Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Live Security Platinum virus may have disabled my Control Panel


  • This topic is locked This topic is locked
64 replies to this topic

#1 Arney X

Arney X

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT, USA
  • Local time:02:16 PM

Posted 15 July 2012 - 05:15 PM

I'm running Windows XP SP3 on an HP 754n desktop PC. I recently contracted the Live Security Platinum virus, and the healing process contained a step involving uninstalling the folder that the virus created. In trying to access my Control Panel - to uninstall the "program" folder - I attempted to open Control Panel only to have a blank window open for a fraction of a second, then disappear along with every window, icon & taskbar on the desktop. After a short while, the icons gradually returned to the desktop, then the taskbar, then a few of the windows (not Control Panel). I tried it again, with the same results.

Here's some backstory: A year ago I got the TDL4 virus, and was helped to heal it here on Bleeping Computer (http://www.bleepingcomputer.com/forums/topic396906.html/page__p__2244270__fromsearch__1#entry2244270). As you can read there, after the healing my system began running VERY slowly, and I would get a non-threatening error message when trying to access Control Panel. Between the helper(s) and me, we couldn't figure out why it was happening. Now, after healing Live Security Platinum, I can't access Control Panel at all to complete the healing.

I'd like to offer an opinion on the Control Panel issue. Based on my two recent virus healing experiences, it seems possible that in eliminating the virus I might have received a false positive or two, and eliminated some valuable lines of software, or simply eliminated the good software along with the bad that was attached to it. That suspicion is bolstered by the fact that my Java folder is resident in the Control Panel rather than in my Program Files for some reason (is this normal?), and each time I received diagnostics that the viruses were partially found in Java software.

After the first healing referenced above, I closed the error message and continued to Control Panel successfully, so I didn't think it was urgent to identify & fix whatever the error was. This time around, I again noticed that some of the virus pieces were found in Java, and now I get the malfunction I described above with accessing Control Panel...even though I'm not noticing any other residual effects of the virus.

Do you think it's possible that one of the malware removal processes also eliminated some valuable software from the Control Panel, which is now producing the result we have? Is there a way to test that hypothesis?

I've run FixExec, Defogger, DDS and GMER after scanning with an updated Malwarebytes. Here is the DDS log, and attached are Attach.txt and Ark.txt (let me know if you would like to see the FixExec & Defogger logs, since they seemed to me to find nothing of concern). Thanks very much in advance.

- Arney

P.S. There's no mystery as to how I obtained the virus. I only need to know how to heal it completely by bringing back my Control Panel. Also - since I frequently am asked this - Iolo System Shield is not malware; it's my AV software, and usually works very well (installed via CD-ROM, and updated via regular downloads).

P.P.S. In trying to download DDS, my system identified it as malware & refused to download it - even when trying to override the prevention. I got a window saying "Cannot copy file: Cannot read from the source file or disk." I then downloaded it to a flash drive on a clean computer, then transferred it to this infected system. It then ran successfully.

