Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio ads running in background


  • This topic is locked This topic is locked
21 replies to this topic

#1 WMI

WMI

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 20 June 2012 - 12:13 PM

Audio ads are running on the computer and I haven't figured out how to get rid of them. Here is a copy of the DDS.txt following your instructions.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by daveh at 8:54:10 on 2012-06-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3711.1721 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FileZilla FTP Client\filezilla.exe
C:\Program Files\FileZilla FTP Client\fzsftp.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\PROGRA~1\MIC273~1\WEB2~1\WEBDES~1\EXPRWD.EXE
c:\program files\real\realplayer\RealPlay.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.worldministries.org/
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [Start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Profiler] c:\program files\saitek\software\Profiler.exe
mRun: [SaiSmart] c:\program files\saitek\software\SaiSmart.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [PowerPanel Personal Edition User Interaction] c:\program files\cyberpower powerpanel personal edition\pppeuser.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [PCHealthBoost] "c:\program files\pc healthboost\PCHealthBoost.exe" /s
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [SRUUninstall] "c:\windows\system32\msiexec.exe" /l*v c:\windows\temp\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress
StartupFolder: c:\docume~1\daveh\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\daveh\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: cstonline.com\.www
Trusted Zone: cstonline.com\www
Trusted Zone: musicmatch.com\online
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - hxxp://64.124.45.181/downloads/ccpm_0237.cab
DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} - file://d:\components\hidinputmonitorx.ocx
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} - file://d:\components\A9.ocx
DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} - hxxp://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148478894078
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup162.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3A6D19F6-FDF3-492D-B988-C032C2474430} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\daveh\application data\mozilla\firefox\profiles\yu9ohlzh.default\
FF - prefs.js: browser.search.selectedEngine - Startpage
FF - prefs.js: browser.startup.homepage - hxxp://www.worldministries.org/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b144d2a&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2007-11-30 577664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 257224]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-9-3 14336]
S3 SaiH0255;SaiH0255;c:\windows\system32\drivers\SaiH0255.sys [2005-5-30 121984]
S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2004-6-11 56576]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-15 21:11:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-15 21:11:42 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-06-15 18:51:22 -------- d-----w- c:\documents and settings\daveh\application data\ApplicationData
2012-06-13 20:59:59 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-06 20:25:35 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-06 20:25:35 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-04 15:03:05 -------- d-----w- c:\program files\common files\xing shared
2012-06-04 15:00:43 129144 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
2012-05-30 20:59:30 4966600 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2012-06-14 15:06:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 15:06:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 11:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 17:33:32 1901 ----a-w- c:\windows\panose.bin
2005-06-01 23:42:35 106496 ----a-w- c:\program files\rts.dll
1997-01-16 08:00:00 89600 ----a-w- c:\program files\SETUP.EXE
2005-05-14 00:12:00 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 18:13:58 66560 --sha-r- c:\windows\MOTA113.exe
2005-10-14 04:27:00 422400 --sha-r- c:\windows\x2.64.exe
2005-10-08 02:14:52 308224 --sha-r- c:\windows\system32\avisynth.dll
2005-07-14 19:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 22:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 05:37:42 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-25 07:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-04-27 17:24:24 2945024 --sha-r- c:\windows\system32\Smab.dll
2005-02-28 20:16:22 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 07:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.
============= FINISH: 8:58:05.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 PM

Posted 21 June 2012 - 12:32 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 WMI

WMI
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 22 June 2012 - 12:24 PM

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2012
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 6 Update 23
Java™ SE Runtime Environment 6 Update 1
Java version out of Date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 22% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#4 WMI

WMI
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 22 June 2012 - 01:09 PM

This is the checkup.txt file that was created per instructions.

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2012
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
JavaFX 2.1.1
Java™ 6 Update 23
Java™ 7 Update 5
Adobe Flash Player 11.3.300.262
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 24% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 PM

Posted 22 June 2012 - 01:46 PM

PLEASE RUN COMBOFIX FOR ME



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 WMI

WMI
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 22 June 2012 - 02:03 PM

Here is the combofix log:

ComboFix 12-06-21.03 - daveh 06/22/2012 11:35:46.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3711.3083 [GMT -7:00]
Running from: c:\documents and settings\daveh\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\daveh\LOCALS~1\Temp\48.tmp
c:\documents and settings\All Users\Application Data\DirectCDUserNameE.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\documents and settings\daveh\Local Settings\Temp\48.tmp
c:\documents and settings\daveh\My Documents\DPE.DUS
c:\documents and settings\daveh\WINDOWS
c:\program files\Program Files
c:\program files\Program Files\Common Files\Adobe\Color\ACE1Cache.lst
c:\program files\Program Files\Common Files\Adobe\TypeSpt\AdobeFnt.lst
c:\program files\Program Files\Common Files\Adobe\Workflow\Options.txt
c:\program files\Setup.exe
C:\SETUP.EXE
c:\windows\system\oeminfo.ini
c:\windows\system32\avisynth.dll
c:\windows\system32\devil.dll
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\ReadMe.txt
c:\windows\system32\setb4.tmp
c:\windows\system32\SETB9.tmp
c:\windows\system32\SETBA.tmp
c:\windows\system32\SETBB.tmp
c:\windows\system32\SETBC.tmp
c:\windows\system32\SETBD.tmp
c:\windows\system32\SETBE.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 17:29 . 2012-06-22 17:29 -------- d-----w- c:\program files\Oracle
2012-06-22 17:29 . 2012-06-22 17:29 -------- d-----w- c:\documents and settings\daveh\Application Data\Oracle
2012-06-22 17:29 . 2012-05-05 02:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-21 03:15 . 2012-06-21 03:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-06-19 18:54 . 2012-06-19 18:54 -------- d-----w- c:\documents and settings\daveh\Local Settings\Application Data\Threat Expert
2012-06-19 18:44 . 2012-06-19 20:58 -------- d-----w- c:\program files\PC Tools
2012-06-19 18:38 . 2012-06-19 20:58 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-19 18:38 . 2012-05-11 18:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-19 18:37 . 2012-06-19 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-06-19 18:37 . 2012-06-19 18:37 -------- d-----w- c:\documents and settings\daveh\Application Data\TestApp
2012-06-18 16:15 . 2012-06-18 16:15 -------- d-----w- c:\documents and settings\daveh\Application Data\Malwarebytes
2012-06-18 16:15 . 2012-06-18 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-15 21:11 . 2012-06-16 05:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-15 21:11 . 2012-06-16 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-06-15 18:51 . 2012-06-15 18:56 -------- d-----w- c:\documents and settings\daveh\Application Data\ApplicationData
2012-06-13 20:59 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-06 20:25 . 2012-06-06 20:25 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-06 20:25 . 2012-06-06 20:25 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-04 15:03 . 2012-06-04 15:03 -------- d-----w- c:\program files\Common Files\xing shared
2012-06-04 15:00 . 2012-06-04 15:00 129144 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-05-30 20:59 . 2012-05-30 20:59 4966600 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 18:02 . 2012-04-04 21:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-22 18:02 . 2011-05-19 21:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 17:28 . 2007-04-27 14:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-02 22:19 . 2007-05-23 18:07 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-05-23 18:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2004-08-10 23:08 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2004-08-10 23:08 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2004-08-10 23:08 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2007-05-23 18:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2005-05-26 11:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2004-08-10 23:08 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2003-09-12 07:45 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2002-09-03 16:28 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2007-05-23 18:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2004-08-10 23:08 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2003-09-12 07:45 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2007-05-24 19:51 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 22:18 . 2006-05-25 15:27 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2005-05-26 11:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2002-09-23 22:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-02-07 01:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2002-09-03 17:11 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2002-09-03 16:39 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2002-09-03 16:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2002-09-03 16:50 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2002-08-29 01:04 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2002-08-29 10:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 11:50 . 2012-04-19 11:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-06-18 20:19 . 2011-04-21 21:39 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2005-05-14 00:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 18:13 66560 --sha-r- c:\windows\MOTA113.exe
2005-10-14 04:27 422400 --sha-r- c:\windows\x2.64.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2004-04-23 77824]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2003-07-18 159744]
"SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2003-07-18 98304]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"nwiz"="nwiz.exe" [2007-06-29 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-04-10 316864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-04 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="c:\windows\System32\msiexec.exe" [2008-05-19 95744]
.
c:\documents and settings\daveh\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-24 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 7.0 Tray Icon.lnk]
backup=c:\windows\pss\AOL 7.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^daveh^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LnkSet
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]
/L:ENG [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 19:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2003-02-20 21:27 110592 ----a-w- c:\windows\SYSTEM32\ctasio.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2005-08-04 03:04 25088 ----a-w- c:\windows\SYSTEM32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 11:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2002-09-30 06:00 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-02-20 21:45 28672 ----a-w- c:\windows\SYSTEM32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2002-10-29 14:18 49152 ----a-w- c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2002-08-14 23:22 28672 ----a-r- c:\windows\SYSTEM32\DSentry.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnvyHFCPL]
2004-12-09 08:51 3895296 ----a-w- c:\program files\Audio Deck\EnMixCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2002-08-29 10:00 44032 ----a-w- c:\windows\IME\IMKR6_1\imekrmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 05:31 208952 ----a-w- c:\windows\IME\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-01-19 18:06 11776 ----a-w- c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-19 18:06 110592 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
2005-09-16 01:41 98192 ----a-w- c:\program files\mozilla.org\Mozilla\mozilla.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2003-03-11 21:24 86016 ----a-w- c:\program files\Intel\NCS\PROSet\PRONoMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2012-06-04 15:00 499312 ----a-w- c:\program files\real\realplayer\realplay.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\SYSTEM32\DRIVERS\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/7/2010 3:48 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [9/7/2010 3:48 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [9/7/2010 3:49 AM 301248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [5/30/2012 1:56 PM 3048136]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\SYSTEM32\DRIVERS\Envy24HF.sys [11/30/2007 11:18 PM 577664]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/5/2012 3:17 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 2:50 PM 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 10:37 AM 113120]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [9/3/2002 10:05 AM 14336]
S3 SaiH0255;SaiH0255;c:\windows\SYSTEM32\DRIVERS\SaiH0255.sys [5/30/2005 6:16 PM 121984]
S3 SaiH0464;SaiH0464;c:\windows\SYSTEM32\DRIVERS\SaiH0464.sys [6/11/2004 10:59 AM 56576]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:02]
.
2012-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2008-07-25 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2200 series272A572217594EBCF1CEE215E352B92AD073FDE4207340180.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 00:56]
.
2012-06-22 c:\windows\Tasks\User_Feed_Synchronization-{BBF42B79-9F4D-4F30-83F8-4C79730F3BC0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.worldministries.org/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: cstonline.com\.www
Trusted Zone: cstonline.com\www
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\daveh\Application Data\Mozilla\Firefox\Profiles\yu9ohlzh.default\
FF - prefs.js: browser.search.selectedEngine - Startpage
FF - prefs.js: browser.startup.homepage - hxxp://www.worldministries.org/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b144d2a&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
MSConfigStartUp-Logitech Utility - Logi_MwX.Exe
AddRemove-Microsoft Interactive Training - c:\windows\orun32.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-22 11:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Systems Internals\Myster¡on PKGX*]
"M¡steryon"="M¡steryon"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2056)
c:\windows\system32\WININET.dll
c:\program files\Logitech\Profiler\LWEHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberPower PowerPanel Personal Edition\ppped.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-22 11:59:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 18:59
.
Pre-Run: 2,735,300,608 bytes free
Post-Run: 2,749,665,280 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 38AB8828D71B5873E024FD6267BA0876

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 PM

Posted 22 June 2012 - 06:37 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 PM

Posted 24 June 2012 - 11:20 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 WMI

WMI
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 25 June 2012 - 11:21 AM

TSSKiller report:

09:18:09.0359 2596 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
09:18:09.0843 2596 ============================================================
09:18:09.0843 2596 Current date / time: 2012/06/25 09:18:09.0843
09:18:09.0843 2596 SystemInfo:
09:18:09.0843 2596
09:18:09.0843 2596 OS Version: 5.1.2600 ServicePack: 3.0
09:18:09.0843 2596 Product type: Workstation
09:18:09.0843 2596 ComputerName: WMI-WEB-NEWS
09:18:09.0843 2596 UserName: daveh
09:18:09.0843 2596 Windows directory: C:\WINDOWS
09:18:09.0843 2596 System windows directory: C:\WINDOWS
09:18:09.0843 2596 Processor architecture: Intel x86
09:18:09.0843 2596 Number of processors: 1
09:18:09.0843 2596 Page size: 0x1000
09:18:09.0843 2596 Boot type: Normal boot
09:18:09.0843 2596 ============================================================
09:18:14.0375 2596 Drive \Device\Harddisk0\DR0 - Size: 0xDF8475800 (55.88 Gb), SectorSize: 0x200, Cylinders: 0x1C7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:18:14.0421 2596 ============================================================
09:18:14.0421 2596 \Device\Harddisk0\DR0:
09:18:14.0421 2596 MBR partitions:
09:18:14.0421 2596 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x6FAC539
09:18:14.0421 2596 ============================================================
09:18:14.0468 2596 C: <-> \Device\Harddisk0\DR0\Partition0
09:18:14.0500 2596 ============================================================
09:18:14.0500 2596 Initialize success
09:18:14.0500 2596 ============================================================
09:18:26.0765 0736 ============================================================
09:18:26.0765 0736 Scan started
09:18:26.0765 0736 Mode: Manual;
09:18:26.0765 0736 ============================================================
09:18:28.0468 0736 Abiosdsk - ok
09:18:28.0531 0736 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
09:18:28.0531 0736 abp480n5 - ok
09:18:28.0765 0736 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:18:28.0828 0736 ACPI - ok
09:18:28.0890 0736 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:18:28.0906 0736 ACPIEC - ok
09:18:29.0734 0736 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:18:29.0859 0736 AdobeFlashPlayerUpdateSvc - ok
09:18:30.0015 0736 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
09:18:30.0046 0736 adpu160m - ok
09:18:30.0468 0736 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:18:30.0515 0736 aec - ok
09:18:30.0765 0736 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:18:30.0796 0736 AFD - ok
09:18:30.0968 0736 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:18:30.0968 0736 agp440 - ok
09:18:31.0078 0736 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
09:18:31.0093 0736 agpCPQ - ok
09:18:31.0171 0736 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
09:18:31.0171 0736 Aha154x - ok
09:18:31.0265 0736 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
09:18:31.0265 0736 aic78u2 - ok
09:18:31.0437 0736 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
09:18:31.0437 0736 aic78xx - ok
09:18:31.0515 0736 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:18:31.0515 0736 Alerter - ok
09:18:31.0609 0736 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:18:31.0609 0736 ALG - ok
09:18:31.0687 0736 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
09:18:31.0687 0736 AliIde - ok
09:18:31.0765 0736 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
09:18:31.0765 0736 alim1541 - ok
09:18:31.0859 0736 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
09:18:31.0859 0736 amdagp - ok
09:18:31.0906 0736 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
09:18:31.0906 0736 amsint - ok
09:18:32.0296 0736 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:18:32.0296 0736 Apple Mobile Device - ok
09:18:32.0312 0736 AppMgmt - ok
09:18:32.0500 0736 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:18:32.0515 0736 Arp1394 - ok
09:18:32.0609 0736 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
09:18:32.0625 0736 asc - ok
09:18:32.0687 0736 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
09:18:32.0687 0736 asc3350p - ok
09:18:32.0765 0736 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
09:18:32.0765 0736 asc3550 - ok
09:18:32.0859 0736 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
09:18:32.0859 0736 Aspi32 - ok
09:18:33.0328 0736 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:18:33.0687 0736 aspnet_state - ok
09:18:33.0718 0736 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:18:33.0718 0736 AsyncMac - ok
09:18:33.0968 0736 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:18:33.0968 0736 atapi - ok
09:18:33.0968 0736 Atdisk - ok
09:18:34.0656 0736 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
09:18:34.0734 0736 Ati HotKey Poller - ok
09:18:35.0484 0736 ATI Smart (1a73f763dfad0ca36dbb45bbe1ab66e5) C:\WINDOWS\SYSTEM32\ati2sgag.exe
09:18:35.0484 0736 ATI Smart - ok
09:18:36.0593 0736 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:18:37.0125 0736 ati2mtag - ok
09:18:38.0234 0736 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:18:38.0234 0736 Atmarpc - ok
09:18:38.0328 0736 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:18:38.0343 0736 AudioSrv - ok
09:18:38.0390 0736 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:18:38.0406 0736 audstub - ok
09:18:45.0062 0736 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
09:18:47.0671 0736 AVGIDSAgent - ok
09:18:48.0921 0736 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
09:18:48.0937 0736 AVGIDSDriver - ok
09:18:49.0000 0736 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
09:18:49.0000 0736 AVGIDSFilter - ok
09:18:49.0046 0736 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
09:18:49.0046 0736 AVGIDSHX - ok
09:18:49.0109 0736 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
09:18:49.0109 0736 AVGIDSShim - ok
09:18:49.0453 0736 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:18:49.0453 0736 Avgldx86 - ok
09:18:49.0578 0736 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:18:49.0578 0736 Avgmfx86 - ok
09:18:49.0609 0736 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:18:49.0640 0736 Avgrkx86 - ok
09:18:49.0984 0736 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:18:49.0984 0736 Avgtdix - ok
09:18:50.0531 0736 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:18:50.0578 0736 avgwd - ok
09:18:52.0265 0736 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
09:18:52.0765 0736 BCMModem - ok
09:18:52.0828 0736 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:18:52.0828 0736 Beep - ok
09:18:53.0500 0736 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:18:53.0609 0736 BITS - ok
09:18:53.0750 0736 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
09:18:53.0750 0736 Bonjour Service - ok
09:18:53.0796 0736 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:18:53.0796 0736 Browser - ok
09:18:53.0812 0736 bvrp_pci - ok
09:18:53.0812 0736 catchme - ok
09:18:53.0906 0736 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
09:18:53.0906 0736 cbidf - ok
09:18:53.0906 0736 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:18:53.0906 0736 cbidf2k - ok
09:18:53.0968 0736 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
09:18:53.0968 0736 cd20xrnt - ok
09:18:54.0031 0736 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:18:54.0031 0736 Cdaudio - ok
09:18:54.0140 0736 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:18:54.0140 0736 Cdfs - ok
09:18:54.0218 0736 Cdr4_xp (991ff38609ecb64e876f1301d30e6e0b) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
09:18:54.0250 0736 Cdr4_xp - ok
09:18:54.0281 0736 Cdralw2k (5e31abf467a6fd857710c0927c88ee4c) C:\WINDOWS\system32\drivers\Cdralw2k.sys
09:18:54.0296 0736 Cdralw2k - ok
09:18:54.0468 0736 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:18:54.0468 0736 Cdrom - ok
09:18:54.0734 0736 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
09:18:54.0781 0736 cdudf_xp - ok
09:18:54.0781 0736 Changer - ok
09:18:54.0859 0736 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:18:54.0859 0736 CiSvc - ok
09:18:54.0937 0736 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:18:54.0953 0736 ClipSrv - ok
09:18:55.0343 0736 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:18:56.0625 0736 clr_optimization_v2.0.50727_32 - ok
09:18:57.0046 0736 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:18:57.0906 0736 clr_optimization_v4.0.30319_32 - ok
09:18:57.0968 0736 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
09:18:57.0968 0736 CmdIde - ok
09:18:58.0031 0736 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:18:58.0031 0736 Compbatt - ok
09:18:58.0031 0736 COMSysApp - ok
09:18:58.0093 0736 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
09:18:58.0093 0736 Cpqarray - ok
09:18:58.0546 0736 cpuz134 - ok
09:18:58.0640 0736 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\System32\CTsvcCDA.exe
09:18:58.0640 0736 Creative Service for CDROM Access - ok
09:18:58.0703 0736 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:18:58.0703 0736 CryptSvc - ok
09:18:58.0750 0736 ctac32k (4c638290979600ae2ae329d1608ad2ec) C:\WINDOWS\system32\drivers\ctac32k.sys
09:18:58.0750 0736 ctac32k - ok
09:18:58.0828 0736 ctaud2k (cf5662375781f741513c169cd4094100) C:\WINDOWS\system32\drivers\ctaud2k.sys
09:18:58.0953 0736 ctaud2k - ok
09:18:59.0515 0736 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys
09:18:59.0609 0736 ctdvda2k - ok
09:18:59.0656 0736 ctprxy2k (678849d1af0750f68dbdc185252d5926) C:\WINDOWS\system32\drivers\ctprxy2k.sys
09:18:59.0656 0736 ctprxy2k - ok
09:18:59.0859 0736 ctsfm2k (3a076ebfbbbd6879a78863944980da32) C:\WINDOWS\system32\drivers\ctsfm2k.sys
