS
14:26:56.265 AVAST engine scan C:\WINDOWS\system32
14:29:48.421 AVAST engine scan C:\WINDOWS\system32\drivers
14:30:26.406 AVAST engine scan C:\Documents and Settings\Owner
15:08:43.359 AVAST engine scan C:\Documents and Settings\All Users
15:10:22.593 Scan finished successfully
15:12:06.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
15:12:06.828 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 AM

Posted 11 July 2012 - 09:04 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 AshleyEmDee

AshleyEmDee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 12 July 2012 - 12:27 PM

ComboFix 12-07-05.04 - Owner 07/08/2012 23:50:07.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.674 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\1234567.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\LP
c:\program files\LP\88C6\10.tmp
c:\program files\LP\88C6\11.tmp
c:\program files\LP\88C6\110A.tmp
c:\program files\LP\88C6\11D.tmp
c:\program files\LP\88C6\12.exe
c:\program files\LP\88C6\12.tmp
c:\program files\LP\88C6\128.tmp
c:\program files\LP\88C6\13.tmp
c:\program files\LP\88C6\14.tmp
c:\program files\LP\88C6\145.tmp
c:\program files\LP\88C6\147.tmp
c:\program files\LP\88C6\149.tmp
c:\program files\LP\88C6\15.exe
c:\program files\LP\88C6\15.tmp
c:\program files\LP\88C6\15A.tmp
c:\program files\LP\88C6\16.tmp
c:\program files\LP\88C6\17.tmp
c:\program files\LP\88C6\18.tmp
c:\program files\LP\88C6\18D.tmp
c:\program files\LP\88C6\19.tmp
c:\program files\LP\88C6\195.tmp
c:\program files\LP\88C6\1A.tmp
c:\program files\LP\88C6\1A7.tmp
c:\program files\LP\88C6\1B.tmp
c:\program files\LP\88C6\1B3.tmp
c:\program files\LP\88C6\1C.tmp
c:\program files\LP\88C6\1C9.tmp
c:\program files\LP\88C6\1D.tmp
c:\program files\LP\88C6\1DE.tmp
c:\program files\LP\88C6\1E.tmp
c:\program files\LP\88C6\1EC.tmp
c:\program files\LP\88C6\1ED.tmp
c:\program files\LP\88C6\1EE.tmp
c:\program files\LP\88C6\1EF.tmp
c:\program files\LP\88C6\1F.tmp
c:\program files\LP\88C6\1F0.tmp
c:\program files\LP\88C6\20.tmp
c:\program files\LP\88C6\21.tmp
c:\program files\LP\88C6\22.tmp
c:\program files\LP\88C6\23.tmp
c:\program files\LP\88C6\24.tmp
c:\program files\LP\88C6\25.exe
c:\program files\LP\88C6\25.tmp
c:\program files\LP\88C6\250.tmp
c:\program files\LP\88C6\253.tmp
c:\program files\LP\88C6\258.tmp
c:\program files\LP\88C6\26.tmp
c:\program files\LP\88C6\264.tmp
c:\program files\LP\88C6\27.tmp
c:\program files\LP\88C6\279.tmp
c:\program files\LP\88C6\28.tmp
c:\program files\LP\88C6\29.tmp
c:\program files\LP\88C6\2A.tmp
c:\program files\LP\88C6\2B6.tmp
c:\program files\LP\88C6\2B9.tmp
c:\program files\LP\88C6\2D.tmp
c:\program files\LP\88C6\2F.tmp
c:\program files\LP\88C6\30.tmp
c:\program files\LP\88C6\30B.tmp
c:\program files\LP\88C6\30E.tmp
c:\program files\LP\88C6\31.tmp
c:\program files\LP\88C6\32.tmp
c:\program files\LP\88C6\33.tmp
c:\program files\LP\88C6\331.tmp
c:\program files\LP\88C6\33A.tmp
c:\program files\LP\88C6\33D.tmp
c:\program files\LP\88C6\33F.tmp
c:\program files\LP\88C6\34.tmp
c:\program files\LP\88C6\35.tmp
c:\program files\LP\88C6\35D.tmp
c:\program files\LP\88C6\36.tmp
c:\program files\LP\88C6\364.tmp
c:\program files\LP\88C6\37.tmp
c:\program files\LP\88C6\373.tmp
c:\program files\LP\88C6\38.tmp
c:\program files\LP\88C6\38F.tmp
c:\program files\LP\88C6\39A.tmp
c:\program files\LP\88C6\39B.tmp
c:\program files\LP\88C6\3AC.tmp
c:\program files\LP\88C6\3BA.tmp
