Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Open Programs, Frequent Lock-ups


  • This topic is locked This topic is locked
11 replies to this topic

#1 Mrs. Bonnie

Mrs. Bonnie

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 13 June 2012 - 10:53 AM

Hello, and thank you for any help.

My computer had a virus that CatByte helped with back in December and January. I believe the same problem has returned. After booting up my computer, I am not able to open ANY programs by clicking on the icons. Instead, I must open the task manager and shutdown different programs until I am finally able to open something. I have run Malwarebytes and SuperAntiSpyware - neither of which have found anything. I believe this virus came in on a bogus Adobe update nearly a year ago and I've been battling it on and off since. I did find in the "Scheduled Tasks" folder of the control panel a scheduled Adobe update daily. I have deleted that, but still need to get rid of this problem.

I ran the DDS scan and will paste it and attach the required file. However, I have not yet been able to successfully run the gmer scan. Every time I try it, it runs for a little over 8 or 9 hours, then freezes. Sometimes with no error message at all, and sometimes with a message similar to the last time:

"C:\Documents and Settings\HP_Administrator\MyDocuments is not accessible. Insufficient system resources exist to complete requested service."

Once it did actually finish scanning, and froze as I clicked on the "save" button.

Here is the requested information. Again, thank you for any help you can provide!

Mrs. Bonnie


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by HP_Administrator at 15:48:54 on 2012-05-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2466 [GMT -5:00]
.
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Updater\Updater.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe
C:\Program Files\D-Link\DWA-130 revE\ProfileCnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Cisco Systems\Cisco Connect\CCPrt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Overwolf\Overwolf.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\webhelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hypercam toolbar\tbcore3.dll
uRun: [Overwolf] c:\program files\overwolf\Overwolf.exe -silent
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "c:\documents and settings\hp_administrator\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
mRun: [Lexmark 5600-6600 Series Fax Server] "c:\program files\lexmark 5600-6600 series\fm3032.exe" /s
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [ps2] c:\windows\system32\ps2.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [CCPrt] "c:\program files\cisco systems\cisco connect\CCPrt.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF"&"inst=NzctNjU4OTAxNDM5LUJBKzEtS1YzKzctWEwrMS1UMS1VQ0FMTCsxLUJBUjhHKzEtVUNBTEwyKzItVEI4KzItRkwrOC1GOE0xMUMrMS1VUEcrMjAxMS1GOE0xMUUrMS1ERFQrNTg2MzItRkwxMCsxLVRVRyszLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQisxLUYxMFRCKzItU1QxMFRCRisx"&"prod=90"&"ver=10.0.1415
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-130 reve\wirelesscm.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: runescape.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/40.11/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.94.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cfbisdtraining.webex.com/client/T23L/webex/ieatgpc.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{C2290754-6FAF-40D1-9DAA-852E92E091D5} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\overwolf\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\8v21hf6n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\onlive\plugin\npolgdet.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2010-1-13 98984]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-8-24 254256]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2011-8-8 20480]
R2 WLSVC;WLSVC;c:\program files\d-link\dwa-130 reve\WLSVC.exe [2011-8-8 167936]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-6-20 119528]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-8-8 588032]
S?2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\hp_adm~1\locals~1\temp\cfcatchme.sys --> c:\docume~1\hp_adm~1\locals~1\temp\CFcatchme.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-1-3 18560]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\overwolf\OverwolfUpdater.exe [2012-1-21 18360]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-22 1251720]
.
=============== Created Last 30 ================
.
2012-05-27 20:45:10 9138176 ----a-w- c:\documents and settings\hp_administrator\ntuser.tmp
2012-05-24 19:32:36 -------- d-----w- c:\program files\common files\Overwolf
.
==================== Find3M ====================
.
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2005-12-23 06:12:36 2073600 ----a-w- c:\program files\autorun.exe
.
============= FINISH: 15:50:19.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 18 June 2012 - 08:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

If you have a CD Emulator Software (Daemon Tools, Alcohol etc) installed, the drivers this software uses can interfere with the Anti-Rootkit tools we use. These interferences can take a few forms, like GMER crashing or causing BSODs, or Rootkit scans produces large amounts of FPs and general dross. This 'dross' often makes it hard to differentiate between genuine malicious Rootkits, and the legitimate drivers used by CM Emulators.

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators... < restore only when we are finished.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 Mrs. Bonnie

Mrs. Bonnie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 18 June 2012 - 09:10 AM

Thank you nasdaq (and Happy Birthday!)

I ran DeFogger and it appeared to run just fine - I got the "Finished!" message. Yet it didn't ask to reboot the computer and I did get a disable log. Here it is:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:03 on 18/06/2012 (HP_Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Thanks,
Mrs. Bonnie

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 18 June 2012 - 12:01 PM

Please download and run the other 2 programs I suggested.

Post the logs for my review.

#5 Mrs. Bonnie

Mrs. Bonnie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 18 June 2012 - 06:18 PM

Here is the TDSS Log:

18:16:11.0375 0276 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
18:16:11.0734 0276 ============================================================
18:16:11.0734 0276 Current date / time: 2012/06/18 18:16:11.0734
18:16:11.0734 0276 SystemInfo:
18:16:11.0734 0276
18:16:11.0734 0276 OS Version: 5.1.2600 ServicePack: 3.0
18:16:11.0734 0276 Product type: Workstation
18:16:11.0734 0276 ComputerName: TIFFANY
18:16:11.0734 0276 UserName: HP_Administrator
18:16:11.0734 0276 Windows directory: C:\WINDOWS
18:16:11.0734 0276 System windows directory: C:\WINDOWS
18:16:11.0734 0276 Processor architecture: Intel x86
18:16:11.0734 0276 Number of processors: 2
18:16:11.0734 0276 Page size: 0x1000
18:16:11.0734 0276 Boot type: Safe boot with network
18:16:11.0734 0276 ============================================================
18:16:14.0046 0276 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:16:14.0093 0276 ============================================================
18:16:14.0093 0276 \Device\Harddisk0\DR0:
18:16:14.0093 0276 MBR partitions:
18:16:14.0093 0276 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C0C2C6C
18:16:14.0093 0276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C0C6B6C, BlocksNum 0x10FDA15
18:16:14.0093 0276 ============================================================
18:16:14.0156 0276 C: <-> \Device\Harddisk0\DR0\Partition0
18:16:14.0171 0276 D: <-> \Device\Harddisk0\DR0\Partition1
18:16:14.0171 0276 ============================================================
18:16:14.0171 0276 Initialize success
18:16:14.0171 0276 ============================================================
18:16:16.0250 1964 ============================================================
18:16:16.0250 1964 Scan started
18:16:16.0250 1964 Mode: Manual;
18:16:16.0250 1964 ============================================================
18:16:18.0281 1964 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:16:18.0281 1964 !SASCORE - ok
18:16:18.0625 1964 Abiosdsk - ok
18:16:18.0640 1964 abp480n5 - ok
18:16:18.0734 1964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:16:18.0734 1964 ACPI - ok
18:16:18.0750 1964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:16:18.0750 1964 ACPIEC - ok
18:16:19.0234 1964 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
18:16:19.0234 1964 AdobeActiveFileMonitor8.0 - ok
18:16:19.0562 1964 adpu160m - ok
18:16:19.0640 1964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:16:19.0640 1964 aec - ok
18:16:19.0671 1964 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:16:19.0671 1964 AegisP - ok
18:16:19.0750 1964 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:16:19.0750 1964 AFD - ok
18:16:20.0046 1964 AgereSoftModem (51a66c689ad9b9a953f75496209ae520) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
18:16:20.0062 1964 AgereSoftModem - ok
18:16:20.0062 1964 Aha154x - ok
18:16:20.0078 1964 aic78u2 - ok
18:16:20.0078 1964 aic78xx - ok
18:16:20.0125 1964 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:16:20.0125 1964 Alerter - ok
18:16:20.0171 1964 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:16:20.0171 1964 ALG - ok
18:16:20.0171 1964 AliIde - ok
18:16:20.0218 1964 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
18:16:20.0218 1964 AmdK8 - ok
18:16:20.0234 1964 amsint - ok
18:16:20.0671 1964 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:16:20.0671 1964 Apple Mobile Device - ok
18:16:21.0015 1964 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:16:21.0015 1964 AppMgmt - ok
18:16:21.0109 1964 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
18:16:21.0109 1964 aracpi - ok
18:16:21.0140 1964 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
18:16:21.0140 1964 arhidfltr - ok
18:16:21.0156 1964 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
18:16:21.0156 1964 arkbcfltr - ok
18:16:21.0171 1964 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
18:16:21.0171 1964 armoucfltr - ok
18:16:21.0250 1964 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:16:21.0250 1964 Arp1394 - ok
18:16:21.0265 1964 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
18:16:21.0265 1964 ARPolicy - ok
18:16:21.0312 1964 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
18:16:21.0312 1964 ARSVC - ok
18:16:21.0312 1964 asc - ok
18:16:21.0328 1964 asc3350p - ok
18:16:21.0328 1964 asc3550 - ok
18:16:21.0484 1964 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:16:21.0484 1964 aspnet_state - ok
18:16:21.0515 1964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:16:21.0515 1964 AsyncMac - ok
18:16:21.0546 1964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:16:21.0546 1964 atapi - ok
18:16:21.0562 1964 Atdisk - ok
18:16:21.0609 1964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:16:21.0609 1964 Atmarpc - ok
18:16:21.0640 1964 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:16:21.0640 1964 AudioSrv - ok
18:16:21.0687 1964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:16:21.0687 1964 audstub - ok
18:16:22.0031 1964 AVG Security Toolbar Service - ok
18:16:22.0062 1964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:16:22.0062 1964 Beep - ok
18:16:22.0187 1964 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:16:22.0203 1964 BITS - ok
18:16:22.0671 1964 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:16:22.0671 1964 Bonjour Service - ok
18:16:22.0984 1964 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:16:22.0984 1964 Browser - ok
18:16:22.0984 1964 catchme - ok
18:16:23.0046 1964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:16:23.0046 1964 cbidf2k - ok
18:16:23.0500 1964 CCALib8 (20f89e232173985a455bc9a5f70d1166) C:\Program Files\Canon\CAL\CALMAIN.exe
18:16:23.0500 1964 CCALib8 - ok
18:16:23.0812 1964 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:16:23.0812 1964 CCDECODE - ok
18:16:23.0828 1964 cd20xrnt - ok
18:16:23.0859 1964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:16:23.0859 1964 Cdaudio - ok
18:16:23.0921 1964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:16:23.0921 1964 Cdfs - ok
18:16:23.0937 1964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:16:23.0937 1964 Cdrom - ok
18:16:24.0109 1964 CFcatchme - ok
18:16:24.0125 1964 Changer - ok
18:16:24.0171 1964 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:16:24.0171 1964 CiSvc - ok
18:16:24.0187 1964 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:16:24.0187 1964 ClipSrv - ok
18:16:24.0328 1964 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:16:24.0328 1964 clr_optimization_v2.0.50727_32 - ok
18:16:24.0343 1964 CmdIde - ok
18:16:24.0343 1964 COMSysApp - ok
18:16:24.0375 1964 Cpqarray - ok
18:16:24.0421 1964 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:16:24.0421 1964 CryptSvc - ok
18:16:24.0437 1964 dac2w2k - ok
18:16:24.0437 1964 dac960nt - ok
18:16:24.0484 1964 DCamUSBSQTECH (12e0a4134d5fd9914b965aa5aaa49e8f) C:\WINDOWS\system32\Drivers\SQcaptur.sys