09:18:59.0890 0736 ctsfm2k - ok
09:19:00.0078 0736 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
09:19:00.0109 0736 dac2w2k - ok
09:19:00.0203 0736 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
09:19:00.0203 0736 dac960nt - ok
09:19:00.0703 0736 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:19:00.0843 0736 DcomLaunch - ok
09:19:01.0046 0736 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:19:01.0078 0736 Dhcp - ok
09:19:01.0312 0736 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:19:01.0328 0736 Disk - ok
09:19:01.0328 0736 dmadmin - ok
09:19:01.0531 0736 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:19:01.0562 0736 dmboot - ok
09:19:01.0640 0736 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:19:01.0640 0736 dmio - ok
09:19:01.0671 0736 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:19:01.0671 0736 dmload - ok
09:19:01.0734 0736 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:19:01.0750 0736 dmserver - ok
09:19:01.0781 0736 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:19:01.0781 0736 DMusic - ok
09:19:01.0843 0736 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:19:01.0843 0736 Dnscache - ok
09:19:01.0906 0736 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:19:01.0921 0736 Dot3svc - ok
09:19:01.0937 0736 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
09:19:01.0953 0736 dpti2o - ok
09:19:02.0000 0736 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:19:02.0000 0736 drmkaud - ok
09:19:02.0031 0736 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
09:19:02.0046 0736 dvd_2K - ok
09:19:02.0093 0736 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:19:02.0093 0736 E100B - ok
09:19:02.0156 0736 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:19:02.0171 0736 EapHost - ok
09:19:02.0171 0736 EL90XBC - ok
09:19:02.0406 0736 emupia (f7511cf63ef82f7227c03028a3abadb5) C:\WINDOWS\system32\drivers\emupia2k.sys
09:19:02.0453 0736 emupia - ok
09:19:02.0953 0736 Envy24HFS (75474586a845dfb77050d118d0d368f6) C:\WINDOWS\system32\drivers\Envy24HF.sys
09:19:03.0125 0736 Envy24HFS - ok
09:19:03.0218 0736 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:19:03.0218 0736 ERSvc - ok
09:19:03.0421 0736 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:19:03.0484 0736 Eventlog - ok
09:19:03.0687 0736 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
09:19:03.0687 0736 EventSystem - ok
09:19:03.0750 0736 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:19:03.0750 0736 Fastfat - ok
09:19:03.0796 0736 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:19:03.0796 0736 FastUserSwitchingCompatibility - ok
09:19:03.0859 0736 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
09:19:03.0875 0736 Fax - ok
09:19:03.0906 0736 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:19:03.0906 0736 Fdc - ok
09:19:03.0953 0736 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:19:03.0953 0736 Fips - ok
09:19:03.0968 0736 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:19:03.0968 0736 Flpydisk - ok
09:19:04.0031 0736 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:19:04.0046 0736 FltMgr - ok
09:19:04.0234 0736 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:19:04.0234 0736 FontCache3.0.0.0 - ok
09:19:04.0343 0736 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:19:04.0343 0736 Fs_Rec - ok
09:19:04.0375 0736 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:19:04.0390 0736 Ftdisk - ok
09:19:04.0453 0736 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:19:04.0468 0736 GEARAspiWDM - ok
09:19:04.0718 0736 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files\NOS\bin\getPlus_Helper.dll
09:19:04.0750 0736 getPlusHelper - ok
09:19:04.0750 0736 GMSIPCI - ok
09:19:04.0828 0736 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:19:04.0828 0736 Gpc - ok
09:19:05.0843 0736 ha10kx2k (f24dd43adc784177b28984043bc022ab) C:\WINDOWS\system32\drivers\ha10kx2k.sys
09:19:06.0187 0736 ha10kx2k - ok
09:19:06.0343 0736 hap16v2k (ff65c807ea641ff7310a61be4dec6479) C:\WINDOWS\system32\drivers\hap16v2k.sys
09:19:06.0359 0736 hap16v2k - ok
09:19:06.0531 0736 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:19:06.0531 0736 helpsvc - ok
09:19:06.0593 0736 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
09:19:06.0593 0736 HidBatt - ok
09:19:06.0609 0736 HidServ - ok
09:19:06.0687 0736 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:19:06.0703 0736 HidUsb - ok
09:19:06.0828 0736 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:19:06.0828 0736 hkmsvc - ok
09:19:06.0906 0736 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
09:19:06.0906 0736 hpn - ok
09:19:07.0015 0736 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:19:07.0015 0736 HPZid412 - ok
09:19:07.0093 0736 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:19:07.0093 0736 HPZipr12 - ok
09:19:07.0140 0736 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:19:07.0140 0736 HPZius12 - ok
09:19:07.0312 0736 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:19:07.0343 0736 HTTP - ok
09:19:07.0453 0736 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:19:07.0468 0736 HTTPFilter - ok
09:19:07.0484 0736 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:19:07.0484 0736 i2omgmt - ok
09:19:07.0515 0736 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
09:19:07.0515 0736 i2omp - ok
09:19:07.0546 0736 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:19:07.0546 0736 i8042prt - ok
09:19:07.0734 0736 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
09:19:07.0765 0736 i81x - ok
09:19:07.0828 0736 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
09:19:07.0828 0736 iAimFP0 - ok
09:19:07.0890 0736 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
09:19:07.0890 0736 iAimFP1 - ok
09:19:07.0937 0736 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
09:19:07.0937 0736 iAimFP2 - ok
09:19:08.0031 0736 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
09:19:08.0031 0736 iAimFP3 - ok
09:19:08.0125 0736 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
09:19:08.0125 0736 iAimFP4 - ok
09:19:08.0171 0736 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
09:19:08.0171 0736 iAimTV0 - ok
09:19:08.0250 0736 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
09:19:08.0250 0736 iAimTV1 - ok
09:19:08.0265 0736 iAimTV2 - ok
09:19:08.0312 0736 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
09:19:08.0328 0736 iAimTV3 - ok
09:19:08.0375 0736 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
09:19:08.0375 0736 iAimTV4 - ok
09:19:08.0718 0736 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:19:08.0734 0736 IDriverT - ok
09:19:09.0187 0736 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:19:09.0593 0736 idsvc - ok
09:19:09.0656 0736 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:19:09.0656 0736 Imapi - ok
09:19:09.0843 0736 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:19:09.0859 0736 ImapiService - ok
09:19:09.0921 0736 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
09:19:09.0921 0736 ini910u - ok
09:19:09.0984 0736 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
09:19:09.0984 0736 IntelIde - ok
09:19:10.0031 0736 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:19:10.0031 0736 intelppm - ok
09:19:10.0062 0736 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:19:10.0062 0736 Ip6Fw - ok
09:19:10.0109 0736 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:19:10.0109 0736 IpFilterDriver - ok
09:19:10.0140 0736 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:19:10.0140 0736 IpInIp - ok
09:19:10.0156 0736 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:19:10.0171 0736 IpNat - ok
09:19:11.0140 0736 iPod Service (e51bd095b2fdf56b17ee010bb794d6ed) C:\Program Files\iPod\bin\iPodService.exe
09:19:11.0562 0736 iPod Service - ok
09:19:11.0687 0736 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:19:11.0703 0736 IPSec - ok
09:19:11.0734 0736 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:19:11.0734 0736 IRENUM - ok
09:19:11.0796 0736 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:19:11.0796 0736 isapnp - ok
09:19:12.0234 0736 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
09:19:12.0250 0736 JavaQuickStarterService - ok
09:19:12.0312 0736 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:19:12.0312 0736 Kbdclass - ok
09:19:12.0437 0736 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:19:12.0437 0736 kbdhid - ok
09:19:12.0484 0736 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:19:12.0500 0736 kmixer - ok
09:19:12.0546 0736 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:19:12.0546 0736 KSecDD - ok
09:19:12.0593 0736 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:19:12.0609 0736 lanmanserver - ok
09:19:12.0656 0736 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:19:12.0671 0736 lanmanworkstation - ok
09:19:12.0671 0736 lbrtfdc - ok
09:19:12.0718 0736 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:19:12.0718 0736 LmHosts - ok
09:19:12.0828 0736 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
09:19:12.0843 0736 MDM - ok
09:19:12.0890 0736 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:19:12.0890 0736 Messenger - ok
09:19:13.0109 0736 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:19:13.0109 0736 Microsoft Office Groove Audit Service - ok
09:19:13.0156 0736 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
09:19:13.0171 0736 mmc_2K - ok
09:19:13.0187 0736 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:19:13.0187 0736 mnmdd - ok
09:19:13.0250 0736 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
