Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something deleting files, programs, emauil, etc


  • This topic is locked This topic is locked
71 replies to this topic

#1 jimvt

jimvt

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:04:47 AM

Posted 29 May 2012 - 12:11 PM

Whatever I've got is a stinker. Deleting everything I've tried plus emails.

Hope we can kill the thing!

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-29 13:02:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800EB-00DJF0 rev.77.07W77
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kgloikob.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011E9720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[904] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0141E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[904] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0141E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[904] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0141E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 DeepFrz.sys (Deep Freeze 6 driver/Faronics Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 mouclass.sys (Mouse Class Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\HP Officejet 4500 G510n-z@PrinterOnLine 0
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 452
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 12623
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7BBBCB59-6D43-451E-95B3-3C52A4E31F76}@LeaseObtainedTime 1335911873
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7BBBCB59-6D43-451E-95B3-3C52A4E31F76}@T1 1335955073
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7BBBCB59-6D43-451E-95B3-3C52A4E31F76}@T2 1335987473
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7BBBCB59-6D43-451E-95B3-3C52A4E31F76}@LeaseTerminatesTime 1335998273
Reg HKLM\SYSTEM\CurrentControlSet\Services\{7BBBCB59-6D43-451E-95B3-3C52A4E31F76}\Parameters\Tcpip@LeaseObtainedTime 1335911873
Reg HKLM\SYSTEM\CurrentControlSet\Services\{7BBBCB59-6D43-451E-95B3-3C52A4E31F76}\Parameters\Tcpip@T1 1335955073
Reg HKLM\SYSTEM\CurrentControlSet\Services\{7BBBCB59-6D43-451E-95B3-3C52A4E31F76}\Parameters\Tcpip@T2 1335987473
Reg HKLM\SYSTEM\CurrentControlSet\Services\{7BBBCB59-6D43-451E-95B3-3C52A4E31F76}\Parameters\Tcpip@LeaseTerminatesTime 1335998273
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0EE3A410F7C69D74FBC30772DD44E515\Usage@Common 1084293312
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2012-05-02 08:12:29
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextSqmReportTime 2012-05-01 10:39:09
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@ScheduledInstallDate 2012-05-02 23:00:00
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect@LastSuccessTime 2012-05-01 10:41:36
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download@LastSuccessTime 2012-04-30 20:08:31
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@StartTime 2012/05/01-06:37:55
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 100
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 100
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@LastTraceFailure 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@ProfileLoadTimeLow 1994474156
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@ProfileLoadTimeHigh 30222214
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@RefCount 2
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@ProfileLoadTimeLow 1959630406
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@ProfileLoadTimeHigh 30222214
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1201055447-1169385113-3479457641-1003@ProfileLoadTimeLow 1993692906
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1201055447-1169385113-3479457641-1003@ProfileLoadTimeHigh 30222214
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1201055447-1169385113-3479457641-1003@RefCount 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@CleanShutdown 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Current Media
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Current Media@TotalBytes 0x00 0x28 0x6C 0x10 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Current Media@FreeBytes 0x00 0x10 0x25 0x10 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Current Media@Media Type 14
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Current Media@UDF 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Current Media@Disc Label May1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Current Media@Set 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{d40e8140-2eee-11df-9157-806d6172696f}@MaxCDWriteSpeed 12
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU@MRUList ba
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*@MRUList cba
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList@MRUList cahgefdb
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@My Music
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@My Video
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\iexplore@Count 15
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\iexplore@Count 15
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012050120120502
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012050120120502@CachePath %USERPROFILE%\Local Settings\History\History.IE5\MSHist012012050120120502
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012050120120502@CachePrefix :2012050120120502:
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012050120120502@CacheLimit 8192
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012050120120502@CacheOptions 11
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012050120120502@CacheRepair 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\148\Shell@WFlags 2
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\148\Shell@ShowCmd 3
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\20\Shell@MinPos1280x720(1).x -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\20\Shell@MinPos1280x720(1).y -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\21\Shell@MinPos1280x720(1).x -32000
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\21\Shell@MinPos1280x720(1).y -32000
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\DUIBags\ShellFolders\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31}@ExpandDetailsTasks 0