18:16:24.0484 1964 DCamUSBSQTECH - ok
18:16:24.0609 1964 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:16:24.0625 1964 DcomLaunch - ok
18:16:24.0687 1964 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:16:24.0687 1964 Dhcp - ok
18:16:24.0718 1964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:16:24.0718 1964 Disk - ok
18:16:24.0718 1964 dmadmin - ok
18:16:24.0953 1964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:16:24.0968 1964 dmboot - ok
18:16:25.0031 1964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:16:25.0031 1964 dmio - ok
18:16:25.0062 1964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:16:25.0062 1964 dmload - ok
18:16:25.0109 1964 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:16:25.0109 1964 dmserver - ok
18:16:25.0156 1964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:16:25.0156 1964 DMusic - ok
18:16:25.0203 1964 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:16:25.0203 1964 Dnscache - ok
18:16:25.0265 1964 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:16:25.0265 1964 Dot3svc - ok
18:16:25.0265 1964 dpti2o - ok
18:16:25.0296 1964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:16:25.0296 1964 drmkaud - ok
18:16:25.0343 1964 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:16:25.0343 1964 EapHost - ok
18:16:25.0843 1964 eeCtrl (e89cc1363cb7f5320ae3b41c1333d0c3) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:16:25.0843 1964 eeCtrl - ok
18:16:26.0046 1964 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
18:16:26.0046 1964 ehRecvr - ok
18:16:26.0125 1964 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
18:16:26.0125 1964 ehSched - ok
18:16:26.0359 1964 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:16:26.0359 1964 ERSvc - ok
18:16:26.0437 1964 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:16:26.0437 1964 Eventlog - ok
18:16:26.0531 1964 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:16:26.0546 1964 EventSystem - ok
18:16:26.0687 1964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:16:26.0687 1964 Fastfat - ok
18:16:26.0750 1964 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:16:26.0750 1964 FastUserSwitchingCompatibility - ok
18:16:26.0859 1964 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
18:16:26.0859 1964 Fax - ok
18:16:26.0890 1964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:16:26.0890 1964 Fdc - ok
18:16:26.0906 1964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:16:26.0906 1964 Fips - ok
18:16:27.0484 1964 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:16:27.0500 1964 FLEXnet Licensing Service - ok
18:16:27.0843 1964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:16:27.0843 1964 Flpydisk - ok
18:16:27.0906 1964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:16:27.0906 1964 FltMgr - ok
18:16:27.0953 1964 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
18:16:27.0953 1964 FlyUsb - ok
18:16:28.0078 1964 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:16:28.0078 1964 FontCache3.0.0.0 - ok
18:16:28.0500 1964 FreeAgentGoNext Service (c0504d5561d4e3872bcba47531e2763b) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
18:16:28.0500 1964 FreeAgentGoNext Service - ok
18:16:28.0718 1964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:16:28.0718 1964 Fs_Rec - ok
18:16:28.0765 1964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:16:28.0765 1964 Ftdisk - ok
18:16:28.0781 1964 ftsata2 - ok
18:16:28.0859 1964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:16:28.0859 1964 GEARAspiWDM - ok
18:16:28.0906 1964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:16:28.0906 1964 Gpc - ok
18:16:28.0953 1964 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
18:16:28.0953 1964 hamachi - ok
18:16:29.0015 1964 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:16:29.0015 1964 HDAudBus - ok
18:16:29.0109 1964 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:16:29.0109 1964 helpsvc - ok
18:16:29.0140 1964 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:16:29.0140 1964 HidServ - ok
18:16:29.0171 1964 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:16:29.0171 1964 HidUsb - ok
18:16:29.0218 1964 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:16:29.0218 1964 hkmsvc - ok
18:16:29.0218 1964 hpn - ok
18:16:29.0328 1964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:16:29.0328 1964 HTTP - ok
18:16:29.0359 1964 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:16:29.0359 1964 HTTPFilter - ok
18:16:29.0359 1964 i2omgmt - ok
18:16:29.0375 1964 i2omp - ok
18:16:29.0437 1964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:16:29.0437 1964 i8042prt - ok
18:16:29.0687 1964 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:16:29.0703 1964 iaStor - ok
18:16:30.0140 1964 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:16:30.0140 1964 IDriverT - ok
18:16:30.0562 1964 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:16:30.0578 1964 idsvc - ok
18:16:30.0843 1964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:16:30.0843 1964 Imapi - ok
18:16:30.0906 1964 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:16:30.0906 1964 ImapiService - ok
18:16:30.0921 1964 ini910u - ok
18:16:32.0109 1964 IntcAzAudAddService (b76d32231f56bb3df236bf25f49106ae) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:16:32.0140 1964 IntcAzAudAddService - ok
18:16:32.0500 1964 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:16:32.0500 1964 IntelIde - ok
18:16:32.0546 1964 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:16:32.0546 1964 intelppm - ok
18:16:32.0578 1964 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:16:32.0578 1964 Ip6Fw - ok
18:16:32.0593 1964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:16:32.0593 1964 IpFilterDriver - ok
18:16:32.0609 1964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:16:32.0609 1964 IpInIp - ok
18:16:32.0671 1964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:16:32.0671 1964 IpNat - ok
18:16:33.0250 1964 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
18:16:33.0265 1964 iPod Service - ok
18:16:33.0671 1964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:16:33.0671 1964 IPSec - ok
18:16:33.0687 1964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:16:33.0687 1964 IRENUM - ok
18:16:33.0734 1964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:16:33.0734 1964 isapnp - ok
18:16:34.0203 1964 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
18:16:34.0203 1964 JavaQuickStarterService - ok
18:16:34.0593 1964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:16:34.0593 1964 Kbdclass - ok
18:16:34.0625 1964 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:16:34.0625 1964 kbdhid - ok
18:16:34.0687 1964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:16:34.0687 1964 kmixer - ok
18:16:35.0234 1964 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