09:19:13.0250 0736 mnmsrvc - ok
09:19:13.0312 0736 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:19:13.0312 0736 Modem - ok
09:19:13.0359 0736 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:19:13.0359 0736 MODEMCSA - ok
09:19:13.0390 0736 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:19:13.0406 0736 Mouclass - ok
09:19:13.0468 0736 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:19:13.0468 0736 mouhid - ok
09:19:13.0484 0736 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:19:13.0484 0736 MountMgr - ok
09:19:13.0578 0736 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:19:13.0578 0736 MozillaMaintenance - ok
09:19:13.0625 0736 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
09:19:13.0640 0736 mraid35x - ok
09:19:13.0734 0736 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:19:13.0750 0736 MRxDAV - ok
09:19:13.0859 0736 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:19:13.0875 0736 MRxSmb - ok
09:19:13.0921 0736 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
09:19:13.0921 0736 MSDTC - ok
09:19:14.0000 0736 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:19:14.0000 0736 Msfs - ok
09:19:14.0015 0736 MSICPL - ok
09:19:14.0031 0736 MSIServer - ok
09:19:14.0046 0736 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:19:14.0046 0736 MSKSSRV - ok
09:19:14.0078 0736 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:19:14.0078 0736 MSPCLOCK - ok
09:19:14.0140 0736 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:19:14.0140 0736 MSPQM - ok
09:19:14.0187 0736 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:19:14.0187 0736 mssmbios - ok
09:19:14.0265 0736 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:19:14.0265 0736 Mup - ok
09:19:14.0390 0736 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:19:14.0421 0736 napagent - ok
09:19:14.0500 0736 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:19:14.0500 0736 NDIS - ok
09:19:14.0578 0736 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
09:19:14.0578 0736 ndiscm - ok
09:19:14.0625 0736 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:19:14.0625 0736 NdisTapi - ok
09:19:14.0640 0736 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:19:14.0640 0736 Ndisuio - ok
09:19:14.0718 0736 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:19:14.0718 0736 NdisWan - ok
09:19:14.0781 0736 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:19:14.0781 0736 NDProxy - ok
09:19:14.0796 0736 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:19:14.0796 0736 NetBIOS - ok
09:19:14.0828 0736 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:19:14.0828 0736 NetBT - ok
09:19:14.0890 0736 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:19:14.0890 0736 NetDDE - ok
09:19:14.0906 0736 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:19:14.0906 0736 NetDDEdsdm - ok
09:19:14.0968 0736 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:19:14.0968 0736 Netlogon - ok
09:19:15.0031 0736 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:19:15.0046 0736 Netman - ok
09:19:15.0203 0736 NetSvc (737351f39fef765234037770abdd72bd) C:\Program Files\Intel\NCS\Sync\NetSvc.exe
09:19:15.0218 0736 NetSvc - ok
09:19:15.0500 0736 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:19:15.0546 0736 NetTcpPortSharing - ok
09:19:15.0609 0736 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:19:15.0609 0736 NIC1394 - ok
09:19:15.0875 0736 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:19:15.0890 0736 Nla - ok
09:19:16.0078 0736 nosGetPlusHelper (0e58f99692802c501454eac3d2ac3394) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
09:19:16.0078 0736 nosGetPlusHelper - ok
09:19:16.0156 0736 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:19:16.0156 0736 Npfs - ok
09:19:16.0171 0736 NTACCESS - ok
09:19:16.0718 0736 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:19:16.0781 0736 Ntfs - ok
09:19:16.0828 0736 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:19:16.0828 0736 NtLmSsp - ok
09:19:17.0078 0736 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:19:17.0125 0736 NtmsSvc - ok
09:19:17.0187 0736 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:19:17.0187 0736 Null - ok
09:19:18.0906 0736 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:19:19.0203 0736 nv - ok
09:19:19.0546 0736 NVSvc (e9e110cdf6a063a5f9b841c36fb5cc95) C:\WINDOWS\system32\nvsvc32.exe
09:19:19.0546 0736 NVSvc - ok
09:19:19.0625 0736 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:19:19.0625 0736 NwlnkFlt - ok
09:19:19.0671 0736 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:19:19.0671 0736 NwlnkFwd - ok
09:19:19.0937 0736 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:19:19.0968 0736 odserv - ok
09:19:20.0078 0736 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:19:20.0078 0736 ohci1394 - ok
09:19:20.0125 0736 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
09:19:20.0125 0736 omci - ok
09:19:20.0187 0736 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:19:20.0187 0736 ose - ok
09:19:20.0234 0736 ossrv (f0184fe6069be1541a3d18c02a73d161) C:\WINDOWS\system32\drivers\ctoss2k.sys
09:19:20.0250 0736 ossrv - ok
09:19:20.0296 0736 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
09:19:20.0296 0736 P3 - ok
09:19:20.0562 0736 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:19:20.0562 0736 Parport - ok
09:19:20.0625 0736 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:19:20.0625 0736 PartMgr - ok
09:19:20.0687 0736 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:19:20.0687 0736 ParVdm - ok
09:19:20.0718 0736 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:19:20.0718 0736 PCI - ok
09:19:20.0734 0736 PCIDump - ok
09:19:20.0812 0736 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:19:20.0812 0736 PCIIde - ok
09:19:20.0859 0736 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:19:20.0859 0736 Pcmcia - ok
09:19:20.0875 0736 PDCOMP - ok
09:19:20.0890 0736 PDFRAME - ok
09:19:20.0890 0736 PDRELI - ok
09:19:20.0906 0736 PDRFRAME - ok
09:19:20.0937 0736 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
09:19:20.0937 0736 perc2 - ok
09:19:20.0968 0736 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
09:19:20.0968 0736 perc2hib - ok
09:19:21.0031 0736 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
09:19:21.0031 0736 PfModNT - ok
09:19:21.0078 0736 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:19:21.0078 0736 PlugPlay - ok
09:19:21.0234 0736 Pml Driver HPZ12 (fb03f341ff5380394bf2ee52f1979925) C:\WINDOWS\system32\HPZipm12.exe
09:19:21.0234 0736 Pml Driver HPZ12 - ok
09:19:21.0312 0736 Point32 (f754b09a839719575328f707693a919d) C:\WINDOWS\system32\DRIVERS\point32.sys
09:19:21.0312 0736 Point32 - ok
09:19:21.0390 0736 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:19:21.0406 0736 PolicyAgent - ok
09:19:21.0609 0736 ppped (d483893aa28f060d2b2cdb69586d1cdb) C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
09:19:21.0625 0736 ppped - ok
09:19:21.0656 0736 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:19:21.0656 0736 PptpMiniport - ok
09:19:21.0671 0736 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:19:21.0671 0736 Processor - ok
09:19:21.0687 0736 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:19:21.0687 0736 ProtectedStorage - ok
09:19:21.0734 0736 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:19:21.0734 0736 PSched - ok
09:19:21.0765 0736 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:19:21.0765 0736 Ptilink - ok
09:19:21.0812 0736 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
09:19:21.0828 0736 pwd_2k - ok
09:19:21.0875 0736 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:19:21.0875 0736 PxHelp20 - ok
09:19:21.0921 0736 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
09:19:21.0921 0736 ql1080 - ok
09:19:21.0937 0736 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
09:19:21.0937 0736 Ql10wnt - ok
09:19:21.0984 0736 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
09:19:21.0984 0736 ql12160 - ok
09:19:22.0031 0736 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
09:19:22.0031 0736 ql1240 - ok
09:19:22.0062 0736 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
09:19:22.0062 0736 ql1280 - ok
09:19:22.0125 0736 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:19:22.0125 0736 RasAcd - ok
09:19:22.0187 0736 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:19:22.0187 0736 RasAuto - ok
09:19:22.0218 0736 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:19:22.0218 0736 Rasl2tp - ok
09:19:22.0296 0736 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:19:22.0312 0736 RasMan - ok
09:19:22.0343 0736 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:19:22.0343 0736 RasPppoe - ok
09:19:22.0359 0736 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:19:22.0359 0736 Raspti - ok
09:19:22.0375 0736 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:19:22.0390 0736 Rdbss - ok
09:19:22.0453 0736 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:19:22.0453 0736 RDPCDD - ok
09:19:22.0484 0736 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:19:22.0484 0736 rdpdr - ok
09:19:22.0687 0736 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
09:19:22.0718 0736 RDPWD - ok
09:19:22.0812 0736 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:19:22.0828 0736 RDSessMgr - ok
09:19:22.0890 0736 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:19:22.0890 0736 redbook - ok
09:19:22.0968 0736 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:19:22.0968 0736 RemoteAccess - ok
09:19:23.0093 0736 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