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\{1241933F-3FCB-4B76-8C14-ACB386005206} 7006 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\{1AC02D3E-E4DA-4410-913B-DAD142F5385C} 7006 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\{4083E64B-CB42-4AD7-B517-B0C12E5ADA80} 7006 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{368A67D6-D339-4644-9E1A-45D7E290884E} 7716 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{43C42A67-A55B-45C4-AEEA-726E0A73A2B9} 7440 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{96458D5A-9B62-49C7-AA49-6D9D68D7CD0D} 7406 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{E94B4835-2417-4FE9-84B7-22D38888FC6E} 9188 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04232012-055840-00000003-ffffffff.bin 131072 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04222012-170753-00000003-ffffffff.bin 262144 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04222012-194900-00000003-ffffffff.bin 196608 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04232012-101222-00000003-ffffffff.bin 196608 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04232012-103052-00000003-ffffffff.bin 196608 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04232012-111013-00000003-ffffffff.bin 196608 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04232012-112403-00000003-ffffffff.bin 262144 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04242012-072810-00000003-ffffffff.bin 327680 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04252012-084314-00000003-ffffffff.bin 196608 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04252012-112315-00000003-ffffffff.bin 262144 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04262012-080730-00000003-ffffffff.bin 196608 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04272012-070848-00000003-ffffffff.bin 262144 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04282012-061343-00000003-ffffffff.bin 196608 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04292012-061823-00000003-ffffffff.bin 262144 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04292012-102512-00000003-ffffffff.bin 196608 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04302012-060227-00000003-ffffffff.bin 196608 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-04302012-190255-00000003-ffffffff.bin 16384 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-05012012-063752-00000003-ffffffff.bin 16384 bytes
File C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5xustack.jimvt\bookmarkbackups\bookmarks-2012-04-02.json 27810 bytes
File C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5xustack.jimvt\bookmarkbackups\bookmarks-2012-04-22.json 27810 bytes
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\5xustack.jimvt\Cache\4\2E\D2A66d01 2457600 bytes
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\5xustack.jimvt\Cache\7\68\D96C2d01 1083188 bytes
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\5xustack.jimvt\Cache\7\61\9B17Bd01 2457600 bytes
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\5xustack.jimvt\Cache\B\3F\738A6d01 2457600 bytes
File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\5xustack.jimvt\Cache\F\83\D2385d01 2457600 bytes
File C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012012050120120502 0 bytes
File C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012012050120120502\index.dat 32768 bytes
File C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb001D7.log 131072 bytes
File C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb001D8.log 131072 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738 0 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR 0 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\html.iec 385024 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\ie4uinit.exe 174080 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\iedkcs32.dll 387584 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\iedvtool.dll 743424 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\ieframe.dll 11082752 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\iepeers.dll 184320 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\ieproxy.dll 247808 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\iertutil.dll 2000384 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\ieuinit.inf 57667 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\inetcpl.cpl 1469440 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\jsproxy.dll 25600 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\licmgr10.dll 43520 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\msfeeds.dll 602112 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\msfeedsbs.dll 55296 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\mshtml.dll 5978624 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\mshtmled.dll 66560 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\mstime.dll 611840 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\occache.dll 206848 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\url.dll 105984 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\urlmon.dll 1212416 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\wininet.dll 916992 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\xpshims.dll 12800 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE 0 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\html.iec 385024 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\ie4uinit.exe 174080 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\iedkcs32.dll 387584 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\iedvtool.dll 743424 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\ieframe.dll 11085312 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\iepeers.dll 184320 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\ieproxy.dll 247808 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\iertutil.dll 2001408 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\ieuinit.inf 57667 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\inetcpl.cpl 1469440 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\jsproxy.dll 25600 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\licmgr10.dll 43520 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\msfeeds.dll 602112 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\msfeedsbs.dll 55296 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\mshtml.dll 5980672 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\mshtmled.dll 66560 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\mstime.dll 611840 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\occache.dll 206848 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\url.dll 105984 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\urlmon.dll 1214464 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\wininet.dll 919552 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\xpshims.dll 12800 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\spmsg.dll 17272 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\spuninst.exe 231288 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\update 0 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\update\branches.inf 926 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\update\eula.txt 804 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\update\KB2675157-IE8.CAT 22270 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\update\spcustom.dll 26488 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\update\update.exe 755576 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\update\update.ver 4062 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\update\updatebr.inf 501 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\update\update_SP3GDR.inf 125405 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\update\update_SP3QFE.inf 119260 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\update\updspapi.dll 382840 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\_downloadprogress_.state 4 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\_file_to_execute_.txt 17 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\_unpacked_.state 34 bytes
File C:\WINDOWS\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\_useselfcontained_.state 50 bytes
File C:\WINDOWS\SoftwareDistribution\Download\62b48f831627ec79946c6291d021d2ff68f5ac12 561144 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\758f350ac552f6722e0dbba65f0916882942c83e 644088 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\967d50e6112d5997d976a9fa7ff8c3f43c83768f 651768 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\ad028a17f6f9f5fe38ea7cb6d0c2756b7b72d2e3 10288512 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466 0 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\backup 0 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\sp3gdr 0 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\sp3gdr\imagehlp.dll 148480 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\sp3gdr\wintrust.dll 177664 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\sp3qfe 0 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\sp3qfe\imagehlp.dll 148480 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\sp3qfe\wintrust.dll 178176 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\spmsg.dll 17272 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\spuninst.exe 231288 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\susdl.rq0 465 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update 0 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\branches.inf 926 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\eula.txt 804 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\KB2653956.cat 8566 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\spcustom.dll 26488 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\update.exe 755576 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\update.url 5326 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\update.ver 394 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\updatebr.inf 497 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\update_SP3GDR.inf 29633 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\update_SP3QFE.inf 25187 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\updspapi.dll 382840 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\WindowsXP-KB2653956-x86-ENU.psm 732 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\_downloadprogress_.state 4 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\_unpacked_.state 34 bytes
File C:\WINDOWS\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\_usedelta_.state 34 bytes
File C:\WINDOWS\SoftwareDistribution\Download\de15cdda100cc030349dd0c4f2776d99e67267c1 3294136 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\e4c48c27d3ee826e806df96017e102ef7cf27cd4 628728 bytes executable

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:47 AM

Posted 01 June 2012 - 07:00 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:04:47 AM

Posted 01 June 2012 - 08:51 PM

OK ready when you are!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:47 AM

Posted 02 June 2012 - 12:51 PM

Let's start with some scanners

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

And

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Posted Image
m0le is a proud member of UNITE

#5 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:04:47 AM

Posted 02 June 2012 - 04:02 PM

OK mOle, here ya go!