18:16:35.0234 1964 Kodak AiO Network Discovery Service - ok
18:16:35.0625 1964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:16:35.0625 1964 KSecDD - ok
18:16:35.0687 1964 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:16:35.0687 1964 lanmanserver - ok
18:16:35.0750 1964 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:16:35.0750 1964 lanmanworkstation - ok
18:16:35.0765 1964 lbrtfdc - ok
18:16:36.0156 1964 LightScribeService (9696786759c4b43fa5c894747e893ea2) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:16:36.0156 1964 LightScribeService - ok
18:16:36.0468 1964 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:16:36.0468 1964 LmHosts - ok
18:16:36.0562 1964 LVCOMSer (38440fe1a65b1fe3d246c5c4cad22f53) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
18:16:36.0562 1964 LVCOMSer - ok
18:16:36.0843 1964 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
18:16:36.0843 1964 LVPr2Mon - ok
18:16:37.0265 1964 LVPrcSrv (28bd0e4b6c050b591b8cb35b9ad284e6) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
18:16:37.0265 1964 LVPrcSrv - ok
18:16:37.0656 1964 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
18:16:37.0656 1964 LVUSBSta - ok
18:16:37.0796 1964 lxduCATSCustConnectService (8a74607cf62f4d098aacd87080e2b613) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
18:16:37.0796 1964 lxduCATSCustConnectService - ok
18:16:37.0796 1964 lxdu_device - ok
18:16:37.0875 1964 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
18:16:37.0875 1964 McrdSvc - ok
18:16:38.0390 1964 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:16:38.0406 1964 MDM - ok
18:16:38.0609 1964 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:16:38.0609 1964 Messenger - ok
18:16:38.0640 1964 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
18:16:38.0656 1964 MHN - ok
18:16:38.0718 1964 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:16:38.0718 1964 MHNDRV - ok
18:16:38.0718 1964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:16:38.0734 1964 mnmdd - ok
18:16:38.0765 1964 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:16:38.0765 1964 mnmsrvc - ok
18:16:38.0812 1964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:16:38.0812 1964 Modem - ok
18:16:38.0828 1964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:16:38.0828 1964 Mouclass - ok
18:16:38.0859 1964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:16:38.0859 1964 mouhid - ok
18:16:38.0890 1964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:16:38.0906 1964 MountMgr - ok
18:16:38.0906 1964 mraid35x - ok
18:16:38.0984 1964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:16:39.0000 1964 MRxDAV - ok
18:16:39.0140 1964 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:16:39.0140 1964 MRxSmb - ok
18:16:39.0187 1964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:16:39.0187 1964 Msfs - ok
18:16:39.0187 1964 MSIServer - ok
18:16:39.0218 1964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:16:39.0218 1964 MSKSSRV - ok
18:16:39.0250 1964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:16:39.0250 1964 MSPCLOCK - ok
18:16:39.0281 1964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:16:39.0281 1964 MSPQM - ok
18:16:39.0328 1964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:16:39.0328 1964 mssmbios - ok
18:16:39.0328 1964 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:16:39.0328 1964 MSTEE - ok
18:16:39.0406 1964 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:16:39.0406 1964 Mup - ok
18:16:39.0437 1964 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:16:39.0437 1964 NABTSFEC - ok
18:16:39.0546 1964 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:16:39.0562 1964 napagent - ok
18:16:39.0625 1964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:16:39.0625 1964 NDIS - ok
18:16:39.0640 1964 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:16:39.0640 1964 NdisIP - ok
18:16:39.0671 1964 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:16:39.0671 1964 NdisTapi - ok
18:16:39.0718 1964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:16:39.0718 1964 Ndisuio - ok
18:16:39.0750 1964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:16:39.0750 1964 NdisWan - ok
18:16:39.0796 1964 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:16:39.0796 1964 NDProxy - ok
18:16:39.0812 1964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:16:39.0812 1964 NetBIOS - ok
18:16:39.0859 1964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:16:39.0859 1964 NetBT - ok
18:16:39.0921 1964 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:16:39.0937 1964 NetDDE - ok
18:16:39.0937 1964 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:16:39.0937 1964 NetDDEdsdm - ok
18:16:40.0000 1964 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:16:40.0000 1964 Netlogon - ok
18:16:40.0062 1964 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:16:40.0062 1964 Netman - ok
18:16:40.0218 1964 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:16:40.0218 1964 NetTcpPortSharing - ok
18:16:40.0265 1964 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:16:40.0265 1964 NIC1394 - ok
18:16:40.0343 1964 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:16:40.0343 1964 Nla - ok
18:16:40.0375 1964 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
18:16:40.0375 1964 nm - ok
18:16:40.0421 1964 NPF (b15e0180c43d8b5219196d76878cc2dd) C:\WINDOWS\system32\drivers\npf.sys
18:16:40.0421 1964 NPF - ok
18:16:40.0437 1964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:16:40.0437 1964 Npfs - ok
18:16:40.0625 1964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:16:40.0640 1964 Ntfs - ok
18:16:40.0671 1964 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:16:40.0687 1964 NtLmSsp - ok
18:16:40.0859 1964 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:16:40.0859 1964 NtmsSvc - ok
18:16:40.0906 1964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:16:40.0906 1964 Null - ok
18:16:44.0109 1964 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:16:44.0203 1964 nv - ok
18:16:44.0531 1964 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:16:44.0531 1964 NVENETFD - ok
18:16:44.0578 1964 NVHDA (1fda0adfd0dd666ecb1cbf8436f81805) C:\WINDOWS\system32\drivers\nvhda32.sys
18:16:44.0578 1964 NVHDA - ok
18:16:44.0593 1964 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:16:44.0593 1964 nvnetbus - ok
18:16:44.0671 1964 NVSvc (32f7dec3729b3bae66eebcab7b03b18f) C:\WINDOWS\system32\nvsvc32.exe
18:16:44.0671 1964 NVSvc - ok
18:16:44.0718 1964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:16:44.0718 1964 NwlnkFlt - ok
18:16:44.0734 1964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:16:44.0734 1964 NwlnkFwd - ok
18:16:45.0234 1964 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:16:45.0250 1964 odserv - ok
18:16:45.0625 1964 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:16:45.0625 1964 ohci1394 - ok