09:19:23.0109 0736 RpcLocator - ok
09:19:23.0312 0736 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
09:19:23.0312 0736 RpcSs - ok
09:19:23.0375 0736 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
09:19:23.0375 0736 RSVP - ok
09:19:23.0437 0736 SaiH0255 (7faf4a6e2240c87266b878ed4def7509) C:\WINDOWS\system32\DRIVERS\SaiH0255.sys
09:19:23.0437 0736 SaiH0255 - ok
09:19:23.0500 0736 SaiH0464 (865e3e3a6f8461f02750b44bbe75ea07) C:\WINDOWS\system32\DRIVERS\SaiH0464.sys
09:19:23.0500 0736 SaiH0464 - ok
09:19:23.0562 0736 SaiMini (40a1ae7bb7e58241d69fa8e9fd326f3c) C:\WINDOWS\system32\DRIVERS\SaiMini.sys
09:19:23.0562 0736 SaiMini - ok
09:19:23.0671 0736 SaiNtBus (c15f1e2773bebd2ad74839c53e5728cd) C:\WINDOWS\system32\drivers\SaiNtBus.sys
09:19:23.0671 0736 SaiNtBus - ok
09:19:23.0718 0736 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:19:23.0718 0736 SamSs - ok
09:19:23.0765 0736 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:19:23.0781 0736 SCardSvr - ok
09:19:23.0828 0736 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:19:23.0843 0736 Schedule - ok
09:19:23.0921 0736 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:19:23.0921 0736 Secdrv - ok
09:19:23.0968 0736 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:19:23.0968 0736 seclogon - ok
09:19:23.0984 0736 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:19:24.0000 0736 SENS - ok
09:19:24.0078 0736 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:19:24.0078 0736 serenum - ok
09:19:24.0109 0736 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:19:24.0109 0736 Serial - ok
09:19:24.0140 0736 SetupNTGLM7X - ok
09:19:24.0171 0736 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:19:24.0171 0736 Sfloppy - ok
09:19:24.0250 0736 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:19:24.0265 0736 SharedAccess - ok
09:19:24.0437 0736 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:19:24.0437 0736 ShellHWDetection - ok
09:19:24.0453 0736 Simbad - ok
09:19:24.0593 0736 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
09:19:24.0593 0736 sisagp - ok
09:19:25.0703 0736 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
09:19:25.0953 0736 Skype C2C Service - ok
09:19:26.0125 0736 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
09:19:26.0125 0736 SkypeUpdate - ok
09:19:26.0375 0736 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
09:19:26.0375 0736 Sparrow - ok
09:19:26.0437 0736 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:19:26.0437 0736 splitter - ok
09:19:26.0484 0736 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:19:26.0484 0736 Spooler - ok
09:19:26.0546 0736 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:19:26.0546 0736 sr - ok
09:19:26.0593 0736 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:19:26.0609 0736 srservice - ok
09:19:26.0671 0736 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:19:26.0687 0736 Srv - ok
09:19:26.0750 0736 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:19:26.0750 0736 SSDPSRV - ok
09:19:26.0875 0736 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:19:26.0890 0736 stisvc - ok
09:19:26.0937 0736 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:19:26.0937 0736 swenum - ok
09:19:26.0968 0736 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:19:26.0984 0736 swmidi - ok
09:19:26.0984 0736 SwPrv - ok
09:19:27.0031 0736 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
09:19:27.0031 0736 symc810 - ok
09:19:27.0062 0736 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
09:19:27.0062 0736 symc8xx - ok
09:19:27.0156 0736 SymEvent - ok
09:19:27.0234 0736 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
09:19:27.0234 0736 sym_hi - ok
09:19:27.0265 0736 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
09:19:27.0265 0736 sym_u3 - ok
09:19:27.0312 0736 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:19:27.0312 0736 sysaudio - ok
09:19:27.0468 0736 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:19:27.0468 0736 SysmonLog - ok
09:19:27.0625 0736 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:19:27.0640 0736 TapiSrv - ok
09:19:27.0765 0736 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:19:27.0781 0736 Tcpip - ok
09:19:27.0828 0736 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:19:27.0843 0736 TDPIPE - ok
09:19:27.0875 0736 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:19:27.0875 0736 TDTCP - ok
09:19:27.0890 0736 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:19:27.0906 0736 TermDD - ok
09:19:27.0953 0736 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:19:27.0984 0736 TermService - ok
09:19:28.0046 0736 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:19:28.0046 0736 Themes - ok
09:19:28.0093 0736 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
09:19:28.0093 0736 TosIde - ok
09:19:28.0156 0736 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:19:28.0156 0736 TrkWks - ok
09:19:28.0312 0736 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
09:19:28.0312 0736 UdfReadr_xp - ok
09:19:28.0343 0736 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:19:28.0343 0736 Udfs - ok
09:19:28.0375 0736 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
09:19:28.0390 0736 ultra - ok
09:19:28.0562 0736 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:19:28.0578 0736 Update - ok
09:19:28.0656 0736 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:19:28.0671 0736 upnphost - ok
09:19:28.0718 0736 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:19:28.0718 0736 UPS - ok
09:19:28.0781 0736 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:19:28.0796 0736 usbccgp - ok
09:19:28.0812 0736 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:19:28.0828 0736 usbehci - ok
09:19:28.0875 0736 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:19:28.0890 0736 usbhub - ok
09:19:28.0937 0736 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:19:28.0937 0736 usbprint - ok
09:19:29.0000 0736 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:19:29.0000 0736 usbscan - ok
09:19:29.0046 0736 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:19:29.0046 0736 USBSTOR - ok
09:19:29.0125 0736 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:19:29.0125 0736 usbuhci - ok
09:19:29.0140 0736 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:19:29.0140 0736 VgaSave - ok
09:19:29.0203 0736 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
09:19:29.0203 0736 viaagp - ok
09:19:29.0265 0736 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
09:19:29.0265 0736 ViaIde - ok
09:19:29.0296 0736 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:19:29.0296 0736 VolSnap - ok
09:19:29.0375 0736 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:19:29.0390 0736 VSS - ok
09:19:29.0468 0736 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:19:29.0468 0736 w32time - ok
09:19:29.0484 0736 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:19:29.0484 0736 Wanarp - ok
09:19:29.0546 0736 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
09:19:29.0546 0736 wceusbsh - ok
09:19:29.0546 0736 WDICA - ok
09:19:29.0578 0736 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:19:29.0578 0736 wdmaud - ok
09:19:29.0593 0736 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:19:29.0609 0736 WebClient - ok
09:19:29.0703 0736 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:19:29.0703 0736 winmgmt - ok
09:19:29.0796 0736 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
09:19:29.0796 0736 WmBEnum - ok
09:19:29.0843 0736 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:19:29.0843 0736 WmdmPmSN - ok
09:19:29.0906 0736 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
09:19:29.0906 0736 WmFilter - ok
09:19:29.0968 0736 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
09:19:29.0984 0736 WmiApSrv - ok
09:19:30.0218 0736 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:19:30.0281 0736 WMPNetworkSvc - ok
09:19:30.0359 0736 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
09:19:30.0359 0736 WmVirHid - ok
09:19:30.0437 0736 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
09:19:30.0437 0736 WmXlCore - ok
09:19:30.0781 0736 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:19:30.0843 0736 WPFFontCache_v0400 - ok
09:19:30.0921 0736 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:19:30.0921 0736 WS2IFSL - ok
09:19:31.0015 0736 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:19:31.0015 0736 wscsvc - ok
09:19:31.0125 0736 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:19:31.0140 0736 wuauserv - ok
09:19:31.0250 0736 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:19:31.0250 0736 WudfPf - ok
09:19:31.0265 0736 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:19:31.0265 0736 WudfRd - ok
09:19:31.0312 0736 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:19:31.0328 0736 WudfSvc - ok
09:19:31.0468 0736 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:19:31.0500 0736 WZCSVC - ok
09:19:31.0546 0736 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:19:31.0562 0736 xmlprov - ok
09:19:31.0593 0736 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:19:32.0125 0736 \Device\Harddisk0\DR0 - ok
09:19:32.0125 0736 Boot (0x1200) (d7c17fdb6e4bd873382350ce7f6a3e87) \Device\Harddisk0\DR0\Partition0
09:19:32.0125 0736 \Device\Harddisk0\DR0\Partition0 - ok
09:19:32.0125 0736 ============================================================
09:19:32.0125 0736 Scan finished
09:19:32.0125 0736 ============================================================
09:19:32.0140 1732 Detected object count: 0
09:19:32.0140 1732 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 PM