DDS LOG:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 0:13:59 on 2012-07-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.207 [GMT -4:00]
.
AV: System Shield *Enabled/Updated* {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\progra~1\vision~1\paperp~1\pptd40nt.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
svchost.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\update\realsched.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sonic RecordNow! Deluxe]
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [nwiz] nwiz.exe /installquiet /keeploaded
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [LTMSG] LTMSG.exe 7
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PaperPort PTD] c:\progra~1\vision~1\paperp~1\pptd40nt.exe
mRun: [MaxBlastMonitor.exe] c:\program files\maxtor\maxblast\MaxBlastMonitor.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [AcronisTimounterMonitor] c:\program files\maxtor\maxblast\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [TkBellExe] "c:\program files\real\update\realsched.exe" -osboot
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjEwMjEwOTUzLVNUMSsyLUZQOSs2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMi1MSUMrNy1GTDEwKzEtWE8xMCsxMQ"&"prod=90"&"ver=10.0.1325
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: <NO NAME> =
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\iavlsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273723306281
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273726958500
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{50BBBB77-EA7F-4D7E-B4DE-F3351BD58454} : DhcpNameServer = 192.168.2.1
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\drivers\amp.sys [2011-11-8 138048]
R2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\drivers\ampse.sys [2011-11-8 1189184]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-11-8 1047336]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2011-9-28 97088]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2011-9-28 97088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-3-30 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-30 133104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S3 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2011-9-28 142144]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-2-21 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-07-10 21:29:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-10 06:13:21 -------- d-----w- c:\documents and settings\all users\application data\529C5357000183634A23466DD151FC84
2012-07-05 00:32:15 -------- d-----w- c:\program files\Dropbox
2012-07-05 00:30:35 -------- d-----w- c:\documents and settings\owner\application data\Dropbox
2012-06-13 21:07:11 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-13 07:30:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-07-10 21:47:52 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-06-13 07:30:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ------w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 16:01:40 1409 ----a-w- c:\windows\QTFont.for
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-17 14:11:44 33280 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-04-17 14:11:34 15360 ----a-w- c:\windows\system32\smrgdf.exe
2012-04-17 13:37:02 2095816 ----a-w- c:\windows\system32\Incinerator32.dll
2010-05-26 18:59:44 20854256 ------w- c:\program files\RealPlayerSPGold.exe
2009-06-11 00:48:03 426352 ------w- c:\program files\smpro_dm.exe
2009-06-10 23:25:30 359656 ------w- c:\program files\msicuu2.exe
2008-12-28 07:27:58 13440584 -c----w- c:\program files\Install_AIM.exe
2008-10-29 07:11:07 25740144 ------w- c:\program files\wmp11-windowsxp-x86-enu.exe
2008-10-28 23:24:46 25685128 ------w- c:\program files\wordview_en-us.exe
2008-05-04 09:21:15 51839880 ------w- c:\program files\DivXAuthor.exe
2008-05-04 09:01:28 16500592 ------w- c:\program files\DivXInstaller.exe
2008-01-07 16:19:00 7183027 ------w- c:\program files\klcodec365s.exe
2007-12-20 06:50:45 2755017 ------w- c:\program files\AviSynth_050505.exe
2007-11-28 22:14:25 760708 ------w- c:\program files\ac3filter_1_11.exe
2004-12-29 06:20:17 7741352 -c----w- c:\program files\DivX521XP2K.exe
.
============= FINISH: 0:15:24.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 16 July 2012 - 07:55 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Arney X

Arney X
  • Topic Starter

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT, USA
  • Local time:02:16 PM

Posted 16 July 2012 - 08:41 PM

Thanks for the response, Gringo! My name is Arney, and I'm glad that someone as thorough & concerned with speed & ease as you is helping me. Before we continue, I wanted to mention a few things:

1) You said:

◦We ask you to run different tools in a specific order...and running any additional tools may...cause unforeseen damage or system instability.


This is precisely what I fear may have happened, since I performed some steps out of order, and I believe that MAY be what has affected my Control Panel. Just a hunch.

2) Also, I see no residual effect of the Live Security Platinum virus, save for the folder in the Programs listing that I can't uninstall due to my inability to access the Control Panel. My system is running smoother, faster, with no misdirects or pop-ups, my cursor is no longer being hijacked, and reboot & refresh times are even quicker.

3) I followed Grinler's original steps for posting & attaching logs to my new topic. I read your perspective on that. Would you like me to post the two logs that I attached, from DDS & GMER, above?

4) While we are going through the healing process, I will be simultaneously communicating with you via a clean Win 7 desktop system, just in case the affected (Win XP SP3) system becomes compromised beyond functionality. Therefore I will still be able to download anything you need safely, transfer it to a flash drive, and use it on the affected system.

5) As instructed, I will proceed to back up the 500G HD system, so it may be a while before I return. Not to worry - I have the same desire for speed & ease as you (the lack of same has been a pet peeve in the past) and will stay here until it's done.

6) Finally, would you like to see the FixExec & Defogger logs that were produced while I was healing the virus? If so, I'll post them here, too. They might give you further insight.