18:16:46.0000 1964 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:16:46.0000 1964 ose - ok
18:16:46.0140 1964 OverwolfUpdaterService (813c8045395da92ac8a7e0c7a78da8e7) C:\Program Files\Overwolf\\OverwolfUpdater.exe
18:16:46.0140 1964 OverwolfUpdaterService - ok
18:16:46.0515 1964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:16:46.0515 1964 Parport - ok
18:16:46.0531 1964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:16:46.0531 1964 PartMgr - ok
18:16:46.0578 1964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:16:46.0578 1964 ParVdm - ok
18:16:46.0609 1964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:16:46.0609 1964 PCI - ok
18:16:46.0625 1964 PCIDump - ok
18:16:46.0671 1964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:16:46.0671 1964 PCIIde - ok
18:16:46.0734 1964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:16:46.0734 1964 Pcmcia - ok
18:16:46.0750 1964 PDCOMP - ok
18:16:46.0750 1964 PDFRAME - ok
18:16:46.0765 1964 PDRELI - ok
18:16:46.0781 1964 PDRFRAME - ok
18:16:46.0781 1964 perc2 - ok
18:16:46.0796 1964 perc2hib - ok
18:16:47.0484 1964 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
18:16:47.0515 1964 PID_PEPI - ok
18:16:47.0859 1964 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:16:47.0859 1964 PlugPlay - ok
18:16:47.0890 1964 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:16:47.0890 1964 PolicyAgent - ok
18:16:47.0984 1964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:16:47.0984 1964 PptpMiniport - ok
18:16:48.0015 1964 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:16:48.0015 1964 Processor - ok
18:16:48.0015 1964 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:16:48.0015 1964 ProtectedStorage - ok
18:16:48.0078 1964 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
18:16:48.0078 1964 Ps2 - ok
18:16:48.0093 1964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:16:48.0109 1964 PSched - ok
18:16:48.0140 1964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:16:48.0140 1964 Ptilink - ok
18:16:48.0187 1964 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:16:48.0187 1964 PxHelp20 - ok
18:16:48.0187 1964 ql1080 - ok
18:16:48.0203 1964 Ql10wnt - ok
18:16:48.0218 1964 ql12160 - ok
18:16:48.0218 1964 ql1240 - ok
18:16:48.0234 1964 ql1280 - ok
18:16:48.0281 1964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:16:48.0281 1964 RasAcd - ok
18:16:48.0343 1964 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:16:48.0343 1964 RasAuto - ok
18:16:48.0375 1964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:16:48.0375 1964 Rasl2tp - ok
18:16:48.0484 1964 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:16:48.0484 1964 RasMan - ok
18:16:48.0515 1964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:16:48.0515 1964 RasPppoe - ok
18:16:48.0531 1964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:16:48.0531 1964 Raspti - ok
18:16:48.0578 1964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:16:48.0578 1964 Rdbss - ok
18:16:48.0593 1964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:16:48.0593 1964 RDPCDD - ok
18:16:48.0687 1964 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:16:48.0687 1964 rdpdr - ok
18:16:48.0765 1964 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:16:48.0765 1964 RDPWD - ok
18:16:48.0828 1964 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:16:48.0828 1964 RDSessMgr - ok
18:16:48.0875 1964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:16:48.0875 1964 redbook - ok
18:16:48.0921 1964 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:16:48.0921 1964 RemoteAccess - ok
18:16:48.0953 1964 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:16:48.0953 1964 RemoteRegistry - ok
18:16:49.0359 1964 rpcapd (9ed13880478f14900a5840ff048d174c) C:\Program Files\WinPcap\rpcapd.exe
18:16:49.0359 1964 rpcapd - ok
18:16:49.0656 1964 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:16:49.0671 1964 RpcLocator - ok
18:16:49.0796 1964 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:16:49.0796 1964 RpcSs - ok
18:16:49.0859 1964 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:16:49.0859 1964 RSVP - ok
18:16:49.0953 1964 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:16:49.0953 1964 rtl8139 - ok
18:16:50.0156 1964 RTL8192su (7bfdf13721f0366212ab8e94361a05bd) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
18:16:50.0156 1964 RTL8192su - ok
18:16:50.0203 1964 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:16:50.0203 1964 SamSs - ok
18:16:50.0593 1964 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:16:50.0593 1964 SASDIFSV - ok
18:16:50.0625 1964 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:16:50.0625 1964 SASKUTIL - ok
18:16:50.0671 1964 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:16:50.0671 1964 SCardSvr - ok
18:16:50.0765 1964 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:16:50.0765 1964 Schedule - ok
18:16:50.0875 1964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:16:50.0875 1964 Secdrv - ok
18:16:50.0921 1964 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:16:50.0921 1964 seclogon - ok
18:16:50.0937 1964 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:16:50.0953 1964 SENS - ok
18:16:50.0968 1964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:16:50.0968 1964 Serial - ok
18:16:51.0000 1964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:16:51.0000 1964 Sfloppy - ok
18:16:51.0140 1964 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:16:51.0140 1964 SharedAccess - ok
18:16:51.0187 1964 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:16:51.0187 1964 ShellHWDetection - ok
18:16:51.0187 1964 Simbad - ok
18:16:51.0578 1964 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files\Skype\Updater\Updater.exe
18:16:51.0578 1964 SkypeUpdate - ok
18:16:51.0953 1964 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:16:51.0953 1964 SLIP - ok
18:16:51.0968 1964 Sparrow - ok
18:16:51.0984 1964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:16:51.0984 1964 splitter - ok
18:16:52.0031 1964 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:16:52.0031 1964 Spooler - ok
18:16:52.0078 1964 SQTECH905C (e3879c514f59402e1a7ce58a5511816f) C:\WINDOWS\system32\Drivers\Capt905c.sys
18:16:52.0078 1964 SQTECH905C - ok
18:16:52.0156 1964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:16:52.0156 1964 sr - ok
18:16:52.0250 1964 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:16:52.0250 1964 srservice - ok
18:16:52.0375 1964 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:16:52.0375 1964 Srv - ok
18:16:52.0406 1964 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:16:52.0406 1964 SSDPSRV - ok
18:16:52.0750 1964 Steam Client Service - ok
18:16:52.0859 1964 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:16:52.0859 1964 stisvc - ok
18:16:52.0953 1964 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:16:52.0953 1964 streamip - ok