Thanks

Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:47 AM

Posted 02 June 2012 - 05:21 PM

Deleting everything I've tried plus emails.


What do you mean "everything you've tried"? The scanners seem to work fine.
Posted Image
m0le is a proud member of UNITE

#7 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:04:47 AM

Posted 02 June 2012 - 05:29 PM

I mean before I contacted Bleep I tried to solve the problem with MSE, Malware, AVG. Avast and a few other softwares and when I shut down the computer at night and opened in the morning nothing had changed.
All softwares deleted, emails, deleted and so on.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:47 AM

Posted 02 June 2012 - 05:48 PM

That's a really strange symptom. Deleting emails isn't something that usually happens and I can't see the use for malware to access your email and delete emails when it could steal your passwords and email address list. Malware will delete files and programs but usually to replace them or to stop them detecting them.

Okay, let's assume a rootkit and see if anything sticks out on the next log

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#9 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:04:47 AM

Posted 02 June 2012 - 06:30 PM

19:23:23.0904 1432 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:23:24.0325 1432 ============================================================
19:23:24.0325 1432 Current date / time: 2012/06/02 19:23:24.0325
19:23:24.0325 1432 SystemInfo:
19:23:24.0325 1432
19:23:24.0325 1432 OS Version: 5.1.2600 ServicePack: 3.0
19:23:24.0325 1432 Product type: Workstation
19:23:24.0341 1432 ComputerName: HOME-N4TTGLLC4R
19:23:24.0341 1432 UserName: Owner
19:23:24.0341 1432 Windows directory: C:\WINDOWS
19:23:24.0341 1432 System windows directory: C:\WINDOWS
19:23:24.0341 1432 Processor architecture: Intel x86
19:23:24.0341 1432 Number of processors: 1
19:23:24.0341 1432 Page size: 0x1000
19:23:24.0341 1432 Boot type: Normal boot
19:23:24.0341 1432 ============================================================
19:23:35.0544 1432 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:23:35.0575 1432 ============================================================
19:23:35.0575 1432 \Device\Harddisk0\DR0:
19:23:35.0575 1432 MBR partitions:
19:23:35.0575 1432 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
19:23:35.0575 1432 ============================================================
19:23:35.0669 1432 C: <-> \Device\Harddisk0\DR0\Partition0
19:23:35.0669 1432 ============================================================
19:23:35.0669 1432 Initialize success
19:23:35.0669 1432 ============================================================
19:23:59.0029 1788 ============================================================
19:23:59.0029 1788 Scan started
19:23:59.0029 1788 Mode: Manual;
19:23:59.0029 1788 ============================================================
19:24:04.0122 1788 Abiosdsk - ok
19:24:04.0154 1788 abp480n5 - ok
19:24:04.0294 1788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:24:04.0404 1788 ACPI - ok
19:24:04.0482 1788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:24:04.0513 1788 ACPIEC - ok
19:24:04.0732 1788 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:24:04.0966 1788 AdobeFlashPlayerUpdateSvc - ok
19:24:04.0997 1788 adpu160m - ok
19:24:05.0138 1788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:24:05.0216 1788 aec - ok
19:24:05.0310 1788 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
19:24:05.0341 1788 Afc - ok
19:24:05.0450 1788 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:24:05.0513 1788 AFD - ok
19:24:05.0544 1788 Aha154x - ok
19:24:05.0560 1788 aic78u2 - ok
19:24:05.0591 1788 aic78xx - ok
19:24:06.0122 1788 ALCXWDM (49899bb0ccc162fe6e2368ee93992950) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
19:24:06.0638 1788 ALCXWDM - ok
19:24:06.0700 1788 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:24:06.0700 1788 Alerter - ok
19:24:06.0763 1788 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:24:06.0794 1788 ALG - ok
19:24:06.0810 1788 AliIde - ok
19:24:06.0841 1788 amsint - ok
19:24:06.0857 1788 AppMgmt - ok
19:24:06.0872 1788 asc - ok
19:24:06.0904 1788 asc3350p - ok
19:24:06.0950 1788 asc3550 - ok
19:24:07.0263 1788 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:24:07.0279 1788 aspnet_state - ok
19:24:07.0388 1788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:24:07.0419 1788 AsyncMac - ok
19:24:07.0529 1788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\ATAPI.SYS
19:24:07.0529 1788 atapi - ok
19:24:07.0544 1788 Atdisk - ok
19:24:07.0607 1788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:24:07.0638 1788 Atmarpc - ok
19:24:07.0732 1788 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:24:07.0763 1788 AudioSrv - ok
19:24:07.0872 1788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:24:07.0919 1788 audstub - ok
19:24:07.0982 1788 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
19:24:08.0029 1788 BANTExt - ok
19:24:08.0122 1788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:24:08.0216 1788 Beep - ok
19:24:08.0544 1788 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:24:09.0622 1788 BITS - ok
19:24:09.0763 1788 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:24:09.0810 1788 Browser - ok
19:24:10.0013 1788 catchme - ok
19:24:10.0122 1788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:24:10.0388 1788 cbidf2k - ok
