Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pesky internet redirect malware


  • This topic is locked This topic is locked
24 replies to this topic

#1 Mishney

Mishney

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 06 June 2012 - 05:22 PM

Hello,

I'm having a terrible time removing a search redirect issue. DDS logs are below.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by at 18:10:32 on 2012-06-06
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer (Fastenal Company)
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = proxy.fastenal.com:8080
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\mhorvath\local settings\application data\akamai\netsession_win.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Ylmugyesne] "c:\documents and settings\mhorvath\application data\caxyis\yqpok.exe"
uRun: [cbbcbecdct] "c:\documents and settings\all users\application data\cbbcbecdct.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [MeetingLauncher] c:\program files\intercall unified meeting\modules\launcher\mcLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\client.lnk - c:\program files\avs\bin\avscc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft firewall client 2004\FwcMgmt.exe
uPolicies-explorer: ForceStartMenuLogoff = 1 (0x1)
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: DisallowCpl = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
dPolicies-explorer: ForceStartMenuLogoff = 1 (0x1)
dPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
dPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: DisallowCpl = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\microsoft firewall client 2004\FwcWsp.dll
LSP: mswsock.dll
Trusted Zone: fastenal.com\apps
Trusted Zone: localhost
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{50FF029D-5134-4F27-AE9F-DA53532CAEDA} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
Hosts: 172.23.24.107 aiu02 aiu02.fastenal.com
Hosts: 172.22.8.78 ace01 ace01.fastenal.com
Hosts: 172.16.100.80 adauth01 adauth01.fastenal.com
Hosts: 172.16.104.72 adauth02 adauth02.fastenal.com
Hosts: 172.16.100.81 adauth03 adauth03.fastenal.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mhorvath\application data\mozilla\firefox\profiles\70n10uoy.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - e7b496b6-0c5a-4ed4-ae7e-dca2765d3321
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
.scr=DWGTrueViewScriptFile
.
=============== Created Last 30 ================
.
2012-06-06 21:53:45 14664 ----a-w- c:\windows\stinger.sys
2012-06-06 21:53:28 159608 ----a-w- c:\windows\system32\mfevtps.exe.87b3.deleteme
2012-06-06 20:19:32 159608 ----a-w- c:\windows\system32\mfevtps.exe.0075.deleteme
2012-06-06 20:19:13 -------- d-----w- c:\program files\stinger
2012-06-06 13:46:33 -------- d-----w- c:\documents and settings\mhorvath\local settings\application data\Identities
2012-06-06 13:46:30 98784 ----a-w- c:\documents and settings\all users\application data\cbbcbecdct.exe
2012-06-06 13:46:27 -------- d-----w- c:\documents and settings\mhorvath\application data\Ybif
2012-06-06 13:46:27 -------- d-----w- c:\documents and settings\mhorvath\application data\Onyq
2012-06-06 13:46:27 -------- d-----w- c:\documents and settings\mhorvath\application data\Caxyis
2012-06-06 02:25:39 -------- d-----w- c:\windows\system32\appmgmt
2012-06-06 02:10:40 -------- d-----w- C:\ComboFix
2012-06-06 02:10:25 -------- d-----w- c:\program files\Trend Micro
2012-06-05 21:15:56 -------- d-----w- c:\program files\Yontoo
2012-06-05 21:15:55 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2012-06-05 20:39:25 75085 ----a-w- c:\windows\system32\24f19af5.exe
2012-06-05 20:39:20 -------- d-----w- c:\documents and settings\mhorvath\application data\Ypirke
2012-06-05 20:39:20 -------- d-----w- c:\documents and settings\mhorvath\application data\Nutiy
2012-06-05 20:39:20 -------- d-----w- c:\documents and settings\mhorvath\application data\Iwmeu
2012-06-05 20:39:19 -------- d-----w- c:\documents and settings\mhorvath\application data\Uvurvy
2012-06-05 20:39:19 -------- d-----w- c:\documents and settings\mhorvath\application data\Gaazi
2012-06-05 20:39:19 -------- d-----w- c:\documents and settings\mhorvath\application data\Elikf
2012-06-05 20:30:01 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2012-05-30 00:32:12 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-30 00:32:08 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-30 00:32:08 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-09 14:06:13 -------- d-----w- c:\program files\iPod
2012-05-09 00:34:59 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-05-09 00:34:59 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-06-06 22:11:25 45056 ----a-w- c:\windows\system32\bejwbkqnzillsoeewxtgdspx.exe
2012-06-06 21:41:11 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-06-06 21:41:09 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-06-06 20:50:09 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-05-06 22:30:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 22:30:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 22:30:22 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 18:17:24.96 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 07 June 2012 - 02:19 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Mishney

Mishney
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 07 June 2012 - 08:54 AM

Combofix seems to have helped. However now it does not prompt for authentication when I'm on the network at work. I have to actually VPN in to access the network. It used to prompt me to login in Outlook and IE when I access the Intranet at work. Any ideas why that would have happened?

#4 Mishney

Mishney
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 07 June 2012 - 09:00 AM

Here are the logs you requested.

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
S
y
m
a
n
t
e
c
ECHO is off.
E
n
d
p
o
i
n
t
ECHO is off.
P
r
o
t
e
c
t
i
o
n
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 27
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Firewall Client 2004 FwcMgmt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````