18:16:52.0968 1964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:16:52.0968 1964 swenum - ok
18:16:53.0000 1964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:16:53.0000 1964 swmidi - ok
18:16:53.0000 1964 SwPrv - ok
18:16:53.0109 1964 sxuptp (ae7cf3739c05edef1c14176ae0f97289) C:\WINDOWS\system32\DRIVERS\sxuptp.sys
18:16:53.0109 1964 sxuptp - ok
18:16:53.0875 1964 Symantec Core LC (fa2f6a8849219b16460bf44f9d1f3aa7) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
18:16:53.0890 1964 Symantec Core LC - ok
18:16:54.0250 1964 symc810 - ok
18:16:54.0250 1964 symc8xx - ok
18:16:54.0640 1964 SYMIDSCO - ok
18:16:54.0687 1964 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
18:16:54.0687 1964 symlcbrd - ok
18:16:54.0687 1964 sym_hi - ok
18:16:54.0703 1964 sym_u3 - ok
18:16:54.0765 1964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:16:54.0765 1964 sysaudio - ok
18:16:54.0812 1964 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:16:54.0828 1964 SysmonLog - ok
18:16:54.0906 1964 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:16:54.0906 1964 TapiSrv - ok
18:16:55.0046 1964 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:16:55.0046 1964 Tcpip - ok
18:16:55.0078 1964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:16:55.0078 1964 TDPIPE - ok
18:16:55.0093 1964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:16:55.0093 1964 TDTCP - ok
18:16:55.0171 1964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:16:55.0171 1964 TermDD - ok
18:16:55.0265 1964 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:16:55.0281 1964 TermService - ok
18:16:55.0328 1964 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:16:55.0328 1964 Themes - ok
18:16:55.0375 1964 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:16:55.0375 1964 TlntSvr - ok
18:16:55.0375 1964 TosIde - ok
18:16:55.0437 1964 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:16:55.0437 1964 TrkWks - ok
18:16:55.0468 1964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:16:55.0468 1964 Udfs - ok
18:16:55.0484 1964 ultra - ok
18:16:55.0609 1964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:16:55.0625 1964 Update - ok
18:16:55.0687 1964 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:16:55.0687 1964 upnphost - ok
18:16:55.0718 1964 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:16:55.0718 1964 UPS - ok
18:16:55.0765 1964 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:16:55.0765 1964 USBAAPL - ok
18:16:55.0796 1964 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:16:55.0812 1964 usbaudio - ok
18:16:55.0843 1964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:16:55.0843 1964 usbccgp - ok
18:16:55.0875 1964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:16:55.0875 1964 usbehci - ok
18:16:55.0906 1964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:16:55.0906 1964 usbhub - ok
18:16:55.0921 1964 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:16:55.0921 1964 usbohci - ok
18:16:55.0953 1964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:16:55.0953 1964 usbprint - ok
18:16:56.0000 1964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:16:56.0000 1964 usbscan - ok
18:16:56.0015 1964 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:16:56.0015 1964 usbstor - ok
18:16:56.0046 1964 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:16:56.0046 1964 usbuhci - ok
18:16:56.0078 1964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:16:56.0078 1964 VgaSave - ok
18:16:56.0109 1964 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:16:56.0109 1964 ViaIde - ok
18:16:56.0156 1964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:16:56.0156 1964 VolSnap - ok
18:16:56.0265 1964 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:16:56.0281 1964 VSS - ok
18:16:56.0343 1964 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:16:56.0343 1964 W32Time - ok
18:16:56.0375 1964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:16:56.0375 1964 Wanarp - ok
18:16:56.0515 1964 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:16:56.0515 1964 Wdf01000 - ok
18:16:56.0515 1964 WDICA - ok
18:16:56.0562 1964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:16:56.0562 1964 wdmaud - ok
18:16:56.0593 1964 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:16:56.0609 1964 WebClient - ok
18:16:56.0718 1964 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:16:56.0734 1964 winmgmt - ok
18:16:56.0796 1964 WLNdis50 (bb2c5a7a555b387b85481b8bde5370d7) C:\WINDOWS\system32\DRIVERS\wlndis50.sys
18:16:56.0796 1964 WLNdis50 - ok
18:16:57.0265 1964 WLSVC (5bf6d377d3c277a3a174cafae32e5831) C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe
18:16:57.0265 1964 WLSVC - ok
18:16:57.0578 1964 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:16:57.0578 1964 WmdmPmSN - ok
18:16:57.0750 1964 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:16:57.0765 1964 Wmi - ok
18:16:57.0859 1964 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:16:57.0859 1964 WmiApSrv - ok
18:16:58.0453 1964 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:16:58.0468 1964 WMPNetworkSvc - ok
18:16:59.0031 1964 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:16:59.0031 1964 WS2IFSL - ok
18:16:59.0078 1964 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:16:59.0078 1964 wscsvc - ok
18:16:59.0125 1964 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:16:59.0125 1964 WSTCODEC - ok
18:16:59.0156 1964 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:16:59.0156 1964 wuauserv - ok
18:16:59.0203 1964 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:16:59.0203 1964 WudfPf - ok
18:16:59.0234 1964 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:16:59.0234 1964 WudfRd - ok
18:16:59.0265 1964 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:16:59.0265 1964 WudfSvc - ok
18:16:59.0421 1964 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:16:59.0437 1964 WZCSVC - ok
18:16:59.0500 1964 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:16:59.0500 1964 xmlprov - ok
18:16:59.0531 1964 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
18:16:59.0531 1964 xusb21 - ok
18:16:59.0593 1964 MBR (0x1B8) (ed18b096bc416bfb306882a7c2eba877) \Device\Harddisk0\DR0
18:16:59.0625 1964 \Device\Harddisk0\DR0 - ok
18:16:59.0625 1964 Boot (0x1200) (3589d5b80e99fa35f07fb117d94aa76a) \Device\Harddisk0\DR0\Partition0
18:16:59.0625 1964 \Device\Harddisk0\DR0\Partition0 - ok
18:16:59.0640 1964 Boot (0x1200) (9ce42d56180b67e76855525aafd3ad98) \Device\Harddisk0\DR0\Partition1
18:16:59.0640 1964 \Device\Harddisk0\DR0\Partition1 - ok
18:16:59.0640 1964 ============================================================
18:16:59.0640 1964 Scan finished
18:16:59.0640 1964 ============================================================
18:16:59.0656 1908 Detected object count: 0
18:16:59.0656 1908 Actual detected object count: 0