19:24:10.0419 1788 cd20xrnt - ok
19:24:10.0513 1788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:24:10.0685 1788 Cdaudio - ok
19:24:10.0779 1788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:24:10.0841 1788 Cdfs - ok
19:24:10.0966 1788 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:24:11.0091 1788 Cdrom - ok
19:24:11.0107 1788 Changer - ok
19:24:11.0200 1788 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:24:11.0200 1788 CiSvc - ok
19:24:11.0279 1788 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:24:11.0294 1788 ClipSrv - ok
19:24:11.0404 1788 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:24:11.0497 1788 clr_optimization_v2.0.50727_32 - ok
19:24:11.0747 1788 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:24:11.0841 1788 clr_optimization_v4.0.30319_32 - ok
19:24:11.0857 1788 CmdIde - ok
19:24:11.0904 1788 COMSysApp - ok
19:24:11.0966 1788 Cpqarray - ok
19:24:12.0060 1788 cpudrv - ok
19:24:12.0075 1788 cpuz132 - ok
19:24:12.0200 1788 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
19:24:12.0279 1788 Creative Service for CDROM Access - ok
19:24:12.0341 1788 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:24:12.0419 1788 CryptSvc - ok
19:24:12.0513 1788 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
19:24:12.0560 1788 ctljystk - ok
19:24:12.0716 1788 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
19:24:12.0794 1788 ctsfm2k - ok
19:24:12.0825 1788 dac2w2k - ok
19:24:12.0841 1788 dac960nt - ok
19:24:13.0138 1788 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:24:13.0357 1788 DcomLaunch - ok
19:24:13.0466 1788 DeepFrz (af3a25ac1f0b52ad231f8bde3937e105) C:\WINDOWS\system32\drivers\DeepFrz.sys
19:24:13.0544 1788 DeepFrz - ok
19:24:13.0685 1788 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:24:13.0763 1788 Dhcp - ok
19:24:13.0872 1788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:24:13.0904 1788 Disk - ok
19:24:13.0904 1788 dmadmin - ok
19:24:14.0529 1788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:24:14.0997 1788 dmboot - ok
19:24:15.0154 1788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:24:15.0294 1788 dmio - ok
19:24:15.0357 1788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:24:15.0388 1788 dmload - ok
19:24:15.0497 1788 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:24:15.0529 1788 dmserver - ok
19:24:15.0591 1788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:24:15.0622 1788 DMusic - ok
19:24:15.0700 1788 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:24:15.0732 1788 Dnscache - ok
19:24:15.0888 1788 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:24:15.0997 1788 Dot3svc - ok
19:24:16.0013 1788 dpti2o - ok
19:24:16.0107 1788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:24:16.0154 1788 drmkaud - ok
19:24:16.0263 1788 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
19:24:16.0372 1788 DrvAgent32 - ok
19:24:16.0388 1788 dump_wmimmc - ok
19:24:16.0466 1788 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:24:16.0482 1788 EapHost - ok
19:24:16.0591 1788 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:24:16.0669 1788 ERSvc - ok
19:24:16.0810 1788 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:24:17.0044 1788 Eventlog - ok
19:24:17.0247 1788 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
19:24:17.0435 1788 EventSystem - ok
19:24:17.0638 1788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:24:17.0825 1788 Fastfat - ok
19:24:17.0935 1788 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:24:18.0075 1788 FastUserSwitchingCompatibility - ok
19:24:18.0185 1788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:24:18.0263 1788 Fdc - ok
19:24:18.0325 1788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:24:18.0357 1788 Fips - ok
19:24:18.0435 1788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:24:18.0450 1788 Flpydisk - ok
19:24:18.0685 1788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:24:18.0794 1788 FltMgr - ok
19:24:19.0216 1788 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:24:19.0325 1788 FontCache3.0.0.0 - ok
19:24:19.0388 1788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:24:19.0435 1788 Fs_Rec - ok
19:24:19.0575 1788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:24:19.0747 1788 Ftdisk - ok
19:24:19.0872 1788 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:24:19.0888 1788 gameenum - ok
19:24:19.0904 1788 gawhnqom - ok
19:24:20.0029 1788 getPlusHelper - ok
19:24:20.0138 1788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:24:20.0185 1788 Gpc - ok
19:24:20.0482 1788 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:24:20.0747 1788 gupdate - ok
19:24:20.0763 1788 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:24:20.0794 1788 gupdatem - ok
19:24:20.0966 1788 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:24:21.0029 1788 helpsvc - ok
19:24:21.0138 1788 hidgame (923ee4eef2582909a056904ca8026015) C:\WINDOWS\system32\DRIVERS\hidgame.sys
19:24:21.0200 1788 hidgame - ok
19:24:21.0279 1788 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
19:24:21.0435 1788 HidServ - ok
19:24:21.0575 1788 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:24:21.0763 1788 HidUsb - ok
19:24:21.0904 1788 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:24:21.0950 1788 hkmsvc - ok
19:24:21.0997 1788 hpn - ok
19:24:22.0763 1788 HPSLPSVC (568e44f6dcfa173f3670172b69379891) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
19:24:25.0357 1788 HPSLPSVC - ok