ComboFix 12-06-06.02 - mhorvath 06/06/2012 20:45:36.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3241.2485 [GMT -4:00]
Running from: c:\documents and settings\mhorvath\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\cbbcbecdct.exe
c:\documents and settings\All Users\Application Data\RHc5Ne5xSc0hKD
c:\documents and settings\mhorvath\Application Data\5CD55E.dat
c:\documents and settings\mhorvath\Application Data\Elikf
c:\documents and settings\mhorvath\Application Data\Elikf\pyso.ref
c:\documents and settings\mhorvath\Application Data\Microsoft\Office\Recent\FC-2.doc.LNK
c:\documents and settings\mhorvath\Application Data\Microsoft\Office\Recent\FC-3.doc.LNK
c:\documents and settings\mhorvath\Application Data\Microsoft\Office\Recent\Personal Mileage (PVU) Claim Form November 2011 - October 2012.doc.LNK
c:\documents and settings\mhorvath\Application Data\Microsoft\Office\Recent\Pre-Sale Checklist.doc.LNK
c:\documents and settings\mhorvath\Application Data\Microsoft\Office\Recent\Resignation.doc.LNK
c:\documents and settings\mhorvath\Application Data\Microsoft\Office\Recent\Standard Operating Procedures- Short Version Aug08.doc.LNK
c:\documents and settings\mhorvath\Application Data\Microsoft\Office\Recent\Standard Operating Procedures GE Power Conversion Rev 1.doc.LNK
c:\documents and settings\mhorvath\Application Data\Nutiy
c:\documents and settings\mhorvath\Application Data\Nutiy\caaln.kac
c:\documents and settings\mhorvath\Application Data\Onyq
c:\documents and settings\mhorvath\Application Data\Onyq\nyady.zoe
c:\documents and settings\mhorvath\Application Data\Uvurvy
c:\documents and settings\mhorvath\Application Data\Uvurvy\irabn.puy
c:\documents and settings\mhorvath\Application Data\Ypirke
c:\documents and settings\mhorvath\Application Data\Ypirke\hout.oli
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\24f19af5.exe
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\GroupPolicy\User\Scripts\scripts.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSERVICE
-------\Legacy_NETWORKLOG
.
.
((((((((((((((((((((((((( Files Created from 2012-05-07 to 2012-06-07 )))))))))))))))))))))))))))))))
.
.
2012-06-06 21:53 . 2012-06-06 21:53 14664 ----a-w- c:\windows\stinger.sys
2012-06-06 20:19 . 2012-06-06 20:19 159608 ----a-w- c:\windows\system32\mfevtps.exe.0075.deleteme
2012-06-06 20:19 . 2012-06-06 22:03 -------- d-----w- c:\program files\stinger
2012-06-06 13:46 . 2012-06-06 13:46 -------- d-----w- c:\documents and settings\mhorvath\Local Settings\Application Data\Identities
2012-06-06 13:46 . 2012-06-06 15:07 -------- d-----w- c:\documents and settings\mhorvath\Application Data\Caxyis
2012-06-06 13:46 . 2012-06-06 14:27 -------- d-----w- c:\documents and settings\mhorvath\Application Data\Ybif
2012-06-06 02:10 . 2012-06-06 02:10 -------- d-----w- c:\program files\Trend Micro
2012-06-05 21:15 . 2012-06-05 21:15 -------- d-----w- c:\program files\Yontoo
2012-06-05 21:15 . 2012-06-05 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-06-05 21:02 . 2012-06-05 21:02 -------- d-sh--w- c:\documents and settings\locadm\PrivacIE
2012-06-05 20:39 . 2012-06-05 21:00 -------- d-----w- c:\documents and settings\mhorvath\Application Data\Iwmeu
2012-06-05 20:39 . 2012-06-05 21:00 -------- d-----w- c:\documents and settings\mhorvath\Application Data\Gaazi
2012-06-05 20:30 . 2012-06-05 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-06-05 19:59 . 2012-06-05 19:59 -------- d-----w- c:\documents and settings\locadm\Application Data\Malwarebytes
2012-05-30 00:32 . 2012-05-30 00:32 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-30 00:32 . 2012-05-30 00:32 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-30 00:32 . 2012-05-30 00:32 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-09 14:06 . 2012-05-09 14:06 -------- d-----w- c:\program files\iPod
2012-05-09 00:34 . 2012-05-30 00:32 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-05-09 00:34 . 2012-05-30 00:32 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-07 00:51 . 2012-01-16 18:39 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-06-07 00:51 . 2012-01-16 20:51 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-06-06 23:27 . 2012-01-17 00:48 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-05-06 22:30 . 2012-04-05 23:52 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 22:30 . 2012-01-16 21:02 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 22:30 . 2012-04-14 03:30 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-04 19:56 . 2012-01-18 03:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 05:01 . 2010-03-11 05:01 124272 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-03-11 05:40 . 2010-03-11 05:40 13168 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-03-11 05:02 . 2010-03-11 05:02 70512 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-03-11 05:01 . 2010-03-11 05:01 91504 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-03-11 05:01 . 2010-03-11 05:01 22384 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-03-11 05:00 . 2010-03-11 05:00 255344 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-03-11 05:01 . 2010-03-11 05:01 31088 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-03-11 05:01 . 2010-03-11 05:01 40304 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-10-05 18:49 . 2009-10-05 18:49 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-03-11 05:02 . 2010-03-11 05:02 23920 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-05-30 00:32 . 2012-01-19 18:44 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\mhorvath\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-08 3331872]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-04 142360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-04 176152]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-04 145944]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-02-04 488816]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-02-04 536668]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2011-02-04 737280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-02-15 686704]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2012-01-16 115624]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2012-01-17 143360]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-01-31 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MeetingLauncher"="c:\program files\InterCall Unified Meeting\Modules\Launcher\mcLauncher.exe" [2011-09-06 515184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
client.lnk - c:\program files\avs\bin\avscc.exe [2011-6-2 12952928]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogoff"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"DisallowCpl"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogoff"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"DisallowCpl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-129458132-1848583262-336618761-8424\Scripts\Logon\0\0]
"Script"=Local_Login_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-299502267-682003330-1003\Scripts\Logon\0\0]
"Script"=Local_Login_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-299502267-682003330-500\Scripts\Logon\0\0]
"Script"=Local_Login_Script.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\mhorvath\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1121:TCP"= 1121:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [1/16/2012 5:29 PM 17648]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 8:13 PM 65584]
R1 wscam6300;wscam6300;c:\windows\system32\drivers\wscam6300.sys [5/8/2007 10:18 PM 33024]
R1 wstdi;wstdi;c:\windows\system32\drivers\wstdixp.sys [5/8/2007 10:18 PM 35712]
R2 avbackup;Backup Agent;c:\program files\avs\bin\avagent.exe [6/2/2011 4:07 AM 5379424]
R2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [12/9/2006 9:04 PM 128832]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [1/23/2012 12:43 AM 92592]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [1/16/2012 5:29 PM 43888]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [1/16/2012 8:35 PM 113664]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/5/2012 2:35 PM 106656]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [1/16/2012 8:35 PM 260864]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [1/16/2012 8:35 PM 41088]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [1/16/2012 8:35 PM 7391104]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\o2mdrxp.sys [1/16/2012 8:35 PM 61728]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjxp.sys [1/16/2012 8:35 PM 63136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 3:16 PM 130384]
S2 WebsenseDesktopClient;Websense Desktop Client;c:\program files\Websense\WDC\WDC.exe --> c:\program files\Websense\WDC\WDC.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 7:52 PM 257696]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/16/2012 5:46 PM 23960]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\mhorvath\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\mhorvath\LOCALS~1\Temp\mfe_rr.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/29/2012 8:32 PM 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [1/30/2012 11:23 AM 13440]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [1/16/2012 8:35 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 3:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:30]
.
2012-06-07 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\program files\SmartDraw 2012\Messages\SDNotify.exe [2011-09-26 16:22]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = proxy.fastenal.com:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll
Trusted Zone: fastenal.com\apps
Trusted Zone: localhost
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\mhorvath\Application Data\Mozilla\Firefox\Profiles\70n10uoy.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - user.js: extentions.y2layers.installId - e7b496b6-0c5a-4ed4-ae7e-dca2765d3321
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Ylmugyesne - c:\documents and settings\mhorvath\Application Data\Caxyis\yqpok.exe
HKCU-Run-cbbcbecdct - c:\documents and settings\All Users\Application Data\cbbcbecdct.exe
SafeBoot-Symantec Antvirus
AddRemove-24f19af5 - c:\windows\system32\24f19af5.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-06 20:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5812)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\IDT\WDM\stacsv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\system32\rpcnet.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
c:\windows\system32\msiexec.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2012-06-06 20:55:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-07 00:55
.
Pre-Run: 177,286,995,968 bytes free
Post-Run: 177,413,648,384 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1292E67FD05D3DFCFD47D280809F24D2

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 07 June 2012 - 09:01 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Mishney

Mishney
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 07 June 2012 - 09:25 AM

Here are the next two logs you requested. Any ideas on the Authentication issue I'm having after Combofix?