c:\program files\LP\88C6\3BF.tmp
c:\program files\LP\88C6\3E.tmp
c:\program files\LP\88C6\3F.tmp
c:\program files\LP\88C6\40.exe
c:\program files\LP\88C6\40.tmp
c:\program files\LP\88C6\41.tmp
c:\program files\LP\88C6\413.tmp
c:\program files\LP\88C6\41A.tmp
c:\program files\LP\88C6\42.exe
c:\program files\LP\88C6\42.tmp
c:\program files\LP\88C6\427.tmp
c:\program files\LP\88C6\42E.tmp
c:\program files\LP\88C6\43.tmp
c:\program files\LP\88C6\438.tmp
c:\program files\LP\88C6\44.tmp
c:\program files\LP\88C6\440.tmp
c:\program files\LP\88C6\45.tmp
c:\program files\LP\88C6\455.tmp
c:\program files\LP\88C6\457.tmp
c:\program files\LP\88C6\45D.tmp
c:\program files\LP\88C6\45F.tmp
c:\program files\LP\88C6\46.tmp
c:\program files\LP\88C6\460.tmp
c:\program files\LP\88C6\461.tmp
c:\program files\LP\88C6\462.tmp
c:\program files\LP\88C6\463.tmp
c:\program files\LP\88C6\466.tmp
c:\program files\LP\88C6\467.tmp
c:\program files\LP\88C6\468.tmp
c:\program files\LP\88C6\469.tmp
c:\program files\LP\88C6\47.tmp
c:\program files\LP\88C6\474.tmp
c:\program files\LP\88C6\48.tmp
c:\program files\LP\88C6\481.tmp
c:\program files\LP\88C6\49.tmp
c:\program files\LP\88C6\4A.tmp
c:\program files\LP\88C6\4B.tmp
c:\program files\LP\88C6\4B3.tmp
c:\program files\LP\88C6\4BC.tmp
c:\program files\LP\88C6\4BD.tmp
c:\program files\LP\88C6\4C.exe
c:\program files\LP\88C6\4C.tmp
c:\program files\LP\88C6\4CC.tmp
c:\program files\LP\88C6\4D.tmp
c:\program files\LP\88C6\4D3.tmp
c:\program files\LP\88C6\4E.tmp
c:\program files\LP\88C6\4F.tmp
c:\program files\LP\88C6\50.tmp
c:\program files\LP\88C6\51.exe
c:\program files\LP\88C6\51.tmp
c:\program files\LP\88C6\51E.tmp
c:\program files\LP\88C6\52.tmp
c:\program files\LP\88C6\53.tmp
c:\program files\LP\88C6\533.tmp
c:\program files\LP\88C6\54.tmp
c:\program files\LP\88C6\55.tmp
c:\program files\LP\88C6\56.tmp
c:\program files\LP\88C6\57.tmp
c:\program files\LP\88C6\58.tmp
c:\program files\LP\88C6\59.tmp
c:\program files\LP\88C6\5A.tmp
c:\program files\LP\88C6\5AD.tmp
c:\program files\LP\88C6\5B.tmp
c:\program files\LP\88C6\5C.tmp
c:\program files\LP\88C6\5D.tmp
c:\program files\LP\88C6\5E.tmp
c:\program files\LP\88C6\5F.tmp
c:\program files\LP\88C6\60.tmp
c:\program files\LP\88C6\60E.tmp
c:\program files\LP\88C6\61.tmp
c:\program files\LP\88C6\613.tmp
c:\program files\LP\88C6\62.tmp
c:\program files\LP\88C6\63.tmp
c:\program files\LP\88C6\64.tmp
c:\program files\LP\88C6\65.tmp
c:\program files\LP\88C6\65F.tmp
c:\program files\LP\88C6\66.tmp
c:\program files\LP\88C6\67.tmp
c:\program files\LP\88C6\674.tmp
c:\program files\LP\88C6\68.tmp
c:\program files\LP\88C6\69.tmp
c:\program files\LP\88C6\6A.tmp
c:\program files\LP\88C6\6B.tmp
c:\program files\LP\88C6\6C.tmp
c:\program files\LP\88C6\6E4.tmp
c:\program files\LP\88C6\6F.tmp
c:\program files\LP\88C6\70.tmp
c:\program files\LP\88C6\74.tmp
c:\program files\LP\88C6\77.tmp
c:\program files\LP\88C6\78.tmp
c:\program files\LP\88C6\784.tmp
c:\program files\LP\88C6\79.tmp
c:\program files\LP\88C6\7A.tmp
c:\program files\LP\88C6\7B.tmp
c:\program files\LP\88C6\7B8.tmp
c:\program files\LP\88C6\7C.tmp
c:\program files\LP\88C6\7C3.tmp
c:\program files\LP\88C6\7D.tmp
c:\program files\LP\88C6\7DB.tmp
c:\program files\LP\88C6\7E.tmp
c:\program files\LP\88C6\7E7.exe
c:\program files\LP\88C6\7E7.tmp
c:\program files\LP\88C6\7EA.tmp
c:\program files\LP\88C6\7F.tmp
c:\program files\LP\88C6\7FF.tmp
c:\program files\LP\88C6\8.tmp