19:24:25.0513 1788 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:24:25.0763 1788 HPZid412 - ok
19:24:25.0825 1788 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:24:25.0982 1788 HPZipr12 - ok
19:24:26.0075 1788 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:24:26.0200 1788 HPZius12 - ok
19:24:26.0466 1788 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:24:26.0966 1788 HTTP - ok
19:24:27.0091 1788 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:24:27.0122 1788 HTTPFilter - ok
19:24:27.0154 1788 i2omgmt - ok
19:24:27.0169 1788 i2omp - ok
19:24:27.0279 1788 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:24:27.0372 1788 i8042prt - ok
19:24:27.0529 1788 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:24:27.0700 1788 ialm - ok
19:24:27.0982 1788 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:24:28.0294 1788 IDriverT - ok
19:24:29.0029 1788 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:24:29.0747 1788 idsvc - ok
19:24:29.0825 1788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:24:29.0904 1788 Imapi - ok
19:24:30.0044 1788 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:24:30.0122 1788 ImapiService - ok
19:24:30.0154 1788 ini910u - ok
19:24:30.0232 1788 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:24:30.0247 1788 IntelIde - ok
19:24:30.0294 1788 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:24:30.0357 1788 intelppm - ok
19:24:30.0435 1788 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:24:30.0466 1788 ip6fw - ok
19:24:30.0575 1788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:24:30.0716 1788 IpFilterDriver - ok
19:24:30.0810 1788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:24:30.0825 1788 IpInIp - ok
19:24:31.0029 1788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:24:31.0216 1788 IpNat - ok
19:24:31.0325 1788 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:24:31.0997 1788 IPSec - ok
19:24:32.0107 1788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:24:32.0169 1788 IRENUM - ok
19:24:32.0279 1788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:24:32.0325 1788 isapnp - ok
19:24:32.0872 1788 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
19:24:33.0091 1788 JavaQuickStarterService - ok
19:24:33.0154 1788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:24:33.0185 1788 Kbdclass - ok
19:24:33.0263 1788 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:24:33.0279 1788 kbdhid - ok
19:24:33.0419 1788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:24:33.0841 1788 kmixer - ok
19:24:34.0044 1788 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:24:34.0169 1788 KSecDD - ok
19:24:34.0357 1788 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:24:34.0466 1788 lanmanserver - ok
19:24:34.0654 1788 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:24:35.0013 1788 lanmanworkstation - ok
19:24:35.0029 1788 lbrtfdc - ok
19:24:35.0154 1788 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:24:35.0247 1788 LmHosts - ok
19:24:35.0357 1788 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:24:35.0435 1788 Messenger - ok
19:24:35.0513 1788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:24:35.0591 1788 mnmdd - ok
19:24:35.0669 1788 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
19:24:35.0982 1788 mnmsrvc - ok
19:24:36.0091 1788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:24:36.0122 1788 Modem - ok
19:24:36.0232 1788 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:24:36.0279 1788 MODEMCSA - ok
19:24:36.0372 1788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:24:36.0450 1788 Mouclass - ok
19:24:36.0513 1788 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:24:36.0575 1788 mouhid - ok
19:24:36.0700 1788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:24:36.0919 1788 MountMgr - ok
19:24:36.0950 1788 MozillaMaintenance - ok
19:24:37.0169 1788 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:24:37.0435 1788 MpFilter - ok
19:24:37.0529 1788 MpKsled8a898f - ok
19:24:37.0544 1788 mraid35x - ok
19:24:37.0794 1788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:24:37.0888 1788 MRxDAV - ok
19:24:38.0247 1788 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:24:38.0435 1788 MRxSmb - ok
19:24:38.0513 1788 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
19:24:38.0513 1788 MSDTC - ok
19:24:38.0654 1788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:24:38.0763 1788 Msfs - ok
19:24:38.0794 1788 MSIServer - ok
19:24:38.0857 1788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:24:38.0857 1788 MSKSSRV - ok
19:24:39.0075 1788 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:24:39.0138 1788 MsMpSvc - ok
19:24:39.0200 1788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:24:39.0247 1788 MSPCLOCK - ok
19:24:39.0279 1788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:24:39.0294 1788 MSPQM - ok
19:24:39.0372 1788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:24:39.0388 1788 mssmbios - ok
19:24:39.0497 1788 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:24:39.0591 1788 Mup - ok
19:24:39.0904 1788 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:24:40.0372 1788 napagent - ok
19:24:40.0591 1788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:24:40.0810 1788 NDIS - ok
19:24:40.0872 1788 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:24:40.0919 1788 NdisTapi - ok
19:24:40.0997 1788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:24:41.0075 1788 Ndisuio - ok