10:03:41.0656 2752 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
10:03:41.0984 2752 ============================================================
10:03:41.0984 2752 Current date / time: 2012/06/07 10:03:41.0984
10:03:41.0984 2752 SystemInfo:
10:03:41.0984 2752
10:03:41.0984 2752 OS Version: 5.1.2600 ServicePack: 3.0
10:03:41.0984 2752 Product type: Workstation
10:03:41.0984 2752 ComputerName: LAP-SALE89
10:03:41.0984 2752 UserName: mhorvath
10:03:41.0984 2752 Windows directory: C:\WINDOWS
10:03:41.0984 2752 System windows directory: C:\WINDOWS
10:03:41.0984 2752 Processor architecture: Intel x86
10:03:41.0984 2752 Number of processors: 4
10:03:41.0984 2752 Page size: 0x1000
10:03:41.0984 2752 Boot type: Normal boot
10:03:41.0984 2752 ============================================================
10:03:42.0515 2752 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:03:42.0515 2752 ============================================================
10:03:42.0515 2752 \Device\Harddisk0\DR0:
10:03:42.0515 2752 MBR partitions:
10:03:42.0515 2752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
10:03:42.0515 2752 ============================================================
10:03:42.0546 2752 C: <-> \Device\Harddisk0\DR0\Partition0
10:03:42.0546 2752 ============================================================
10:03:42.0546 2752 Initialize success
10:03:42.0546 2752 ============================================================
10:03:58.0515 2672 ============================================================
10:03:58.0515 2672 Scan started
10:03:58.0515 2672 Mode: Manual;
10:03:58.0515 2672 ============================================================
10:03:59.0218 2672 Abiosdsk - ok
10:03:59.0218 2672 abp480n5 - ok
10:03:59.0250 2672 Acceler (3e58933198689f24cfa6ed4b93a80deb) C:\WINDOWS\system32\DRIVERS\Accelern.sys
10:03:59.0250 2672 Acceler - ok
10:03:59.0296 2672 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:03:59.0296 2672 ACPI - ok
10:03:59.0328 2672 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:03:59.0328 2672 ACPIEC - ok
10:03:59.0390 2672 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:03:59.0406 2672 AdobeFlashPlayerUpdateSvc - ok
10:03:59.0406 2672 adpu160m - ok
10:03:59.0453 2672 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:03:59.0453 2672 aec - ok
10:03:59.0468 2672 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
10:03:59.0468 2672 AESTAud - ok
10:03:59.0515 2672 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:03:59.0515 2672 AFD - ok
10:03:59.0515 2672 Aha154x - ok
10:03:59.0515 2672 aic78u2 - ok
10:03:59.0515 2672 aic78xx - ok
10:03:59.0531 2672 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:03:59.0546 2672 Alerter - ok
10:03:59.0562 2672 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:03:59.0562 2672 ALG - ok
10:03:59.0562 2672 AliIde - ok
10:03:59.0562 2672 amsint - ok
10:03:59.0578 2672 ApfiltrService (9910a9c7d307a9e156d951248601c33e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
10:03:59.0593 2672 ApfiltrService - ok
10:03:59.0734 2672 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:03:59.0734 2672 Apple Mobile Device - ok
10:03:59.0750 2672 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:03:59.0750 2672 AppMgmt - ok
10:03:59.0765 2672 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:03:59.0765 2672 Arp1394 - ok
10:03:59.0781 2672 asc - ok
10:03:59.0781 2672 asc3350p - ok
10:03:59.0781 2672 asc3550 - ok
10:03:59.0875 2672 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:03:59.0906 2672 aspnet_state - ok
10:03:59.0921 2672 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:03:59.0921 2672 AsyncMac - ok
10:03:59.0953 2672 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
10:03:59.0953 2672 atapi - ok
10:03:59.0953 2672 Atdisk - ok
10:03:59.0968 2672 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:03:59.0968 2672 Atmarpc - ok
10:03:59.0984 2672 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:04:00.0000 2672 AudioSrv - ok
10:04:00.0031 2672 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:04:00.0031 2672 audstub - ok
10:04:00.0406 2672 avbackup (388f930e96a2e506e6ea532a0bf7e70f) C:\Program Files\avs\bin\avagent.exe
10:04:00.0484 2672 avbackup - ok
10:04:00.0609 2672 b57w2k (b45e2ef91664a9ddbfe5bb1534ffd89c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:04:00.0609 2672 b57w2k - ok
10:04:00.0656 2672 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:04:00.0656 2672 Beep - ok
10:04:00.0718 2672 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:04:00.0765 2672 BITS - ok
10:04:00.0875 2672 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:04:00.0875 2672 Bonjour Service - ok
10:04:00.0921 2672 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:04:00.0921 2672 Browser - ok
10:04:00.0921 2672 BTWUSB (083497b731aa32288a9a84b49757307c) C:\WINDOWS\system32\Drivers\btwusb.sys
10:04:00.0921 2672 BTWUSB - ok
10:04:00.0937 2672 catchme - ok
10:04:00.0953 2672 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:04:00.0953 2672 cbidf2k - ok
10:04:01.0000 2672 ccEvtMgr (bda4e1060947fb60585e6cec32b18353) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
10:04:01.0000 2672 ccEvtMgr - ok
10:04:01.0140 2672 CcmExec (a454a9baa25b8c8e76735dd86bd4b017) C:\WINDOWS\system32\CCM\CcmExec.exe
10:04:01.0156 2672 CcmExec - ok
10:04:01.0156 2672 ccSetMgr (bda4e1060947fb60585e6cec32b18353) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
10:04:01.0156 2672 ccSetMgr - ok
10:04:01.0156 2672 cd20xrnt - ok
10:04:01.0187 2672 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:04:01.0187 2672 Cdaudio - ok
10:04:01.0218 2672 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:04:01.0218 2672 Cdfs - ok
10:04:01.0265 2672 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:04:01.0265 2672 Cdrom - ok
10:04:01.0265 2672 Changer - ok
10:04:01.0281 2672 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:04:01.0281 2672 CiSvc - ok
10:04:01.0312 2672 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:04:01.0312 2672 ClipSrv - ok
10:04:01.0390 2672 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:04:01.0421 2672 clr_optimization_v2.0.50727_32 - ok
10:04:01.0484 2672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:04:01.0531 2672 clr_optimization_v4.0.30319_32 - ok
10:04:01.0531 2672 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:04:01.0546 2672 CmBatt - ok
10:04:01.0546 2672 CmdIde - ok
10:04:01.0578 2672 COH_Mon (c348e3288d3d9f2d26f4097496c143a2) C:\WINDOWS\system32\Drivers\COH_Mon.sys
10:04:01.0578 2672 COH_Mon - ok
10:04:01.0578 2672 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:04:01.0578 2672 Compbatt - ok
10:04:01.0578 2672 COMSysApp - ok
10:04:01.0593 2672 Cpqarray - ok
10:04:01.0609 2672 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:04:01.0609 2672 CryptSvc - ok
10:04:01.0640 2672 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
10:04:01.0640 2672 ctxusbm - ok
10:04:01.0671 2672 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
10:04:01.0671 2672 CVirtA - ok
10:04:01.0812 2672 CVPND (8b8b082010775093081debe9621bedf0) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
10:04:01.0843 2672 CVPND - ok
10:04:01.0937 2672 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
10:04:01.0937 2672 CVPNDRVA - ok
10:04:01.0953 2672 dac2w2k - ok
10:04:01.0953 2672 dac960nt - ok
10:04:02.0000 2672 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:04:02.0015 2672 DcomLaunch - ok
10:04:02.0031 2672 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:04:02.0031 2672 Dhcp - ok
10:04:02.0078 2672 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:04:02.0078 2672 Disk - ok
10:04:02.0078 2672 dmadmin - ok
10:04:02.0156 2672 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:04:02.0187 2672 dmboot - ok
10:04:02.0203 2672 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:04:02.0218 2672 dmio - ok
10:04:02.0234 2672 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:04:02.0234 2672 dmload - ok
10:04:02.0265 2672 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:04:02.0265 2672 dmserver - ok
10:04:02.0281 2672 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:04:02.0281 2672 DMusic - ok
10:04:02.0328 2672 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
10:04:02.0328 2672 DNE - ok
10:04:02.0343 2672 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:04:02.0343 2672 Dnscache - ok
10:04:02.0375 2672 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:04:02.0375 2672 Dot3svc - ok
10:04:02.0375 2672 dpti2o - ok
10:04:02.0375 2672 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:04:02.0375 2672 drmkaud - ok
10:04:02.0406 2672 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:04:02.0406 2672 EapHost - ok
10:04:02.0500 2672 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:04:02.0500 2672 eeCtrl - ok
10:04:02.0531 2672 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:04:02.0531 2672 EraserUtilRebootDrv - ok
10:04:02.0546 2672 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:04:02.0546 2672 ERSvc - ok
10:04:02.0578 2672 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:04:02.0578 2672 Eventlog - ok
10:04:02.0640 2672 EventSystem (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll
10:04:02.0640 2672 EventSystem - ok
10:04:02.0687 2672 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:04:02.0687 2672 Fastfat - ok