c:\program files\LP\88C6\80.tmp
c:\program files\LP\88C6\81.tmp
c:\program files\LP\88C6\82.tmp
c:\program files\LP\88C6\86.tmp
c:\program files\LP\88C6\87.tmp
c:\program files\LP\88C6\872.tmp
c:\program files\LP\88C6\87F.tmp
c:\program files\LP\88C6\88.tmp
c:\program files\LP\88C6\880.tmp
c:\program files\LP\88C6\89.tmp
c:\program files\LP\88C6\8A.tmp
c:\program files\LP\88C6\8B.tmp
c:\program files\LP\88C6\9.tmp
c:\program files\LP\88C6\940.tmp
c:\program files\LP\88C6\941.tmp
c:\program files\LP\88C6\95.tmp
c:\program files\LP\88C6\9C5.tmp
c:\program files\LP\88C6\A.tmp
c:\program files\LP\88C6\B.tmp
c:\program files\LP\88C6\B9.tmp
c:\program files\LP\88C6\BFB.tmp
c:\program files\LP\88C6\BFC.tmp
c:\program files\LP\88C6\bl226935328_64.bat
c:\program files\LP\88C6\bl341562_64.bat
c:\program files\LP\88C6\C.tmp
c:\program files\LP\88C6\C1.tmp
c:\program files\LP\88C6\C9.tmp
c:\program files\LP\88C6\D.tmp
c:\program files\LP\88C6\DFC.tmp
c:\program files\LP\88C6\E.tmp
c:\program files\LP\88C6\F.tmp
c:\program files\Shop to Win
c:\program files\Shop to Win\InstallNotifier.exe
c:\program files\Shop to Win\unins000.exe
c:\program files\Shop to Win\UnInstallPlugin.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\rnaph.dll
.
c:\windows\system32\drivers\i8042prt.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 03:55 . 2004-08-04 04:14 52736 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-07-09 03:55 . 2004-08-04 04:14 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 01:48 . 2011-06-11 16:44 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-08-14 21975120]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Facebook Update"="c:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-08-17 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/22/2012 9:48 PM 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2052111302-573735546-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-17 23:48]
.
2012-07-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2052111302-573735546-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-17 23:48]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-573735546-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 21:13]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-573735546-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-11 21:13]
.
2012-07-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-573735546-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-06-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-573735546-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wl390yw2.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52970
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ConMgr.exe - c:\program files\EarthLink 5.0\ConMgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-08 23:58
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-07-09 00:04:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 04:03
.
Pre-Run: 43,297,779,712 bytes free
Post-Run: 45,615,935,488 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 0A072B7E3A7B9D7B605225E62D6A2E9F

#15 AshleyEmDee

AshleyEmDee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 12 July 2012 - 12:29 PM

I typed in a couple of sites and did a couple of searches on Google and so far, I haven't been redirected to any other sites yet. Could this mean that the problem was solved?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users