Again, thanks for helping, Gringo. I look forward to working with you.

- Arney

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 16 July 2012 - 09:17 PM

Greetings

Just to let you you my schedule for the next few days

tonight I will be on for about 3 more hours (10:15pm now)

then I will be on in the morning for a short time till around 10:am

then I will be online from 9pm till 4am



if you come back in those time frames with the combofix report then we will continue


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Arney X

Arney X
  • Topic Starter

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT, USA
  • Local time:02:16 PM

Posted 16 July 2012 - 10:29 PM

then I will be online from 9pm till 4am


Excellent! I see you keep my hours!

As stated above, I am now backing up my system, and am communicating via the clean Win 7 desktop. I'm told that the backup will take until around 3AM. If I'm still available I'll download & run Security Check, then ComboFix (time permitting). If I can only run Security Check, I'll post the log here before going to bed. I'll be here from now 'til then, so feel free to add anything before you turn in.

Again, many thanks in advance.

- Arney

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 16 July 2012 - 11:05 PM

for now the first thing I want to see is the combofix report

reading everything that you have wrote you have two things wronge at this time


1. biggest problem is you cannot open control panel (might be from a previous infection)

what happens when you try to open it?

2. there is a folder that you cannot remove

what folder?



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Arney X

Arney X
  • Topic Starter

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT, USA
  • Local time:02:16 PM

Posted 17 July 2012 - 12:09 AM

I recently contracted the Live Security Platinum virus, and the healing process contained a step involving uninstalling the folder that the virus created. In trying to access my Control Panel - to uninstall the "program" folder - I attempted to open Control Panel only to have a blank window open for a fraction of a second, then disappear along with every window, icon & taskbar on the desktop. After a short while, the icons gradually returned to the desktop, then the taskbar, then a few of the windows (not Control Panel). I tried it again, with the same results.


The folder is found in the START > All Programs listing, and it's marked Live Security Platinum. I tried to access the Control Panel in an effort to uninstall the folder/program - as instructed by the removal process posted here on BC (http://www.bleepingcomputer.com/virus-removal/remove-live-security-platinum) - but instead received the above result.

Last year, in an effort to heal a TDL4 virus, the virus was eliminated but afterward I'd get an error message when trying to access the Control Panel. It said something about an error trying to access a particular address. I would close the error window, and would be brought to Control Panel successfully, as though nothing was wrong.

Since a few viruses have been found in my Java folder over the years (including the most recent Live Security Platinum), and since my Java folder is located in the Control Panel (is this supposed to be this way, or is it supposed to be located in the Program Files folder?), my guess is that the two events are connected that way. I'd think that the healing process "brute forced" its way through the virus, taking good code along with the bad. Malwarebytes did that a few times, taking items from the registry that compromised the function of the system.

Edited by Arney X, 17 July 2012 - 12:14 AM.


#8 Arney X

Arney X
  • Topic Starter

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT, USA
  • Local time:02:16 PM

Posted 17 July 2012 - 01:49 AM

Security Check's checkup.txt log is posted here, as requested:


Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Online Scanner v3
iolo technologies' System Mechanic Professional
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 25
Java version out of Date!
Adobe Reader X (10.1.3)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Common Files Authentium AntiVirus5 vsedsps.exe
Common Files Authentium AntiVirus5 vseamps.exe
iolo Common Lib ioloServiceManager.exe
iolo System Mechanic Professional System Shield ioloSSTray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````

#9 Arney X

Arney X
  • Topic Starter

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT, USA
  • Local time:02:16 PM

Posted 17 July 2012 - 02:42 AM

And here is the ComboFix log:


ComboFix 12-07-16.01 - Owner 07/17/2012 3:11.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.514 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: System Shield *Disabled/Updated* {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\18538292
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\LocalService\Local Settings\Application Data\Windows Server
c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server
c:\documents and settings\Owner\Local Settings\Application Data\Windows Server
c:\documents and settings\Owner\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Owner\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\Owner\Start Menu\Programs\Live Security Platinum
c:\documents and settings\Owner\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\program files\AviSynth_050505.exe
c:\program files\Windows NT\Pinball\htrn_jis.dll
c:\windows\Mplayer.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\ps2.bat
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-10 21:29 . 2012-07-10 21:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-10 06:13 . 2012-07-10 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\529C5357000183634A23466DD151FC84
2012-07-05 00:32 . 2012-07-05 00:32 -------- d-----w- c:\program files\Dropbox
2012-07-05 00:30 . 2012-07-16 15:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-10 21:47 . 2003-02-21 18:21 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-06-13 13:19 . 2003-02-21 18:24 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 07:30 . 2012-06-13 07:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 07:30 . 2011-08-15 01:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 15:50 . 2009-08-19 21:07 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2003-02-21 18:22 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2003-02-21 18:22 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-06-07 22:34 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-08-06 23:23 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2007-08-07 22:47 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2007-08-07 22:47 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-06-07 22:34 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2008-10-28 22:50 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2007-06-07 22:34 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-06-07 22:34 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2003-02-21 19:07 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2003-02-21 18:24 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2007-06-07 22:34 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2007-08-07 22:47 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2003-02-21 18:24 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-05-13 05:04 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-05-13 05:04 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2009-08-06 23:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2010-05-13 06:29 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2003-02-21 18:24 916992 ------w- c:\windows\system32\wininet.dll
2012-05-13 16:01 . 2012-05-13 16:01 1409 ----a-w- c:\windows\QTFont.for
2012-05-11 14:42 . 2003-02-21 19:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2003-02-21 19:09 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2002-08-29 05:04 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2002-08-29 05:04 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2003-02-21 18:22 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2010-05-26 18:59 . 2010-05-26 18:59 20854256 ------w- c:\program files\RealPlayerSPGold.exe
2009-06-11 00:48 . 2009-06-11 00:47 426352 ------w- c:\program files\smpro_dm.exe
2009-06-10 23:25 . 2009-06-10 23:25 359656 ------w- c:\program files\msicuu2.exe
2008-12-28 07:27 . 2005-06-21 02:36 13440584 -c----w- c:\program files\Install_AIM.exe
2008-10-29 07:11 . 2007-07-29 23:14 25740144 ------w- c:\program files\wmp11-windowsxp-x86-enu.exe
2008-10-28 23:24 . 2008-10-28 23:24 25685128 ------w- c:\program files\wordview_en-us.exe
2008-05-04 09:21 . 2008-05-04 09:21 51839880 ------w- c:\program files\DivXAuthor.exe
2008-05-04 09:01 . 2007-12-20 05:24 16500592 ------w- c:\program files\DivXInstaller.exe
2008-01-07 16:19 . 2008-01-07 16:19 7183027 ------w- c:\program files\klcodec365s.exe
2007-11-28 22:14 . 2007-11-28 22:14 760708 ------w- c:\program files\ac3filter_1_11.exe
2004-12-29 06:20 . 2004-12-29 06:20 7741352 -c----w- c:\program files\DivX521XP2K.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2002-10-01 548933]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"LTMSG"="LTMSG.exe 7" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"nwiz"="nwiz.exe" [2002-10-01 372736]
"PS2"="c:\windows\system32\ps2.exe" [2002-06-14 81920]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"PaperPort PTD"="c:\progra~1\vision~1\paperp~1\pptd40nt.exe" [1999-04-13 29184]
"MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 1169720]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 1945712]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 149024]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2012-04-17 938680]
"TkBellExe"="c:\program files\Real\update\realsched.exe" [2012-06-04 296056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNjEwMjEwOTUzLVNUMSsyLUZQOSs2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMi1MSUMrNy1GTDEwKzEtWE8xMCsxMQ&prod=90&ver=10.0.1325" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\SysMech.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"29544:UDP"= 29544:UDP:UDP 29544
"12514:TCP"= 12514:TCP:TCP 12514
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/3/2008 2:07 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 55024]
R2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\drivers\amp.sys [11/8/2011 4:58 AM 138048]
R2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\drivers\ampse.sys [11/8/2011 4:58 AM 1189184]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/8/2011 4:57 AM 1047336]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [9/28/2011 12:59 PM 97088]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [9/28/2011 12:59 PM 97088]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/30/2009 10:13 AM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/30/2009 10:13 AM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [9/28/2011 12:59 PM 142144]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ppsio2
.
Contents of the 'Scheduled Tasks' folder
.
2005-09-13 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-02-21 09:42]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 14:13]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 14:13]
.
2012-07-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2714695887-835380219-529589706-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
2012-07-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2714695887-835380219-529589706-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
LSP: c:\windows\system32\iavlsp.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Sonic RecordNow! Deluxe - (no file)
SafeBoot-80396856.sys
SafeBoot-AMP
SafeBoot-AMPSE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-17 03:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2714695887-835380219-529589706-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\iavlsp.dll
.
Completion time: 2012-07-17 03:30:33
ComboFix-quarantined-files.txt 2012-07-17 07:30
.
Pre-Run: 241,263,816,704 bytes free
Post-Run: 241,484,075,008 bytes free
.
- - End Of File - - D8416C12D99EEA76613BDDECB9010A0E