10:04:02.0734 2672 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:04:02.0734 2672 FastUserSwitchingCompatibility - ok
10:04:02.0781 2672 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:04:02.0796 2672 Fdc - ok
10:04:02.0796 2672 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:04:02.0796 2672 Fips - ok
10:04:02.0812 2672 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:04:02.0812 2672 Flpydisk - ok
10:04:02.0859 2672 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:04:02.0859 2672 FltMgr - ok
10:04:02.0984 2672 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:04:02.0984 2672 FontCache3.0.0.0 - ok
10:04:03.0015 2672 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:04:03.0031 2672 Fs_Rec - ok
10:04:03.0031 2672 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:04:03.0046 2672 Ftdisk - ok
10:04:03.0109 2672 FwcAgent (024c0e47ac6cf525f558400ae09ca63d) C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
10:04:03.0109 2672 FwcAgent - ok
10:04:03.0140 2672 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:04:03.0140 2672 GEARAspiWDM - ok
10:04:03.0140 2672 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:04:03.0156 2672 Gpc - ok
10:04:03.0187 2672 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:04:03.0187 2672 HDAudBus - ok
10:04:03.0234 2672 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:04:03.0234 2672 helpsvc - ok
10:04:03.0250 2672 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
10:04:03.0250 2672 HidServ - ok
10:04:03.0265 2672 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:04:03.0265 2672 HidUsb - ok
10:04:03.0281 2672 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:04:03.0281 2672 hkmsvc - ok
10:04:03.0281 2672 hpn - ok
10:04:03.0390 2672 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:04:03.0406 2672 hpqcxs08 - ok
10:04:03.0437 2672 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:04:03.0437 2672 hpqddsvc - ok
10:04:03.0500 2672 HPSLPSVC (14229263aa19c704e0d6d2e7404a8455) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
10:04:03.0515 2672 HPSLPSVC - ok
10:04:03.0531 2672 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:04:03.0531 2672 HPZid412 - ok
10:04:03.0531 2672 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:04:03.0531 2672 HPZipr12 - ok
10:04:03.0562 2672 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:04:03.0562 2672 HPZius12 - ok
10:04:03.0593 2672 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
10:04:03.0609 2672 HTTP - ok
10:04:03.0640 2672 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:04:03.0640 2672 HTTPFilter - ok
10:04:03.0656 2672 i2omgmt - ok
10:04:03.0656 2672 i2omp - ok
10:04:03.0703 2672 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:04:03.0703 2672 i8042prt - ok
10:04:03.0796 2672 ialm (70faf4239ea830b12952a8cd665d4dca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:04:03.0828 2672 ialm - ok
10:04:03.0968 2672 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\WINDOWS\system32\drivers\iaStor.sys
10:04:03.0968 2672 iaStor - ok
10:04:04.0109 2672 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:04:04.0140 2672 idsvc - ok
10:04:04.0156 2672 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:04:04.0171 2672 Imapi - ok
10:04:04.0187 2672 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:04:04.0203 2672 ImapiService - ok
10:04:04.0203 2672 ini910u - ok
10:04:04.0218 2672 IntcDAud (34ee48d11c584eedb59fd0d537ac2296) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
10:04:04.0234 2672 IntcDAud - ok
10:04:04.0234 2672 IntelIde - ok
10:04:04.0250 2672 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:04:04.0250 2672 intelppm - ok
10:04:04.0265 2672 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:04:04.0265 2672 Ip6Fw - ok
10:04:04.0437 2672 iPassConnectEngine (f1ac799e7b89c900af773ae8bd846934) C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
10:04:04.0484 2672 iPassConnectEngine - ok
10:04:04.0609 2672 iPassP (468422b9137c884ab8fba05a590989d7) C:\WINDOWS\system32\DRIVERS\iPassP.sys
10:04:04.0609 2672 iPassP - ok
10:04:04.0671 2672 iPassPeriodicUpdateApp (0533da16fa7fca3691eb8b31a8424caf) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
10:04:04.0671 2672 iPassPeriodicUpdateApp - ok
10:04:04.0687 2672 iPassPeriodicUpdateService (9e84b8ed7d7b15c09fb0ea1adcebfb73) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
10:04:04.0687 2672 iPassPeriodicUpdateService - ok
10:04:04.0734 2672 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:04:04.0734 2672 IpFilterDriver - ok
10:04:04.0734 2672 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:04:04.0734 2672 IpInIp - ok
10:04:04.0765 2672 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:04:04.0765 2672 IpNat - ok
10:04:04.0843 2672 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
10:04:04.0875 2672 iPod Service - ok
10:04:04.0921 2672 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:04:04.0921 2672 IPSec - ok
10:04:04.0937 2672 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:04:04.0953 2672 IRENUM - ok
10:04:04.0984 2672 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:04:04.0984 2672 isapnp - ok
10:04:05.0046 2672 JavaQuickStarterService (91061352084424820ac6268808cb8ee3) C:\Program Files\Java\jre6\bin\jqs.exe
10:04:05.0046 2672 JavaQuickStarterService - ok
10:04:05.0046 2672 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:04:05.0046 2672 Kbdclass - ok
10:04:05.0093 2672 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:04:05.0093 2672 kbdhid - ok
10:04:05.0156 2672 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:04:05.0156 2672 kmixer - ok
10:04:05.0171 2672 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
10:04:05.0187 2672 KSecDD - ok
10:04:05.0218 2672 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
10:04:05.0218 2672 LanmanServer - ok
10:04:05.0234 2672 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:04:05.0234 2672 lanmanworkstation - ok
10:04:05.0234 2672 lbrtfdc - ok
10:04:05.0593 2672 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
10:04:05.0703 2672 LeapFrog Connect Device Service - ok
10:04:05.0906 2672 LiveUpdate (9e25ffba1ee26abfe7b9319f8ef3f771) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
10:04:05.0921 2672 LiveUpdate - ok
10:04:06.0046 2672 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:04:06.0046 2672 LmHosts - ok
10:04:06.0062 2672 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\WINDOWS\system32\DRIVERS\HECI.sys
10:04:06.0062 2672 MEI - ok
10:04:06.0078 2672 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:04:06.0078 2672 Messenger - ok
10:04:06.0171 2672 MFE_RR - ok
10:04:06.0234 2672 Microsoft SharePoint Workspace Audit Service - ok
10:04:06.0265 2672 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:04:06.0265 2672 mnmdd - ok
10:04:06.0296 2672 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:04:06.0296 2672 mnmsrvc - ok
10:04:06.0328 2672 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:04:06.0328 2672 Modem - ok
10:04:06.0359 2672 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:04:06.0359 2672 Mouclass - ok
10:04:06.0359 2672 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:04:06.0359 2672 mouhid - ok
10:04:06.0406 2672 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:04:06.0406 2672 MountMgr - ok
10:04:06.0453 2672 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:04:06.0468 2672 MozillaMaintenance - ok
10:04:06.0484 2672 mraid35x - ok
10:04:06.0515 2672 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:04:06.0515 2672 MRxDAV - ok
10:04:06.0578 2672 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:04:06.0578 2672 MRxSmb - ok
10:04:06.0609 2672 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:04:06.0609 2672 MSDTC - ok
10:04:06.0656 2672 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:04:06.0656 2672 Msfs - ok
10:04:06.0656 2672 MSIServer - ok
10:04:06.0687 2672 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:04:06.0687 2672 MSKSSRV - ok
10:04:06.0703 2672 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:04:06.0703 2672 MSPCLOCK - ok
10:04:06.0718 2672 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:04:06.0734 2672 MSPQM - ok
10:04:06.0765 2672 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:04:06.0765 2672 mssmbios - ok
10:04:06.0781 2672 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:04:06.0781 2672 Mup - ok
10:04:06.0828 2672 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:04:06.0843 2672 napagent - ok
10:04:06.0937 2672 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120606.020\NAVENG.SYS
10:04:06.0937 2672 NAVENG - ok
10:04:07.0031 2672 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120606.020\NAVEX15.SYS
10:04:07.0031 2672 NAVEX15 - ok
10:04:07.0250 2672 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:04:07.0250 2672 NDIS - ok
10:04:07.0281 2672 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:04:07.0296 2672 NdisTapi - ok
10:04:07.0328 2672 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:04:07.0328 2672 Ndisuio - ok
10:04:07.0343 2672 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:04:07.0343 2672 NdisWan - ok
10:04:07.0375 2672 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:04:07.0390 2672 NDProxy - ok
10:04:07.0421 2672 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
10:04:07.0421 2672 Net Driver HPZ12 - ok
10:04:07.0437 2672 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:04:07.0437 2672 NetBIOS - ok