_________________________________________________________________________________

And the Avast! Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-18 16:42:00
-----------------------------
16:42:00.734 OS Version: Windows 5.1.2600 Service Pack 3
16:42:00.734 Number of processors: 2 586 0x2302
16:42:00.734 ComputerName: TIFFANY UserName:
16:42:04.468 Initialize success
16:51:07.437 AVAST engine defs: 12061802
17:14:48.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
17:14:48.109 Disk 0 Vendor: ST3250823AS 3.03 Size: 238475MB BusType: 3
17:14:48.125 Disk 0 MBR read successfully
17:14:48.125 Disk 0 MBR scan
17:14:48.187 Disk 0 unknown MBR code
17:14:48.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229765 MB offset 63
17:14:48.218 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8699 MB offset 470575980
17:14:48.234 Disk 0 scanning sectors +488392065
17:14:48.343 Disk 0 scanning C:\WINDOWS\system32\drivers
17:15:07.781 Service scanning
17:15:53.000 Modules scanning
17:16:03.406 Disk 0 trace - called modules:
17:16:03.421 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
17:16:06.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b3b59c0]
17:16:06.531 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8b3929e8]
17:16:06.703 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8b392d98]
17:16:10.453 AVAST engine scan C:\WINDOWS
17:16:24.656 AVAST engine scan C:\WINDOWS\system32
17:24:46.453 AVAST engine scan C:\WINDOWS\system32\drivers
17:25:22.578 AVAST engine scan C:\Documents and Settings\HP_Administrator
18:14:48.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
18:14:49.109 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 19 June 2012 - 08:08 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===


Please post the log and let me know what problem persists.

#7 Mrs. Bonnie

Mrs. Bonnie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 19 June 2012 - 12:45 PM

Combo Fix has run and I have rebooted the computer. I am able to open programs and everything seems to be functioning normally at this point.

While running ComboFix, this error popped up:

The instruction at "0x0039404c" referenced memory at "0x0200393f". The memory could not be "read".

Click on OK to terminate the program.
Click on CANCEL to debug the program.

Since it was obvious that combofix was still running, I didn't touch it and let it continue to do its thing. Other than that, it seemed to run as intended. Here is the log:

ComboFix 12-06-19.01 - HP_Administrator 06/19/2012 12:08:01.4.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2396 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\_r_a_p_.tmp
c:\documents and settings\All Users\Application Data\107800w0y031r522s003l0wci2a4
c:\documents and settings\All Users\Application Data\376471n7h240o515g153v6qxo4j0
c:\documents and settings\HP_Administrator\ntuser.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-05-24 19:32 . 2012-05-24 19:32 -------- d-----w- c:\program files\Common Files\Overwolf
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:56 . 2011-12-31 23:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2005-12-23 06:12 . 2011-04-27 01:22 2073600 ----a-w- c:\program files\autorun.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Overwolf"="c:\program files\Overwolf\Overwolf.exe" [2012-05-10 42424]
"Facebook Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-02-12 137536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2009-05-11 684712]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2009-05-11 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2009-05-11 311976]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"ps2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-09 198160]
"CCPrt"="c:\program files\Cisco Systems\Cisco Connect\CCPrt.exe" [2011-06-10 1178744]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-16 2510848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF&inst=NzctNjU4OTAxNDM5LUJBKzEtS1YzKzctWEwrMS1UMS1VQ0FMTCsxLUJBUjhHKzEtVUNBTEwyKzItVEI4KzItRkwrOC1GOE0xMUMrMS1VUEcrMjAxMS1GOE0xMUUrMS1ERFQrNTg2MzItRkwxMCsxLVRVRyszLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQisxLUYxMFRCKzItU1QxMFRCRisx&prod=90&ver=10.0.1415" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-22 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2011-8-8 505152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-23 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^client.jar]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\client.jar
backup=c:\windows\pss\client.jarStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prefetch]
java -jar [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 06:25 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAHeadless]
2009-10-09 09:20 615808 ----a-w- c:\program files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-25 23:30 136176 ----atw- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 18:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-07 00:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2008-10-28 21:42 181544 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoshopElements8SyncAgent]
2009-10-09 10:47 1893728 ----a-w- c:\program files\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-04-04 21:14 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-09 01:53 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UStorage Server Service"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.10.0-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Program Files\\Adobe\\Elements Organizer 8.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\gPotato.com\\Allods Online\\bin\\Launcher-1.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\gPotato.com\\Allods Online\\bin\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\skyrim\\SkyrimLauncher.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Adobe\\Elements Organizer 8.0\\Photoshop Elements 8.0.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6 Demo\\RegTool.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6 Demo\\Sibelius.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56434:TCP"= 56434:TCP:Pando Media Booster
"56434:UDP"= 56434:UDP:Pando Media Booster
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
"9326:TCP"= 9326:TCP:allods server
"9329:TCP"= 9329:TCP:allods server1
"9340:TCP"= 9340:TCP:allods server2
"6980:TCP"= 6980:TCP:allods laucher
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [8/8/2011 2:40 PM 588032]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [10/9/2009 5:45 AM 169312]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [12/19/2011 5:32 PM 394672]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [1/13/2010 10:58 PM 98984]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/31/2012 4:09 PM 158856]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [8/24/2011 9:25 PM 254256]
S2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [8/8/2011 2:41 PM 20480]
S2 WLSVC;WLSVC;c:\program files\D-Link\DWA-130 revE\WLSVC.exe [8/8/2011 2:41 PM 167936]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [1/3/2009 2:59 PM 18560]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 12:31 PM 42000]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [6/20/2011 11:51 AM 119528]
S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe [1/21/2012 4:40 PM 18360]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 32878333
*NewlyCreated* - 35583527
*NewlyCreated* - ASWMBR
*Deregistered* - 32878333
*Deregistered* - 35583527
*Deregistered* - aswMBR
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: runescape.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8v21hf6n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-19 12:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,75,c7,eb,3f,ec,b0,4e,b8,a7,13,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,75,c7,eb,3f,ec,b0,4e,b8,a7,13,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-06-19 12:27:21
ComboFix-quarantined-files.txt 2012-06-19 17:27
ComboFix2.txt 2011-12-31 21:34
.
Pre-Run: 8,250,712,064 bytes free
Post-Run: 8,400,093,184 bytes free
.
- - End Of File - - B471CA373C9CADEB11A73EC5007504E5

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 19 June 2012 - 12:59 PM

Please run the ComboFix again and let me know if this error is persisting.
The instruction at "0x0039404c" referenced memory at "0x0200393f". The memory could not be "read"

===

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#9 Mrs. Bonnie

Mrs. Bonnie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 19 June 2012 - 04:15 PM

Ran Combofix again. This time I got a different error:

The exception unknown software exception (0xc00000fc) occurred in the application at location 0x7e418731.