19:24:41.0200 1788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:24:41.0294 1788 NdisWan - ok
19:24:41.0419 1788 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:24:41.0482 1788 NDProxy - ok
19:24:41.0575 1788 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
19:24:41.0607 1788 Net Driver HPZ12 - ok
19:24:41.0716 1788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:24:41.0763 1788 NetBIOS - ok
19:24:41.0919 1788 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:24:42.0138 1788 NetBT - ok
19:24:42.0263 1788 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:24:42.0388 1788 NetDDE - ok
19:24:42.0404 1788 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:24:42.0419 1788 NetDDEdsdm - ok
19:24:42.0482 1788 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:24:42.0575 1788 Netlogon - ok
19:24:42.0779 1788 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:24:42.0997 1788 Netman - ok
19:24:43.0310 1788 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:24:43.0372 1788 NetTcpPortSharing - ok
19:24:43.0638 1788 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:24:43.0841 1788 Nla - ok
19:24:43.0935 1788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:24:43.0966 1788 Npfs - ok
19:24:43.0982 1788 npggsvc - ok
19:24:44.0044 1788 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
19:24:44.0154 1788 NPPTNT2 - ok
19:24:44.0607 1788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:24:45.0091 1788 Ntfs - ok
19:24:45.0200 1788 ntgrip (e966288cf47889753ef88ff165ddb56d) C:\WINDOWS\system32\drivers\ntgrip.sys
19:24:45.0310 1788 ntgrip - ok
19:24:45.0325 1788 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
19:24:45.0341 1788 NtLmSsp - ok
19:24:45.0763 1788 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:24:46.0216 1788 NtmsSvc - ok
19:24:46.0279 1788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:24:46.0357 1788 Null - ok
19:24:46.0435 1788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:24:46.0450 1788 NwlnkFlt - ok
19:24:46.0513 1788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:24:46.0607 1788 NwlnkFwd - ok
19:24:46.0732 1788 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:24:46.0810 1788 NwlnkIpx - ok
19:24:46.0935 1788 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:24:47.0075 1788 NwlnkNb - ok
19:24:47.0216 1788 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:24:47.0325 1788 NwlnkSpx - ok
19:24:47.0450 1788 NwSapAgent (4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll
19:24:47.0591 1788 NwSapAgent - ok
19:24:47.0732 1788 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\drivers\ctoss2k.sys
19:24:47.0919 1788 ossrv - ok
19:24:49.0107 1788 P17 (1db419cb76493f6292ccfbdc3466f5ff) C:\WINDOWS\system32\drivers\P17.sys
19:24:50.0419 1788 P17 - ok
19:24:51.0247 1788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:24:51.0357 1788 Parport - ok
19:24:51.0404 1788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:24:51.0466 1788 PartMgr - ok
19:24:51.0575 1788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:24:51.0622 1788 ParVdm - ok
19:24:51.0763 1788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:24:51.0919 1788 PCI - ok
19:24:51.0935 1788 PCIDump - ok
19:24:51.0950 1788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:24:51.0982 1788 PCIIde - ok
19:24:52.0138 1788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:24:52.0232 1788 Pcmcia - ok
19:24:52.0247 1788 PDCOMP - ok
19:24:52.0279 1788 PDFRAME - ok
19:24:52.0310 1788 PDRELI - ok
19:24:52.0325 1788 PDRFRAME - ok
19:24:52.0341 1788 perc2 - ok
19:24:52.0372 1788 perc2hib - ok
19:24:52.0466 1788 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys
19:24:52.0544 1788 pfc - ok
19:24:52.0669 1788 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:24:52.0669 1788 PlugPlay - ok
19:24:52.0779 1788 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
19:24:52.0872 1788 Pml Driver HPZ12 - ok
19:24:52.0935 1788 Point32 (273afc65fabf97326aa78ffe38b1e071) C:\WINDOWS\system32\DRIVERS\point32.sys
19:24:53.0091 1788 Point32 - ok
19:24:53.0169 1788 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:24:53.0169 1788 PolicyAgent - ok
19:24:53.0294 1788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:24:53.0341 1788 PptpMiniport - ok
19:24:53.0419 1788 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:24:53.0482 1788 Processor - ok
19:24:53.0497 1788 PROCEXP151 - ok
19:24:53.0529 1788 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:24:53.0544 1788 ProtectedStorage - ok
19:24:53.0591 1788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:24:53.0638 1788 PSched - ok
19:24:53.0732 1788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:24:53.0763 1788 Ptilink - ok
19:24:53.0794 1788 ql1080 - ok
19:24:53.0810 1788 Ql10wnt - ok
19:24:53.0825 1788 ql12160 - ok
19:24:53.0857 1788 ql1240 - ok
19:24:53.0872 1788 ql1280 - ok
19:24:53.0904 1788 qpeaujk - ok
19:24:53.0982 1788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:24:54.0060 1788 RasAcd - ok
19:24:54.0200 1788 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:24:54.0294 1788 RasAuto - ok
19:24:54.0357 1788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:24:54.0419 1788 Rasl2tp - ok
19:24:54.0669 1788 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:24:54.0888 1788 RasMan - ok
19:24:54.0966 1788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:24:54.0997 1788 RasPppoe - ok
19:24:55.0107 1788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:24:55.0154 1788 Raspti - ok