10:04:07.0453 2672 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:04:07.0453 2672 NetBT - ok
10:04:07.0500 2672 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:04:07.0500 2672 NetDDE - ok
10:04:07.0515 2672 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:04:07.0515 2672 NetDDEdsdm - ok
10:04:07.0546 2672 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:04:07.0546 2672 Netlogon - ok
10:04:07.0562 2672 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:04:07.0578 2672 Netman - ok
10:04:07.0671 2672 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:04:07.0703 2672 NetTcpPortSharing - ok
10:04:08.0031 2672 NETwNx32 (32e6902485c5add8e4c6cd21545d5133) C:\WINDOWS\system32\DRIVERS\NETwNx32.sys
10:04:08.0171 2672 NETwNx32 - ok
10:04:08.0296 2672 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:04:08.0296 2672 NIC1394 - ok
10:04:08.0312 2672 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:04:08.0328 2672 Nla - ok
10:04:08.0343 2672 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:04:08.0343 2672 Npfs - ok
10:04:08.0453 2672 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:04:08.0468 2672 Ntfs - ok
10:04:08.0484 2672 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:04:08.0484 2672 NtLmSsp - ok
10:04:08.0515 2672 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:04:08.0515 2672 NtmsSvc - ok
10:04:08.0562 2672 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:04:08.0562 2672 Null - ok
10:04:08.0593 2672 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:04:08.0593 2672 NwlnkFlt - ok
10:04:08.0625 2672 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:04:08.0625 2672 NwlnkFwd - ok
10:04:08.0671 2672 O2FLASH (4e37455db16aec75862b1d0bc35b589e) C:\WINDOWS\system32\DRIVERS\o2flash.exe
10:04:08.0671 2672 O2FLASH - ok
10:04:08.0687 2672 O2MDRRDR (f24dc5d512ff86576f406e9c1427e8bb) C:\WINDOWS\system32\DRIVERS\O2MDRxp.sys
10:04:08.0687 2672 O2MDRRDR - ok
10:04:08.0703 2672 O2SDJRDR (c43c2170e318c66944128f5ea030068a) C:\WINDOWS\system32\DRIVERS\o2sdjxp.sys
10:04:08.0718 2672 O2SDJRDR - ok
10:04:08.0812 2672 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:04:08.0859 2672 odserv - ok
10:04:08.0906 2672 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:04:08.0906 2672 ohci1394 - ok
10:04:08.0937 2672 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:04:08.0968 2672 ose - ok
10:04:09.0187 2672 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:04:09.0296 2672 osppsvc - ok
10:04:09.0468 2672 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:04:09.0484 2672 Parport - ok
10:04:09.0484 2672 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:04:09.0484 2672 PartMgr - ok
10:04:09.0500 2672 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:04:09.0500 2672 ParVdm - ok
10:04:09.0500 2672 PCASp50 - ok
10:04:09.0531 2672 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:04:09.0531 2672 PCI - ok
10:04:09.0531 2672 PCIDump - ok
10:04:09.0546 2672 PCIIde - ok
10:04:09.0609 2672 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:04:09.0625 2672 Pcmcia - ok
10:04:09.0625 2672 PDCOMP - ok
10:04:09.0625 2672 PDFRAME - ok
10:04:09.0625 2672 PDRELI - ok
10:04:09.0625 2672 PDRFRAME - ok
10:04:09.0625 2672 perc2 - ok
10:04:09.0625 2672 perc2hib - ok
10:04:09.0671 2672 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:04:09.0671 2672 PlugPlay - ok
10:04:09.0718 2672 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
10:04:09.0718 2672 Pml Driver HPZ12 - ok
10:04:09.0765 2672 pneteth (713e294439d982bb161317de0136faa0) C:\WINDOWS\system32\DRIVERS\pneteth.sys
10:04:09.0765 2672 pneteth - ok
10:04:09.0781 2672 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:04:09.0781 2672 PolicyAgent - ok
10:04:09.0796 2672 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:04:09.0796 2672 PptpMiniport - ok
10:04:09.0890 2672 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\WINDOWS\system32\CCM\prepdrv.sys
10:04:09.0906 2672 prepdrvr - ok
10:04:09.0906 2672 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:04:09.0906 2672 ProtectedStorage - ok
10:04:09.0906 2672 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:04:09.0921 2672 PSched - ok
10:04:09.0921 2672 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:04:09.0937 2672 Ptilink - ok
10:04:09.0937 2672 ql1080 - ok
10:04:09.0937 2672 Ql10wnt - ok
10:04:09.0937 2672 ql12160 - ok
10:04:09.0937 2672 ql1240 - ok
10:04:09.0937 2672 ql1280 - ok
10:04:09.0953 2672 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:04:09.0953 2672 RasAcd - ok
10:04:09.0984 2672 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:04:10.0000 2672 RasAuto - ok
10:04:10.0015 2672 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:04:10.0031 2672 Rasl2tp - ok
10:04:10.0046 2672 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:04:10.0046 2672 RasMan - ok
10:04:10.0046 2672 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:04:10.0062 2672 RasPppoe - ok
10:04:10.0062 2672 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:04:10.0062 2672 Raspti - ok
10:04:10.0093 2672 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:04:10.0093 2672 Rdbss - ok
10:04:10.0109 2672 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:04:10.0109 2672 RDPCDD - ok
10:04:10.0140 2672 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:04:10.0156 2672 rdpdr - ok
10:04:10.0187 2672 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:04:10.0187 2672 RDPWD - ok
10:04:10.0234 2672 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:04:10.0250 2672 RDSessMgr - ok
10:04:10.0281 2672 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:04:10.0281 2672 redbook - ok
10:04:10.0312 2672 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:04:10.0328 2672 RemoteAccess - ok
10:04:10.0343 2672 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:04:10.0343 2672 RemoteRegistry - ok
10:04:10.0375 2672 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:04:10.0375 2672 RpcLocator - ok
10:04:10.0406 2672 Rpcnet (3297445bb9fd3e8363e7559010ed2ae7) C:\WINDOWS\system32\rpcnet.exe
10:04:10.0406 2672 Rpcnet - ok
10:04:10.0468 2672 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
10:04:10.0468 2672 RpcSs - ok
10:04:10.0500 2672 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:04:10.0515 2672 RSVP - ok
10:04:10.0531 2672 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:04:10.0531 2672 SamSs - ok
10:04:10.0578 2672 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:04:10.0578 2672 SCardSvr - ok
10:04:10.0609 2672 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:04:10.0625 2672 Schedule - ok
10:04:10.0640 2672 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:04:10.0640 2672 Secdrv - ok
10:04:10.0656 2672 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:04:10.0656 2672 seclogon - ok
10:04:10.0671 2672 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:04:10.0671 2672 SENS - ok
10:04:10.0687 2672 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
10:04:10.0687 2672 Serial - ok
10:04:10.0703 2672 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:04:10.0718 2672 Sfloppy - ok
10:04:10.0765 2672 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:04:10.0765 2672 SharedAccess - ok
10:04:10.0812 2672 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:04:10.0812 2672 ShellHWDetection - ok
10:04:10.0812 2672 Simbad - ok
10:04:11.0062 2672 SmcService (16176075021462d37edabb98dea753d0) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
10:04:11.0062 2672 SmcService - ok
10:04:11.0187 2672 smsmdd (4b4ab78e866bbecf93f6eabc3270178a) C:\WINDOWS\system32\DRIVERS\smsmdm.sys
10:04:11.0187 2672 smsmdd - ok
10:04:11.0328 2672 smstsmgr - ok
10:04:11.0406 2672 SNAC (1c48f2df2cf97504169e63c37a2818b2) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
10:04:11.0468 2672 SNAC - ok
10:04:11.0468 2672 Sparrow - ok
10:04:11.0531 2672 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
10:04:11.0531 2672 SPBBCDrv - ok
10:04:11.0546 2672 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:04:11.0546 2672 splitter - ok
10:04:11.0578 2672 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:04:11.0578 2672 Spooler - ok
10:04:11.0625 2672 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:04:11.0625 2672 sr - ok
10:04:11.0656 2672 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:04:11.0656 2672 srservice - ok
10:04:11.0671 2672 SRTSP (620bbcc5c4c4407447866793c36e1215) C:\WINDOWS\system32\Drivers\SRTSP.SYS
10:04:11.0687 2672 SRTSP - ok
10:04:11.0718 2672 SRTSPL (995e15de499ca58445e39a2fba7d170e) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
10:04:11.0734 2672 SRTSPL - ok
10:04:11.0750 2672 SRTSPX (1b63f794f283b974a79084514df206a0) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
10:04:11.0765 2672 SRTSPX - ok
10:04:11.0843 2672 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:04:11.0843 2672 Srv - ok
10:04:11.0890 2672 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:04:11.0890 2672 SSDPSRV - ok
10:04:11.0953 2672 STacSV (c98df3ffebac8af2bbb4457c0d3089c3) C:\Program Files\IDT\WDM\stacsv.exe
10:04:11.0953 2672 STacSV - ok
10:04:11.0968 2672 stdcfltn (1e72739a30a0d3e3fc95ebb07f83912d) C:\WINDOWS\system32\DRIVERS\stdcfltn.sys
10:04:11.0984 2672 stdcfltn - ok
10:04:12.0109 2672 STHDA (d21bc3b77f04dd06d9614dd423970ce4) C:\WINDOWS\system32\drivers\sthda.sys
10:04:12.0125 2672 STHDA - ok
10:04:12.0250 2672 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:04:12.0265 2672 stisvc - ok