However, this time combofix DID reboot the computer while it was running. That didn't happen last time.

-------------------------------------

Ran Security Check. Received this error while it was running. Had to close the error to get Security Check to continue its scan:

The instruction at "0x017184ff" referenced memory at "0x00000000". The memory could not be "read".

When this error popped up, so did the AVG program saying it had an error and that it needed to update. I have been trying to run AVG since this problem began. Up to now, when it has opened, it was completely blank inside.


Here are the logs:

ComboFix 12-06-19.01 - HP_Administrator 06/19/2012 13:04:19.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2114 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-05-24 19:32 . 2012-05-24 19:32 -------- d-----w- c:\program files\Common Files\Overwolf
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:56 . 2011-12-31 23:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2005-12-23 06:12 . 2011-04-27 01:22 2073600 ----a-w- c:\program files\autorun.exe
2012-06-19 17:28 . 2012-06-19 17:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-19_17.24.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-19 18:29 . 2012-06-19 18:29 16384 c:\windows\temp\Perflib_Perfdata_3e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Overwolf"="c:\program files\Overwolf\Overwolf.exe" [2012-05-10 42424]
"Facebook Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-02-12 137536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2009-05-11 684712]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2009-05-11 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2009-05-11 311976]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"ps2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-09 198160]
"CCPrt"="c:\program files\Cisco Systems\Cisco Connect\CCPrt.exe" [2011-06-10 1178744]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-16 2510848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF&inst=NzctNjU4OTAxNDM5LUJBKzEtS1YzKzctWEwrMS1UMS1VQ0FMTCsxLUJBUjhHKzEtVUNBTEwyKzItVEI4KzItRkwrOC1GOE0xMUMrMS1VUEcrMjAxMS1GOE0xMUUrMS1ERFQrNTg2MzItRkwxMCsxLVRVRyszLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQisxLUYxMFRCKzItU1QxMFRCRisx&prod=90&ver=10.0.1415" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-22 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2011-8-8 505152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-23 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^client.jar]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\client.jar
backup=c:\windows\pss\client.jarStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prefetch]
java -jar [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 06:25 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAHeadless]
2009-10-09 09:20 615808 ----a-w- c:\program files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-25 23:30 136176 ----atw- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 18:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-07 00:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2008-10-28 21:42 181544 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoshopElements8SyncAgent]
2009-10-09 10:47 1893728 ----a-w- c:\program files\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-04-04 21:14 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-09 01:53 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UStorage Server Service"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.10.0-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Program Files\\Adobe\\Elements Organizer 8.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\gPotato.com\\Allods Online\\bin\\Launcher-1.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\gPotato.com\\Allods Online\\bin\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\skyrim\\SkyrimLauncher.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Adobe\\Elements Organizer 8.0\\Photoshop Elements 8.0.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6 Demo\\RegTool.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6 Demo\\Sibelius.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56434:TCP"= 56434:TCP:Pando Media Booster
"56434:UDP"= 56434:UDP:Pando Media Booster
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
"9326:TCP"= 9326:TCP:allods server
"9329:TCP"= 9329:TCP:allods server1
"9340:TCP"= 9340:TCP:allods server2
"6980:TCP"= 6980:TCP:allods laucher
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [10/9/2009 5:45 AM 169312]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [12/19/2011 5:32 PM 394672]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [1/13/2010 10:58 PM 98984]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [8/24/2011 9:25 PM 254256]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [8/8/2011 2:41 PM 20480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [6/20/2011 11:51 AM 119528]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [8/8/2011 2:40 PM 588032]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/31/2012 4:09 PM 158856]
S2 WLSVC;WLSVC;c:\program files\D-Link\DWA-130 revE\WLSVC.exe [8/8/2011 2:41 PM 167936]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [1/3/2009 2:59 PM 18560]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/19/2012 12:28 PM 129976]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 12:31 PM 42000]
S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe [1/21/2012 4:40 PM 18360]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: runescape.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\8v21hf6n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-19 13:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,75,c7,eb,3f,ec,b0,4e,b8,a7,13,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,75,c7,eb,3f,ec,b0,4e,b8,a7,13,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(7484)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Overwolf\OWExplorer-1063.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\lxducoms.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\ARPWRMSG.EXE
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\Lexmark 5600-6600 Series\lxduMsdMon.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\common files\logitech\lu\lulnchr.exe
c:\program files\common files\logitech\lu\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2012-06-19 13:40:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-19 18:40
ComboFix2.txt 2012-06-19 17:27
ComboFix3.txt 2011-12-31 21:34
.
Pre-Run: 7,397,564,416 bytes free
Post-Run: 7,366,496,256 bytes free
.
- - End Of File - - CA8914300E08CC882B752DABFDC7091E



Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 30
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.0.1.152
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 15% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#10 Mrs. Bonnie

Mrs. Bonnie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 19 June 2012 - 06:40 PM

Just so you are aware, I will not be able to check back the forums until Thursday of next week. We are leaving for vacation. I will check back as soon as I get home to follow the next instructions. In the meantime, I am shutting down the computer and unplugging it. :)

Thank you!

Mrs. Bonnie

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 20 June 2012 - 07:17 AM

==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 7.086 GiB free. <- please remove or move files to CD or Flash drive. The free space on the C: drive is much to low.
D: is FIXED (FAT32) - 8 GiB total, 0.425 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

===

I suggest you try to get at least 15 GIB of free space.
===

When done Defrag your computer. That may take awhile.

If the error still persists I suggest you run A CHECK disk.

How to perform disk error checking in Windows XP
http://support.microsoft.com/kb/315265

===

Keep me posted.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 26 June 2012 - 10:23 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users