Posted 25 June 2012 - 12:51 PM

that report looks good - I still would like to see the aswMBR report when you have it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 WMI

WMI
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 25 June 2012 - 02:57 PM

I can't tell if aswMBR program finished or not. I saved the following log. I hope it's complete.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-25 11:58:23
-----------------------------
11:58:23.484 OS Version: Windows 5.1.2600 Service Pack 3
11:58:23.484 Number of processors: 1 586 0x209
11:58:23.484 ComputerName: WMI-WEB-NEWS UserName: daveh
11:58:23.843 Initialize success
11:58:38.000 AVAST engine defs: 12062500
11:59:33.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:59:33.687 Disk 0 Vendor: WDC_WD600BB-75CAA0 16.06V16 Size: 57220MB BusType: 3
11:59:33.718 Disk 0 MBR read successfully
11:59:33.718 Disk 0 MBR scan
11:59:33.843 Disk 0 Windows XP default MBR code
11:59:33.843 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
11:59:33.843 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 57176 MB offset 80325
11:59:33.859 Disk 0 scanning sectors +117178110
11:59:33.953 Disk 0 scanning C:\WINDOWS\system32\drivers
12:01:00.640 Service scanning
12:01:18.609 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
12:01:26.812 Service MSICPL E:\install4\MSICPL.sys **LOCKED** 21
12:01:28.906 Service NTACCESS E:\NTACCESS.sys **LOCKED** 21
12:01:44.484 Service SetupNTGLM7X E:\NTGLM7X.sys **LOCKED** 21
12:02:13.718 Modules scanning
12:02:36.281 Disk 0 trace - called modules:
12:02:36.312 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
12:02:36.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b5d7ab8]
12:02:36.312 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b5e2d98]
12:02:47.140 AVAST engine scan C:\WINDOWS
12:03:11.171 AVAST engine scan C:\WINDOWS\system32
12:11:41.984 AVAST engine scan C:\WINDOWS\system32\drivers
12:12:13.875 AVAST engine scan C:\Documents and Settings\daveh
12:55:51.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\daveh\Desktop\MBR.dat"
12:55:51.218 The log file has been saved successfully to "C:\Documents and Settings\daveh\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 PM

Posted 25 June 2012 - 10:42 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 WMI

WMI
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 26 June 2012 - 12:03 PM

I think the ads have stopped running, so that would be awesome! Here is the Combofix log:

ComboFix 12-06-26.01 - daveh 06/26/2012 9:31.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3711.2986 [GMT -7:00]
Running from: c:\documents and settings\daveh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\daveh\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-23 01:24 . 2012-06-23 01:24 -------- d-----w- c:\documents and settings\daveh\Application Data\ElevatedDiagnostics
2012-06-23 00:19 . 2012-06-23 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i
2012-06-23 00:18 . 2012-06-23 00:20 -------- d-----w- c:\program files\7-zip
2012-06-23 00:13 . 2012-06-23 00:15 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-06-23 00:13 . 2012-06-23 00:13 -------- d-----w- c:\program files\Freeze.com
2012-06-23 00:13 . 2012-06-23 00:13 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-06-22 23:58 . 2012-06-22 23:58 -------- d-----w- c:\documents and settings\daveh\AppData
2012-06-22 23:49 . 2012-06-23 00:09 -------- d-----w- c:\documents and settings\daveh\Application Data\PCPro
2012-06-22 23:49 . 2012-06-22 23:49 -------- d-----w- c:\documents and settings\daveh\Application Data\PC Cleaners
2012-06-22 23:49 . 2012-06-23 00:09 -------- d-----w- c:\program files\PC Cleaners
2012-06-22 23:49 . 2012-06-22 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2012-06-22 22:59 . 2012-06-22 22:59 -------- d-----w- c:\documents and settings\daveh\Application Data\Oracle
2012-06-22 22:59 . 2012-06-22 22:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-06-22 22:59 . 2012-06-22 22:59 -------- d-----w- c:\documents and settings\daveh\Local Settings\Application Data\Threat Expert
2012-06-22 22:59 . 2012-06-22 22:59 -------- d-----w- c:\program files\PC Tools
2012-06-22 22:59 . 2012-06-22 22:59 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-22 22:59 . 2012-06-22 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-06-22 19:22 . 2012-06-22 19:22 -------- d-----w- c:\documents and settings\daveh\Local Settings\Application Data\Sun
2012-06-22 17:29 . 2012-06-22 23:41 -------- d-----w- c:\program files\Oracle
2012-06-22 17:29 . 2012-05-05 02:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-19 18:38 . 2012-05-11 18:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-19 18:37 . 2012-06-19 18:37 -------- d-----w- c:\documents and settings\daveh\Application Data\TestApp
2012-06-18 16:15 . 2012-06-18 16:15 -------- d-----w- c:\documents and settings\daveh\Application Data\Malwarebytes
2012-06-18 16:15 . 2012-06-18 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-15 21:11 . 2012-06-16 05:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-15 21:11 . 2012-06-16 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-06-15 18:51 . 2012-06-15 18:56 -------- d-----w- c:\documents and settings\daveh\Application Data\ApplicationData
2012-06-13 20:59 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-06 20:25 . 2012-06-06 20:25 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-06 20:25 . 2012-06-06 20:25 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-04 15:03 . 2012-06-04 15:03 -------- d-----w- c:\program files\Common Files\xing shared
2012-06-04 15:00 . 2012-06-04 15:00 129144 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-05-30 20:59 . 2012-05-30 20:59 4966600 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 23:47 . 2006-03-25 00:10 5276432 ----a-w- c:\windows\uninst.exe
2012-06-22 21:56 . 2012-04-04 21:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-22 21:56 . 2011-05-19 21:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 17:28 . 2007-04-27 14:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-02 22:19 . 2007-05-23 18:07 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-05-23 18:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2004-08-10 23:08 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2004-08-10 23:08 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2004-08-10 23:08 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2007-05-23 18:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2005-05-26 11:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2004-08-10 23:08 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2003-09-12 07:45 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2002-09-03 16:28 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2007-05-23 18:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2004-08-10 23:08 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2003-09-12 07:45 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2007-05-24 19:51 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 22:18 . 2006-05-25 15:27 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2005-05-26 11:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2002-09-23 22:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-02-07 01:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2002-09-03 17:11 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2002-09-03 16:39 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2002-09-03 16:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2002-09-03 16:50 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2002-08-29 01:04 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2002-08-29 10:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 11:50 . 2012-04-19 11:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-06-18 20:19 . 2011-04-21 21:39 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2005-05-14 00:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 18:13 66560 --sha-r- c:\windows\MOTA113.exe
2005-10-14 04:27 422400 --sha-r- c:\windows\x2.64.exe
2005-07-14 19:31 27648 --sha-r- c:\windows\SYSTEM32\AVSredirect.dll
2005-06-26 22:32 616448 --sha-r- c:\windows\SYSTEM32\cygwin1.dll
2005-06-22 05:37 45568 --sha-r- c:\windows\SYSTEM32\cygz.dll
2004-01-25 07:00 70656 --sha-r- c:\windows\SYSTEM32\i420vfw.dll
2006-04-27 17:24 2945024 --sha-r- c:\windows\SYSTEM32\Smab.dll
2005-02-28 20:16 240128 --sha-r- c:\windows\SYSTEM32\x.264.exe
2004-01-25 07:00 70656 --sha-r- c:\windows\SYSTEM32\yv12vfw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2004-04-23 77824]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-04-10 316864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="c:\windows\System32\msiexec.exe" [2008-05-19 95744]
.
c:\documents and settings\daveh\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-24 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 7.0 Tray Icon.lnk]
backup=c:\windows\pss\AOL 7.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^daveh^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]
/L:ENG [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 19:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2003-02-20 21:27 110592 ----a-w- c:\windows\SYSTEM32\ctasio.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2005-08-04 03:04 25088 ----a-w- c:\windows\SYSTEM32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 11:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2002-09-30 06:00 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-02-20 21:45 28672 ----a-w- c:\windows\SYSTEM32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2002-10-29 14:18 49152 ----a-w- c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2002-08-14 23:22 28672 ----a-r- c:\windows\SYSTEM32\DSentry.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnvyHFCPL]
2004-12-09 08:51 3895296 ----a-w- c:\program files\Audio Deck\EnMixCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2002-08-29 10:00 44032 ----a-w- c:\windows\IME\IMKR6_1\imekrmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 05:31 208952 ----a-w- c:\windows\IME\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-01-19 18:06 11776 ----a-w- c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-19 18:06 110592 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
2005-09-16 01:41 98192 ----a-w- c:\program files\mozilla.org\Mozilla\mozilla.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2003-03-11 21:24 86016 ----a-w- c:\program files\Intel\NCS\PROSet\PRONoMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2012-06-04 15:00 499312 ----a-w- c:\program files\real\realplayer\realplay.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\SYSTEM32\DRIVERS\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/7/2010 3:48 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [9/7/2010 3:48 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [9/7/2010 3:49 AM 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\SYSTEM32\DRIVERS\Envy24HF.sys [11/30/2007 11:18 PM 577664]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [5/30/2012 1:56 PM 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/5/2012 3:17 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 2:50 PM 257224]
S3 cpuz134;cpuz134;\??\c:\docume~1\daveh\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\daveh\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 10:37 AM 113120]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [9/3/2002 10:05 AM 14336]
S3 SaiH0255;SaiH0255;c:\windows\SYSTEM32\DRIVERS\SaiH0255.sys [5/30/2005 6:16 PM 121984]
S3 SaiH0464;SaiH0464;c:\windows\SYSTEM32\DRIVERS\SaiH0464.sys [6/11/2004 10:59 AM 56576]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:57]
.
2012-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2008-07-25 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2200 series272A572217594EBCF1CEE215E352B92AD073FDE4207340180.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 00:56]
.
2012-06-25 c:\windows\Tasks\User_Feed_Synchronization-{BBF42B79-9F4D-4F30-83F8-4C79730F3BC0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.worldministries.org/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: cstonline.com\.www
Trusted Zone: cstonline.com\www
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-26 09:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Systems Internals\Myster¡on PKGX*]
"M¡steryon"="M¡steryon"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2404)
c:\windows\system32\WININET.dll
c:\program files\Logitech\Profiler\LWEHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\hnetcfg.dll
.
Completion time: 2012-06-26 09:49:35
ComboFix-quarantined-files.txt 2012-06-26 16:49
ComboFix2.txt 2012-06-22 18:59
.
Pre-Run: 1,603,788,800 bytes free
Post-Run: 1,677,160,448 bytes free
.
- - End Of File - - 9E81B460E80110CB0CF6326E3A598FCF

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 PM

Posted 26 June 2012 - 01:30 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 23
Java™ SE Runtime Environment 6 Update 1
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 WMI

WMI
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 26 June 2012 - 02:28 PM

MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.26.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
daveh :: WMI-WEB-NEWS [administrator]

6/26/2012 12:13:05 PM
mbam-log-2012-06-26 (12-13-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 265092
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here is the HijackThis report:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:26:15 PM, on 6/26/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\daveh\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldministries.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://.www.cstonline.com
O15 - Trusted Zone: http://www.cstonline.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} - file://D:\components\hidinputmonitorx.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} - file://D:\components\A9.ocx
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148478894078
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Cyber Power Systems, Inc. - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 11442 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users