10:04:12.0281 2672 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:04:12.0281 2672 swenum - ok
10:04:12.0296 2672 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:04:12.0296 2672 swmidi - ok
10:04:12.0296 2672 SwPrv - ok
10:04:12.0453 2672 Symantec AntiVirus (dc358448cd60f6739c58361a0a5fda0b) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
10:04:12.0453 2672 Symantec AntiVirus - ok
10:04:12.0531 2672 symc810 - ok
10:04:12.0531 2672 symc8xx - ok
10:04:12.0546 2672 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
10:04:12.0546 2672 SymEvent - ok
10:04:12.0593 2672 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
10:04:12.0593 2672 SYMREDRV - ok
10:04:12.0609 2672 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
10:04:12.0609 2672 SYMTDI - ok
10:04:12.0609 2672 sym_hi - ok
10:04:12.0625 2672 sym_u3 - ok
10:04:12.0640 2672 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:04:12.0640 2672 sysaudio - ok
10:04:12.0671 2672 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:04:12.0671 2672 SysmonLog - ok
10:04:12.0703 2672 SysPlant (c8f9eb4ac42740d036b0b9f0809b335b) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
10:04:12.0703 2672 SysPlant - ok
10:04:12.0734 2672 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:04:12.0750 2672 TapiSrv - ok
10:04:12.0812 2672 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:04:12.0812 2672 Tcpip - ok
10:04:12.0843 2672 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:04:12.0843 2672 TDPIPE - ok
10:04:12.0843 2672 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:04:12.0843 2672 TDTCP - ok
10:04:12.0875 2672 Teefer2 (75346634d815c9fda103ae5fada072b3) C:\WINDOWS\system32\DRIVERS\teefer2.sys
10:04:12.0875 2672 Teefer2 - ok
10:04:12.0875 2672 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:04:12.0875 2672 TermDD - ok
10:04:12.0937 2672 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:04:12.0937 2672 TermService - ok
10:04:12.0984 2672 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:04:12.0984 2672 Themes - ok
10:04:13.0000 2672 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
10:04:13.0015 2672 TlntSvr - ok
10:04:13.0109 2672 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
10:04:13.0109 2672 TomTomHOMEService - ok
10:04:13.0109 2672 TosIde - ok
10:04:13.0156 2672 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:04:13.0156 2672 TrkWks - ok
10:04:13.0171 2672 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:04:13.0187 2672 Udfs - ok
10:04:13.0187 2672 ultra - ok
10:04:13.0250 2672 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:04:13.0250 2672 Update - ok
10:04:13.0281 2672 UPHClean (3f9a3232e5f942874488981f3242c989) C:\Program Files\UPHClean\uphclean.exe
10:04:13.0296 2672 UPHClean - ok
10:04:13.0312 2672 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:04:13.0328 2672 upnphost - ok
10:04:13.0328 2672 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:04:13.0343 2672 UPS - ok
10:04:13.0359 2672 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:04:13.0359 2672 USBAAPL - ok
10:04:13.0390 2672 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:04:13.0390 2672 usbccgp - ok
10:04:13.0406 2672 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:04:13.0406 2672 usbehci - ok
10:04:13.0437 2672 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:04:13.0453 2672 usbhub - ok
10:04:13.0453 2672 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:04:13.0453 2672 usbprint - ok
10:04:13.0468 2672 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:04:13.0468 2672 usbscan - ok
10:04:13.0500 2672 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:04:13.0500 2672 USBSTOR - ok
10:04:13.0531 2672 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:04:13.0531 2672 VgaSave - ok
10:04:13.0531 2672 ViaIde - ok
10:04:13.0562 2672 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:04:13.0562 2672 VolSnap - ok
10:04:13.0703 2672 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
10:04:13.0703 2672 vsdatant - ok
10:04:13.0750 2672 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:04:13.0781 2672 VSS - ok
10:04:13.0812 2672 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:04:13.0812 2672 W32Time - ok
10:04:13.0812 2672 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:04:13.0812 2672 Wanarp - ok
10:04:13.0843 2672 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:04:13.0843 2672 Wdf01000 - ok
10:04:13.0843 2672 WDICA - ok
10:04:13.0859 2672 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:04:13.0859 2672 wdmaud - ok
10:04:13.0875 2672 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:04:13.0890 2672 WebClient - ok
10:04:13.0921 2672 WebsenseDesktopClient - ok
10:04:14.0015 2672 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:04:14.0015 2672 winmgmt - ok
10:04:14.0093 2672 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
10:04:14.0140 2672 WinRM - ok
10:04:14.0156 2672 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
10:04:14.0171 2672 WinUSB - ok
10:04:14.0187 2672 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:04:14.0187 2672 WmdmPmSN - ok
10:04:14.0265 2672 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:04:14.0281 2672 Wmi - ok
10:04:14.0296 2672 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:04:14.0296 2672 WmiAcpi - ok
10:04:14.0312 2672 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:04:14.0328 2672 WmiApSrv - ok
10:04:14.0484 2672 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:04:14.0531 2672 WMPNetworkSvc - ok
10:04:14.0656 2672 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:04:14.0703 2672 WPFFontCache_v0400 - ok
10:04:15.0484 2672 WPS (d81ef0d8716500a573cd82185ef3e42d) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
10:04:15.0484 2672 WPS - ok
10:04:15.0531 2672 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
10:04:15.0531 2672 WpsHelper - ok
10:04:15.0546 2672 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:04:15.0546 2672 WS2IFSL - ok
10:04:15.0546 2672 wscam6300 (e8a100e48c47ce98d2af1f5d914f55a4) C:\WINDOWS\system32\Drivers\wscam6300.sys
10:04:15.0546 2672 wscam6300 - ok
10:04:15.0593 2672 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:04:15.0593 2672 wscsvc - ok
10:04:15.0593 2672 wstdi (4bed440d1c0831015f4751b3e23ee9ca) C:\WINDOWS\system32\Drivers\wstdixp.sys
10:04:15.0593 2672 wstdi - ok
10:04:15.0640 2672 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:04:15.0640 2672 wuauserv - ok
10:04:15.0656 2672 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:04:15.0671 2672 WudfPf - ok
10:04:15.0671 2672 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:04:15.0671 2672 WudfRd - ok
10:04:15.0703 2672 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:04:15.0703 2672 WudfSvc - ok
10:04:15.0750 2672 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:04:15.0765 2672 WZCSVC - ok
10:04:15.0796 2672 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:04:15.0796 2672 xmlprov - ok
10:04:15.0812 2672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:04:16.0250 2672 \Device\Harddisk0\DR0 - ok
10:04:16.0250 2672 Boot (0x1200) (a1b06cb9efe8c9cc3513f02ea9e3c611) \Device\Harddisk0\DR0\Partition0
10:04:16.0250 2672 \Device\Harddisk0\DR0\Partition0 - ok
10:04:16.0250 2672 ============================================================
10:04:16.0250 2672 Scan finished
10:04:16.0250 2672 ============================================================
10:04:16.0250 4912 Detected object count: 0
10:04:16.0250 4912 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-07 10:14:39
-----------------------------
10:14:39.156 OS Version: Windows 5.1.2600 Service Pack 3
10:14:39.156 Number of processors: 4 586 0x2A07
10:14:39.156 ComputerName: LAP-SALE89 UserName: mhorvath
10:14:39.968 Initialize success
10:14:43.734 AVAST engine defs: 12060700
10:14:45.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:14:45.875 Disk 0 Vendor: ST925041 0002 Size: 238475MB BusType: 3
10:14:45.890 Disk 0 MBR read successfully
10:14:45.890 Disk 0 MBR scan
10:14:45.906 Disk 0 Windows XP default MBR code
10:14:45.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
10:14:45.921 Disk 0 scanning sectors +488394752
10:14:45.984 Disk 0 scanning C:\WINDOWS\system32\drivers
10:14:56.718 Service scanning
10:15:11.687 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
10:15:11.937 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
10:15:13.843 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
10:15:14.406 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
10:15:15.718 Modules scanning
10:15:25.000 Disk 0 trace - called modules:
10:15:25.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStor.sys hal.dll
10:15:25.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5e7ab8]
10:15:25.031 3 CLASSPNP.SYS[b9908fd7] -> nt!IofCallDriver -> [0x8a5e7020]
10:15:25.031 5 stdcfltn.sys[b9cc9896] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x89f7e028]
10:15:25.593 AVAST engine scan C:\WINDOWS
10:15:39.343 AVAST engine scan C:\WINDOWS\system32
10:18:33.265 AVAST engine scan C:\WINDOWS\system32\drivers
10:18:54.250 AVAST engine scan C:\Documents and Settings\mhorvath
10:24:38.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mhorvath\Desktop\MBR.dat"
10:24:38.468 The log file has been saved successfully to "C:\Documents and Settings\mhorvath\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 07 June 2012 - 12:55 PM