19:24:55.0325 1788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:24:55.0560 1788 Rdbss - ok
19:24:55.0638 1788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:24:55.0700 1788 RDPCDD - ok
19:24:55.0982 1788 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:24:56.0138 1788 RDPWD - ok
19:24:56.0388 1788 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:24:56.0560 1788 RDSessMgr - ok
19:24:56.0669 1788 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:24:56.0732 1788 redbook - ok
19:24:56.0888 1788 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:24:56.0904 1788 RemoteAccess - ok
19:24:57.0013 1788 RemoveAny (97958de86e024ef6c2ffadc389816a57) C:\WINDOWS\system32\Drivers\removeany.sys
19:24:57.0091 1788 RemoveAny - ok
19:24:57.0263 1788 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
19:24:57.0341 1788 RpcLocator - ok
19:24:57.0763 1788 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:24:57.0779 1788 RpcSs - ok
19:24:57.0966 1788 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
19:24:58.0138 1788 RSVP - ok
19:24:58.0232 1788 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
19:24:58.0294 1788 rtl8139 - ok
19:24:58.0388 1788 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:24:58.0388 1788 SamSs - ok
19:24:58.0591 1788 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:24:58.0622 1788 SCardSvr - ok
19:24:58.0857 1788 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:24:59.0044 1788 Schedule - ok
19:24:59.0138 1788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:24:59.0216 1788 Secdrv - ok
19:24:59.0294 1788 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:24:59.0341 1788 seclogon - ok
19:24:59.0466 1788 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:24:59.0513 1788 SENS - ok
19:24:59.0560 1788 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:24:59.0638 1788 serenum - ok
19:24:59.0747 1788 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:24:59.0810 1788 Serial - ok
19:24:59.0935 1788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:24:59.0982 1788 Sfloppy - ok
19:25:00.0357 1788 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:25:00.0575 1788 SharedAccess - ok
19:25:00.0779 1788 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:25:00.0779 1788 ShellHWDetection - ok
19:25:00.0810 1788 Simbad - ok
19:25:01.0138 1788 SPAMfighter Update Service (1ec0a00a13095e8423548dfa3394e727) C:\Program Files\Fighters\SPAMfighter\sfus.exe
19:25:01.0841 1788 SPAMfighter Update Service - ok
19:25:01.0872 1788 Sparrow - ok
19:25:01.0950 1788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:25:02.0091 1788 splitter - ok
19:25:02.0232 1788 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:25:02.0279 1788 Spooler - ok
19:25:02.0372 1788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:25:02.0466 1788 sr - ok
19:25:02.0638 1788 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:25:02.0857 1788 srservice - ok
19:25:03.0138 1788 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:25:03.0591 1788 Srv - ok
19:25:03.0700 1788 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:25:03.0825 1788 SSDPSRV - ok
19:25:03.0919 1788 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
19:25:04.0044 1788 StillCam - ok
19:25:04.0419 1788 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:25:04.0763 1788 stisvc - ok
19:25:06.0138 1788 Suite Service (a7e21e907c39fab021ced41296fc8019) C:\Program Files\Fighters\FighterSuiteService.exe
19:25:10.0638 1788 Suite Service - ok
19:25:11.0357 1788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:25:11.0372 1788 swenum - ok
19:25:11.0482 1788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:25:11.0575 1788 swmidi - ok
19:25:11.0591 1788 SwPrv - ok
19:25:11.0622 1788 symc810 - ok
19:25:11.0654 1788 symc8xx - ok
19:25:11.0669 1788 sym_hi - ok
19:25:11.0700 1788 sym_u3 - ok
19:25:11.0841 1788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:25:11.0888 1788 sysaudio - ok
19:25:12.0075 1788 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:25:12.0122 1788 SysmonLog - ok
19:25:12.0419 1788 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:25:12.0732 1788 TapiSrv - ok
19:25:13.0060 1788 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\TCPIP.SYS
19:25:13.0482 1788 Tcpip - ok
19:25:13.0591 1788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:25:13.0622 1788 TDPIPE - ok
19:25:13.0700 1788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:25:13.0794 1788 TDTCP - ok
19:25:13.0904 1788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:25:13.0950 1788 TermDD - ok
19:25:14.0404 1788 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:25:14.0700 1788 TermService - ok
19:25:14.0872 1788 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:25:14.0888 1788 Themes - ok
19:25:14.0919 1788 TosIde - ok
19:25:15.0075 1788 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:25:15.0200 1788 TrkWks - ok
19:25:15.0341 1788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:25:15.0404 1788 Udfs - ok
19:25:15.0435 1788 ultra - ok
19:25:15.0622 1788 UnlockerDriver5 (d0cb75386d9e89c864d808d64ec9160f) C:\Program Files\Unlocker\UnlockerDriver5.sys
19:25:15.0904 1788 UnlockerDriver5 - ok
19:25:16.0294 1788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:25:16.0700 1788 Update - ok
19:25:16.0904 1788 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:25:17.0200 1788 upnphost - ok
19:25:17.0247 1788 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:25:17.0294 1788 UPS - ok