#10 Arney X

Arney X
  • Topic Starter

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT, USA
  • Local time:02:16 PM

Posted 17 July 2012 - 02:53 AM

No problems running ComboFix, except that it took a long time to complete.

As far as how the computer's doing now - it's tough to tell. I see that the Live Security Platinum folder is gone from the Start menu. The system is running quietly but slowly.

I tried accessing the Control Panel again, but got the same results again: windows, icons & taskbar disappeared from the screen, then gradually reappeared. The Control Panel never opened.

I saw where Security Check's checkup.txt log said that Java is out of date. That's not surprising, given my suspicions before. Do you think that reinstalling Java will fix the problem? I'd still like to know if Java should be in the Program Files folder instead of the Control Panel. It seems that if it were, it wouldn't have affected the Control Panel if it got compromised or "out of date."

I'll be back in a few hours. I'll see you then, Gringo, my friend.

Edited by Arney X, 17 July 2012 - 03:01 AM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 17 July 2012 - 08:15 PM

Greetings

sorry I was out all day with wifey - I am going to do some more checking makeing sure nothing else is around then we will see what we can do about the control panel

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Arney X

Arney X
  • Topic Starter

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT, USA
  • Local time:02:16 PM

Posted 18 July 2012 - 12:20 AM

No apology necessary, amigo. Hope you enjoyed yourselves. Here is the report from TDSSKiller. Report from aswMBR to follow. Be right back.