Greetings

Any ideas on the Authentication issue I'm having after Combofix?

No I don't have any idea

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\documents and settings\mhorvath\Application Data\Caxyis
c:\documents and settings\mhorvath\Application Data\Ybif
c:\program files\Yontoo
c:\documents and settings\mhorvath\Application Data\Iwmeu
c:\documents and settings\mhorvath\Application Data\Gaazi
c:\documents and settings\All Users\Application Data\blekko toolbars

Driver::
MFE_RR;MFE_RR

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Mishney

Mishney
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 07 June 2012 - 02:47 PM

Here is the log. I'm afraid it was one of the registry entries that combofix took out the first time it ran.

ComboFix 12-06-07.03 - mhorvath 06/07/2012 15:40:20.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3241.2311 [GMT -4:00]
Running from: c:\documents and settings\mhorvath\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mhorvath\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\blekko toolbars
c:\documents and settings\mhorvath\Application Data\Caxyis
c:\documents and settings\mhorvath\Application Data\Gaazi
c:\documents and settings\mhorvath\Application Data\Iwmeu
c:\documents and settings\mhorvath\Application Data\Ybif
c:\documents and settings\mhorvath\Application Data\Ybif\tiyf.tmp
c:\program files\Yontoo
c:\program files\Yontoo\YontooIEClient.dll
c:\windows\system32\default_user_class.dat.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-05-07 to 2012-06-07 )))))))))))))))))))))))))))))))
.
.
2012-06-06 21:53 . 2012-06-06 21:53 14664 ----a-w- c:\windows\stinger.sys
2012-06-06 20:19 . 2012-06-06 20:19 159608 ----a-w- c:\windows\system32\mfevtps.exe.0075.deleteme
2012-06-06 20:19 . 2012-06-06 22:03 -------- d-----w- c:\program files\stinger
2012-06-06 13:46 . 2012-06-06 13:46 -------- d-----w- c:\documents and settings\mhorvath\Local Settings\Application Data\Identities
2012-06-06 02:10 . 2012-06-06 02:10 -------- d-----w- c:\program files\Trend Micro
2012-06-05 21:15 . 2012-06-05 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-06-05 21:02 . 2012-06-05 21:02 -------- d-sh--w- c:\documents and settings\locadm\PrivacIE
2012-06-05 19:59 . 2012-06-05 19:59 -------- d-----w- c:\documents and settings\locadm\Application Data\Malwarebytes
2012-05-30 00:32 . 2012-05-30 00:32 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-30 00:32 . 2012-05-30 00:32 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-30 00:32 . 2012-05-30 00:32 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-09 14:06 . 2012-05-09 14:06 -------- d-----w- c:\program files\iPod
2012-05-09 00:34 . 2012-05-30 00:32 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-05-09 00:34 . 2012-05-30 00:32 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-07 12:59 . 2012-01-16 18:39 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-06-07 12:59 . 2012-01-16 20:51 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-06-06 23:27 . 2012-01-17 00:48 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-06-05 18:36 . 2012-01-16 21:50 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2012-05-06 22:30 . 2012-04-05 23:52 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 22:30 . 2012-01-16 21:02 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 22:30 . 2012-04-14 03:30 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-04 19:56 . 2012-01-18 03:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 05:01 . 2010-03-11 05:01 124272 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-03-11 05:40 . 2010-03-11 05:40 13168 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-03-11 05:02 . 2010-03-11 05:02 70512 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-03-11 05:01 . 2010-03-11 05:01 91504 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-03-11 05:01 . 2010-03-11 05:01 22384 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-03-11 05:00 . 2010-03-11 05:00 255344 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-03-11 05:01 . 2010-03-11 05:01 31088 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-03-11 05:01 . 2010-03-11 05:01 40304 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-10-05 18:49 . 2009-10-05 18:49 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-03-11 05:02 . 2010-03-11 05:02 23920 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-05-30 00:32 . 2012-01-19 18:44 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-07_00.52.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-07 12:59 . 2012-06-07 12:59 16384 c:\windows\Temp\Perflib_Perfdata_c18.dat
+ 2012-06-07 13:52 . 2012-06-07 13:52 16384 c:\windows\Temp\Perflib_Perfdata_904.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\mhorvath\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-08 3331872]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-04 142360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-04 176152]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-04 145944]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-02-04 488816]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-02-04 536668]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2011-02-04 737280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-02-15 686704]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2012-01-16 115624]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2012-01-17 143360]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-01-31 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MeetingLauncher"="c:\program files\InterCall Unified Meeting\Modules\Launcher\mcLauncher.exe" [2011-09-06 515184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
client.lnk - c:\program files\avs\bin\avscc.exe [2011-6-2 12952928]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogoff"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"DisallowCpl"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogoff"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"DisallowCpl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-129458132-1848583262-336618761-8424\Scripts\Logon\0\0]
"Script"=Local_Login_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-299502267-682003330-1003\Scripts\Logon\0\0]
"Script"=Local_Login_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-854245398-299502267-682003330-500\Scripts\Logon\0\0]
"Script"=Local_Login_Script.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [1/16/2012 5:29 PM 17648]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 8:13 PM 65584]
R1 wscam6300;wscam6300;c:\windows\system32\drivers\wscam6300.sys [5/8/2007 10:18 PM 33024]
R1 wstdi;wstdi;c:\windows\system32\drivers\wstdixp.sys [5/8/2007 10:18 PM 35712]
R2 avbackup;Backup Agent;c:\program files\avs\bin\avagent.exe [6/2/2011 4:07 AM 5379424]
R2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [12/9/2006 9:04 PM 128832]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [1/23/2012 12:43 AM 92592]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [1/16/2012 5:29 PM 43888]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [1/16/2012 8:35 PM 113664]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/5/2012 2:35 PM 106656]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [1/16/2012 8:35 PM 260864]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [1/16/2012 8:35 PM 41088]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [1/16/2012 8:35 PM 7391104]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\o2mdrxp.sys [1/16/2012 8:35 PM 61728]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjxp.sys [1/16/2012 8:35 PM 63136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 3:16 PM 130384]
S2 WebsenseDesktopClient;Websense Desktop Client;c:\program files\Websense\WDC\WDC.exe --> c:\program files\Websense\WDC\WDC.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 7:52 PM 257696]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/16/2012 5:46 PM 23960]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\mhorvath\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\mhorvath\LOCALS~1\Temp\mfe_rr.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/29/2012 8:32 PM 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [1/30/2012 11:23 AM 13440]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [1/16/2012 8:35 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 3:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 25050731
*NewlyCreated* - ASWMBR
*Deregistered* - 25050731
*Deregistered* - aswMBR
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:30]
.
2012-06-07 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\program files\SmartDraw 2012\Messages\SDNotify.exe [2011-09-26 16:22]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = proxy.fastenal.com:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll
Trusted Zone: fastenal.com\apps
Trusted Zone: localhost
TCP: DhcpNameServer = 66.80.130.23 64.7.11.2
FF - ProfilePath - c:\documents and settings\mhorvath\Application Data\Mozilla\Firefox\Profiles\70n10uoy.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - user.js: extentions.y2layers.installId - e7b496b6-0c5a-4ed4-ae7e-dca2765d3321
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-07 15:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-07 15:47:07
ComboFix-quarantined-files.txt 2012-06-07 19:47
ComboFix2.txt 2012-06-07 00:55
.
Pre-Run: 177,365,766,144 bytes free
Post-Run: 177,446,830,080 bytes free
.
- - End Of File - - 9591EBF24997155B536FF82234A09F17