19:25:17.0388 1788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:25:17.0482 1788 usbccgp - ok
19:25:17.0591 1788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:25:17.0638 1788 usbehci - ok
19:25:17.0747 1788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:25:17.0794 1788 usbhub - ok
19:25:17.0904 1788 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:25:18.0122 1788 usbprint - ok
19:25:18.0232 1788 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:25:18.0263 1788 usbscan - ok
19:25:18.0372 1788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:25:18.0388 1788 USBSTOR - ok
19:25:18.0513 1788 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:25:18.0560 1788 usbuhci - ok
19:25:18.0622 1788 uti3otqy (524d8d450622db4a7875b111c299a76b) C:\WINDOWS\system32\Drivers\uti3otqy.sys
19:25:18.0654 1788 uti3otqy - ok
19:25:18.0763 1788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:25:18.0810 1788 VgaSave - ok
19:25:18.0825 1788 ViaIde - ok
19:25:18.0919 1788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:25:19.0075 1788 VolSnap - ok
19:25:19.0419 1788 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:25:19.0700 1788 VSS - ok
19:25:19.0935 1788 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:25:20.0169 1788 W32Time - ok
19:25:20.0263 1788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:25:20.0310 1788 Wanarp - ok
19:25:20.0325 1788 WDICA - ok
19:25:20.0450 1788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:25:20.0529 1788 wdmaud - ok
19:25:20.0622 1788 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:25:20.0685 1788 WebClient - ok
19:25:20.0747 1788 wimmount (05fb36a51e04a6c6b3a5f125fa692e6b) C:\WINDOWS\system32\DRIVERS\wimmount.sys
19:25:20.0763 1788 wimmount - ok
19:25:20.0966 1788 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:25:21.0185 1788 winmgmt - ok
19:25:21.0325 1788 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:25:21.0357 1788 WmdmPmSN - ok
19:25:21.0544 1788 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:25:21.0591 1788 WmiApSrv - ok
19:25:22.0450 1788 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:25:23.0247 1788 WMPNetworkSvc - ok
19:25:23.0732 1788 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:25:24.0138 1788 WPFFontCache_v0400 - ok
19:25:24.0482 1788 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:25:24.0513 1788 WS2IFSL - ok
19:25:24.0607 1788 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:25:24.0700 1788 wscsvc - ok
19:25:24.0794 1788 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:25:24.0904 1788 wuauserv - ok
19:25:25.0044 1788 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:25:25.0122 1788 WudfPf - ok
19:25:25.0200 1788 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:25:25.0247 1788 WudfRd - ok
19:25:25.0341 1788 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:25:25.0497 1788 WudfSvc - ok
19:25:25.0857 1788 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:25:26.0075 1788 WZCSVC - ok
19:25:26.0200 1788 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:25:26.0560 1788 xmlprov - ok
19:25:26.0669 1788 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
19:25:26.0888 1788 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
19:25:26.0982 1788 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
19:25:27.0138 1788 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
19:25:27.0185 1788 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:25:28.0513 1788 \Device\Harddisk0\DR0 - ok
19:25:28.0560 1788 Boot (0x1200) (8d022bc4bcda4d5385c02154e6c11a9f) \Device\Harddisk0\DR0\Partition0
19:25:28.0560 1788 \Device\Harddisk0\DR0\Partition0 - ok
19:25:28.0575 1788 ============================================================
19:25:28.0575 1788 Scan finished
19:25:28.0575 1788 ============================================================
19:25:28.0607 1416 Detected object count: 0
19:25:28.0607 1416 Actual detected object count: 0
19:25:45.0700 2340 Deinitialize success

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:47 AM

Posted 02 June 2012 - 06:42 PM

Please run MBAM and SAS

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#11 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:04:47 AM

Posted 03 June 2012 - 03:57 AM

Hello, mOle...I dl'd MBAM and ran it.

It found 3 files...something "PUPware".

When I rebooted as directed and started up again...MBAM was gone from the desktop, there was no file in Notepad!

Shall I try it again and save the log to Docs and Settings?

Jim D

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:47 AM

Posted 03 June 2012 - 06:05 AM

MBAM was gone from the desktop, there was no file in Notepad!

Shall I try it again and save the log to Docs and Settings?


You say MBAM has gone from the desktop, so how can you try it again?

If MBAM is still on your system then open it and click the Logs tab to find the missing log.
Posted Image
m0le is a proud member of UNITE

#13 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:04:47 AM

Posted 03 June 2012 - 06:11 AM

I went back to you last instruction and downloaded it again!

I am re-running it now.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:47 AM

Posted 03 June 2012 - 06:22 AM

:thumbup2:
Posted Image
m0le is a proud member of UNITE

#15 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:04:47 AM

Posted 03 June 2012 - 07:34 AM

mbam

next one coming

I did NOT reboot this.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users