00:59:07.0044 3272 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
00:59:07.0435 3272 ============================================================
00:59:07.0435 3272 Current date / time: 2012/07/18 00:59:07.0435
00:59:07.0435 3272 SystemInfo:
00:59:07.0435 3272
00:59:07.0435 3272 OS Version: 5.1.2600 ServicePack: 3.0
00:59:07.0435 3272 Product type: Workstation
00:59:07.0435 3272 ComputerName: 2ND-ORIGINAL-XP
00:59:07.0435 3272 UserName: Owner
00:59:07.0435 3272 Windows directory: C:\WINDOWS
00:59:07.0435 3272 System windows directory: C:\WINDOWS
00:59:07.0435 3272 Processor architecture: Intel x86
00:59:07.0435 3272 Number of processors: 1
00:59:07.0435 3272 Page size: 0x1000
00:59:07.0435 3272 Boot type: Normal boot
00:59:07.0435 3272 ============================================================
00:59:08.0826 3272 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
00:59:08.0826 3272 ============================================================
00:59:08.0826 3272 \Device\Harddisk0\DR0:
00:59:08.0826 3272 MBR partitions:
00:59:08.0826 3272 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x41F47A1
00:59:08.0826 3272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x41F47E0, BlocksNum 0x361900B0
00:59:08.0826 3272 ============================================================
00:59:08.0873 3272 C: <-> \Device\Harddisk0\DR0\Partition1
00:59:08.0873 3272 D: <-> \Device\Harddisk0\DR0\Partition0
00:59:08.0873 3272 ============================================================
00:59:08.0873 3272 Initialize success
00:59:08.0873 3272 ============================================================
00:59:32.0138 1728 ============================================================
00:59:32.0138 1728 Scan started
00:59:32.0138 1728 Mode: Manual;
00:59:32.0138 1728 ============================================================
00:59:32.0419 1728 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
00:59:32.0435 1728 61883 - ok
00:59:32.0451 1728 Abiosdsk - ok
00:59:32.0466 1728 abp480n5 - ok
00:59:32.0529 1728 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:59:32.0544 1728 ACPI - ok
00:59:32.0591 1728 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:59:32.0607 1728 ACPIEC - ok
00:59:32.0732 1728 AcrSch2Svc (fc2bf5fe5b91d01ccbfe854d0548bf65) C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
00:59:32.0748 1728 AcrSch2Svc - ok
00:59:32.0763 1728 adpu160m - ok
00:59:32.0826 1728 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:59:32.0857 1728 aec - ok
00:59:32.0919 1728 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:59:32.0951 1728 AFD - ok
00:59:32.0982 1728 Aha154x - ok
00:59:32.0998 1728 aic78u2 - ok
00:59:33.0029 1728 aic78xx - ok
00:59:33.0279 1728 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
00:59:33.0373 1728 ALCXWDM - ok
00:59:33.0513 1728 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:59:33.0529 1728 Alerter - ok
00:59:33.0576 1728 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:59:33.0576 1728 ALG - ok
00:59:33.0607 1728 AliIde - ok
00:59:33.0654 1728 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
00:59:33.0701 1728 AmdK7 - ok
00:59:33.0748 1728 AMP (a7634ad081a97dd792ab261d80eafd84) C:\WINDOWS\system32\Drivers\amp.sys
00:59:33.0794 1728 AMP - ok
00:59:33.0888 1728 AMPSE (839c3a79cb536a2412b4f39e50015e59) C:\WINDOWS\system32\Drivers\ampse.sys
00:59:34.0076 1728 AMPSE - ok
00:59:34.0201 1728 amsint - ok
00:59:34.0216 1728 AppMgmt - ok
00:59:34.0263 1728 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:59:34.0294 1728 Arp1394 - ok
00:59:34.0310 1728 asc - ok
00:59:34.0326 1728 asc3350p - ok
00:59:34.0357 1728 asc3550 - ok
00:59:34.0435 1728 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:59:34.0466 1728 aspnet_state - ok
00:59:34.0498 1728 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:59:34.0513 1728 AsyncMac - ok
00:59:34.0560 1728 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:59:34.0560 1728 atapi - ok
00:59:34.0591 1728 Atdisk - ok
00:59:34.0638 1728 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:59:34.0669 1728 Atmarpc - ok
00:59:34.0701 1728 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:59:34.0716 1728 AudioSrv - ok
00:59:34.0763 1728 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:59:34.0779 1728 audstub - ok
00:59:34.0826 1728 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
00:59:34.0841 1728 Avc - ok
00:59:34.0904 1728 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:59:34.0904 1728 Beep - ok
00:59:34.0951 1728 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:59:34.0982 1728 BITS - ok
00:59:35.0044 1728 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:59:35.0060 1728 Browser - ok
00:59:35.0201 1728 catchme - ok