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 07 June 2012 - 04:10 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\ComboFix-quarantined-files.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Mishney

Mishney
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 07 June 2012 - 07:19 PM

2012-06-07 19:40:18 . 2012-06-07 19:40:18 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-06-07 12:57:46 . 2012-06-07 12:57:53 1,024 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\default_user_class.dat.LOG.vir
2012-06-07 00:55:24 . 2012-06-07 00:55:24 566 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-24f19af5.reg.dat
2012-06-07 00:55:19 . 2012-06-07 00:55:19 582 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-Symantec Antvirus.reg.dat
2012-06-07 00:55:10 . 2012-06-07 00:55:10 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-cbbcbecdct.reg.dat
2012-06-07 00:55:10 . 2012-06-07 00:55:10 173 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Ylmugyesne.reg.dat
2012-06-07 00:48:01 . 2012-06-07 00:48:01 822 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NETWORKLOG.reg.dat
2012-06-07 00:48:01 . 2012-06-07 00:48:01 814 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_AMSERVICE.reg.dat
2012-06-07 00:47:53 . 2012-06-07 19:44:11 9,606 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-06-07 00:47:25 . 2012-01-19 18:44:31 742 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
2012-06-07 00:47:25 . 2012-02-24 21:50:34 79 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\2\Show desktop.scf
2012-06-07 00:47:25 . 2012-01-16 21:56:19 815 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
2012-06-07 00:47:25 . 2012-02-09 02:01:03 792 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\2\Microsoft Office Outlook.lnk
2012-06-07 00:47:25 . 2012-01-16 21:00:37 1,744 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\WinZip\WinZip 12.0.lnk
2012-06-07 00:47:25 . 2012-01-16 21:56:18 60 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\2\desktop.ini
2012-06-07 00:47:25 . 2012-01-16 21:00:37 1,431 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\WinZip\Help Manual.lnk
2012-06-07 00:47:25 . 2012-02-29 16:55:14 731 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\VideoLAN\VLC media player.lnk
2012-06-07 00:47:25 . 2012-02-29 16:55:14 747 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\VideoLAN\VLC media player skinned.lnk
2012-06-07 00:47:25 . 2012-02-29 16:55:14 802 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\VideoLAN\VideoLAN Website.lnk
2012-06-07 00:47:25 . 2012-02-29 16:55:14 827 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk
2012-06-07 00:47:25 . 2012-02-29 16:55:14 738 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\VideoLAN\Release Notes.lnk
2012-06-07 00:47:25 . 2012-02-29 16:55:14 787 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\VideoLAN\Documentation.lnk
2012-06-07 00:47:25 . 2012-01-16 21:48:43 838 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Symantec Endpoint Protection\Symantec Endpoint Protection.lnk
2012-06-07 00:47:25 . 2012-01-16 21:48:43 910 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Symantec Endpoint Protection\Symantec Endpoint Protection Help.lnk
2012-06-07 00:47:25 . 2012-01-16 21:07:57 1,999 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Startup\Microsoft Firewall Client Management.lnk
2012-06-07 00:47:25 . 2012-01-16 21:02:35 762 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Startup\client.lnk
2012-06-07 00:47:25 . 2012-01-17 00:46:01 84 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
2012-06-07 00:47:25 . 2012-01-18 19:09:52 1,808 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Startup\HP Digital Imaging Monitor.lnk
2012-06-07 00:47:25 . 2012-01-16 21:30:28 731 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\RSA\RSA SecurID Token\RSA SecurID Token.lnk
2012-06-07 00:47:25 . 2012-01-16 21:30:28 798 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\RSA\RSA SecurID Token\Token Transfer Utility.lnk
2012-06-07 00:47:25 . 2012-04-30 14:36:41 2,313 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\RHINO Connect Software\RHINO Connect Software.lnk
2012-06-07 00:47:25 . 2012-01-31 18:02:17 1,639 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
2012-06-07 00:47:25 . 2012-01-31 18:02:17 1,802 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
2012-06-07 00:47:25 . 2012-01-31 18:02:17 1,812 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
2012-06-07 00:47:25 . 2012-01-31 18:02:17 1,802 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
2012-06-07 00:47:25 . 2012-01-16 22:30:16 1,986 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
2012-06-07 00:47:25 . 2012-01-18 20:21:06 2,511 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
2012-06-07 00:47:25 . 2012-01-16 20:58:54 2,693 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
2012-06-07 00:47:24 . 2012-01-16 20:58:54 2,691 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
2012-06-07 00:47:24 . 2012-01-18 20:21:06 2,531 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
2012-06-07 00:47:24 . 2012-01-18 20:21:06 2,433 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
2012-06-07 00:47:24 . 2012-01-18 20:21:06 2,533 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
2012-06-07 00:47:24 . 2012-01-18 20:21:06 2,553 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
2012-06-07 00:47:24 . 2012-03-01 17:22:19 1,950 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk
2012-06-07 00:47:24 . 2012-03-01 17:30:15 2,519 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Publisher 2010.lnk
2012-06-07 00:47:24 . 2012-05-31 13:41:00 2,527 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
2012-06-07 00:47:24 . 2012-05-15 15:53:19 2,485 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Project 2007.lnk
2012-06-07 00:47:24 . 2012-05-31 14:59:06 2,495 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
2012-06-07 00:47:24 . 2012-06-01 14:12:21 2,485 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
2012-06-07 00:47:24 . 2012-01-16 20:58:54 2,599 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk
2012-06-07 00:47:24 . 2012-04-26 13:58:25 947 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk
2012-06-07 00:47:24 . 2012-04-26 13:58:25 820 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk
2012-06-07 00:47:23 . 2012-04-26 13:58:25 796 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk
2012-06-07 00:47:23 . 2012-04-26 13:58:25 796 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk
2012-06-07 00:47:23 . 2012-02-18 15:55:26 761 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\LeapFrog Connect\Uninstall LeapFrog Connect.lnk
2012-06-07 00:47:23 . 2012-02-18 15:55:26 842 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\LeapFrog Connect\LeapFrog Connect.lnk
2012-06-07 00:47:23 . 2012-01-16 20:51:55 1,585 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk
2012-06-07 00:47:23 . 2012-01-16 20:51:55 852 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk
2012-06-07 00:47:23 . 2012-01-16 20:51:55 862 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk
2012-06-07 00:47:23 . 2012-01-16 20:51:55 862 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Tools\Xvid StatsReader.lnk
2012-06-07 00:47:23 . 2012-01-16 20:51:55 1,845 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk
2012-06-07 00:47:23 . 2012-01-16 20:51:55 912 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Tools\GSpot Codec Information.lnk
2012-06-07 00:47:23 . 2012-01-16 20:51:55 862 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\mhorvath\LOCALS~1\Temp\smtmp\1\Programs\K-Lite Codec Pack\Tools\GraphStudio.lnk

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 07 June 2012 - 09:29 PM

I don't see anything in there

try doing a system restore to right before you ran combofix and see if it helps


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Mishney

Mishney
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 07 June 2012 - 09:35 PM

Can that be done with the Windows Recovery Console that Combofix installs? My system has restore turned off.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 07 June 2012 - 10:02 PM

combofix may have turned it back on - have you checked if it is on now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Mishney

Mishney
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 07 June 2012 - 10:06 PM

Yes it's still off.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 07 June 2012 - 10:20 PM

Hello

your it dept may have to reset it up then as I would not know how to do it

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users