00:59:35.0232 1728 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:59:35.0248 1728 cbidf2k - ok
00:59:35.0279 1728 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:59:35.0294 1728 CCDECODE - ok
00:59:35.0310 1728 cd20xrnt - ok
00:59:35.0357 1728 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:59:35.0388 1728 Cdaudio - ok
00:59:35.0419 1728 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:59:35.0419 1728 Cdfs - ok
00:59:35.0451 1728 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:59:35.0466 1728 Cdrom - ok
00:59:35.0498 1728 Changer - ok
00:59:35.0529 1728 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:59:35.0529 1728 CiSvc - ok
00:59:35.0560 1728 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:59:35.0560 1728 ClipSrv - ok
00:59:35.0654 1728 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:59:35.0685 1728 clr_optimization_v2.0.50727_32 - ok
00:59:35.0763 1728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:59:35.0810 1728 clr_optimization_v4.0.30319_32 - ok
00:59:35.0826 1728 CmdIde - ok
00:59:35.0857 1728 COMSysApp - ok
00:59:35.0888 1728 Cpqarray - ok
00:59:35.0935 1728 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:59:35.0951 1728 CryptSvc - ok
00:59:35.0966 1728 dac2w2k - ok
00:59:35.0982 1728 dac960nt - ok
00:59:36.0060 1728 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:59:36.0076 1728 DcomLaunch - ok
00:59:36.0123 1728 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:59:36.0138 1728 Dhcp - ok
00:59:36.0185 1728 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:59:36.0185 1728 Disk - ok
00:59:36.0201 1728 dmadmin - ok
00:59:36.0263 1728 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:59:36.0357 1728 dmboot - ok
00:59:36.0388 1728 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:59:36.0419 1728 dmio - ok
00:59:36.0451 1728 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:59:36.0466 1728 dmload - ok
00:59:36.0513 1728 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:59:36.0513 1728 dmserver - ok
00:59:36.0560 1728 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:59:36.0576 1728 DMusic - ok
00:59:36.0623 1728 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:59:36.0654 1728 Dnscache - ok
00:59:36.0685 1728 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:59:36.0701 1728 Dot3svc - ok
00:59:36.0716 1728 dpti2o - ok
00:59:36.0748 1728 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:59:36.0763 1728 drmkaud - ok
00:59:36.0810 1728 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:59:36.0810 1728 EapHost - ok
00:59:36.0873 1728 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:59:36.0888 1728 ERSvc - ok
00:59:36.0919 1728 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:59:36.0935 1728 Eventlog - ok
00:59:36.0998 1728 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
00:59:37.0013 1728 EventSystem - ok
00:59:37.0044 1728 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:59:37.0060 1728 Fastfat - ok
00:59:37.0107 1728 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:59:37.0123 1728 FastUserSwitchingCompatibility - ok
00:59:37.0201 1728 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
00:59:37.0201 1728 Fax - ok
00:59:37.0263 1728 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:59:37.0279 1728 Fdc - ok
00:59:37.0326 1728 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\WINDOWS\system32\drivers\FileDisk.sys
00:59:37.0341 1728 FileDisk - ok
00:59:37.0404 1728 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:59:37.0419 1728 Fips - ok
00:59:37.0451 1728 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:59:37.0466 1728 Flpydisk - ok
00:59:37.0529 1728 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:59:37.0560 1728 FltMgr - ok
00:59:37.0654 1728 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:59:37.0669 1728 FontCache3.0.0.0 - ok
00:59:37.0732 1728 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:59:37.0748 1728 Fs_Rec - ok
00:59:37.0763 1728 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:59:37.0794 1728 Ftdisk - ok
00:59:37.0841 1728 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:59:37.0857 1728 Gpc - ok
00:59:38.0029 1728 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
00:59:38.0029 1728 gupdate - ok
00:59:38.0044 1728 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
00:59:38.0044 1728 gupdatem - ok
00:59:38.0107 1728 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:59:38.0123 1728 gusvc - ok
00:59:38.0201 1728 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:59:38.0216 1728 helpsvc - ok
00:59:38.0248 1728 HidServ - ok
00:59:38.0294 1728 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:59:38.0310 1728 HidUsb - ok
00:59:38.0341 1728 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:59:38.0357 1728 hkmsvc - ok
00:59:38.0373 1728 hpn - ok
00:59:38.0419 1728 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:59:38.0466 1728 HTTP - ok
00:59:38.0513 1728 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:59:38.0529 1728 HTTPFilter - ok
00:59:38.0544 1728 i2omgmt - ok
00:59:38.0560 1728 i2omp - ok
00:59:38.0623 1728 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:59:38.0638 1728 i8042prt - ok
00:59:38.0716 1728 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
00:59:38.0794 1728 ialm - ok
00:59:38.0919 1728 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:59:39.0044 1728 idsvc - ok
00:59:39.0154 1728 IFP700 (7d19431e613a70262e5586fa76bb29f0) C:\WINDOWS\system32\drivers\ifp700.sys
00:59:39.0154 1728 IFP700 - ok
00:59:39.0185 1728 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:59:39.0201 1728 Imapi - ok
00:59:39.0263 1728 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:59:39.0279 1728 ImapiService - ok
00:59:39.0310 1728 ini910u - ok
00:59:39.0326 1728 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:59:39.0341 1728 IntelIde - ok
00:59:39.0498 1728 ioloSystemService (440a02fa25be8dccd2103d820036eda1) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
00:59:39.0529 1728 ioloSystemService - ok
00:59:39.0669 1728 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:59:39.0685 1728 ip6fw - ok
00:59:39.0732 1728 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:59:39.0763 1728 IpFilterDriver - ok
00:59:39.0779 1728 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:59:39.0810 1728 IpInIp - ok
00:59:39.0857 1728 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:59:39.0888 1728 IpNat - ok
00:59:39.0935 1728 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:59:39.0951 1728 IPSec - ok
00:59:39.0982 1728 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:59:39.0998 1728 IRENUM - ok
00:59:40.0044 1728 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:59:40.0044 1728 isapnp - ok
00:59:40.0201 1728 JavaQuickStarterService (11c3efb4bac41175d03b1595db1a4a4f) C:\Program Files\Java\jre6\bin\jqs.exe
00:59:40.0263 1728 JavaQuickStarterService - ok
00:59:40.0310 1728 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:59:40.0326 1728 Kbdclass - ok
00:59:40.0388 1728 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:59:40.0404 1728 kmixer - ok
00:59:40.0435 1728 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:59:40.0466 1728 KSecDD - ok
00:59:40.0513 1728 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:59:40.0529 1728 lanmanserver - ok
00:59:40.0591 1728 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:59:40.0623 1728 lanmanworkstation - ok
00:59:40.0638 1728 lbrtfdc - ok
00:59:40.0701 1728 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:59:40.0716 1728 LmHosts - ok
00:59:40.0794 1728 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
00:59:40.0873 1728 ltmodem5 - ok
00:59:40.0935 1728 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
00:59:40.0951 1728 MarvinBus - ok
00:59:41.0013 1728 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:59:41.0029 1728 Messenger - ok
00:59:41.0060 1728 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:59:41.0076 1728 mnmdd - ok
00:59:41.0123 1728 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
00:59:41.0138 1728 mnmsrvc - ok
00:59:41.0169 1728 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:59:41.0185 1728 Modem - ok
00:59:41.0232 1728 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:59:41.0248 1728 Mouclass - ok
00:59:41.0294 1728 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:59:41.0310 1728 mouhid - ok
00:59:41.0357 1728 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:59:41.0373 1728 MountMgr - ok
00:59:41.0388 1728 mraid35x - ok
00:59:41.0435 1728 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:59:41.0482 1728 MRxDAV - ok
00:59:41.0529 1728 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:59:41.0607 1728 MRxSmb - ok
00:59:41.0654 1728 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
00:59:41.0654 1728 MSDTC - ok
00:59:41.0716 1728 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
00:59:41.0748 1728 MSDV - ok
00:59:41.0763 1728 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:59:41.0763 1728 Msfs - ok
00:59:41.0794 1728 MSIServer - ok
00:59:41.0810 1728 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:59:41.0841 1728 MSKSSRV - ok
00:59:41.0857 1728 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:59:41.0888 1728 MSPCLOCK - ok
00:59:41.0904 1728 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:59:41.0919 1728 MSPQM - ok
00:59:41.0966 1728 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:59:41.0982 1728 mssmbios - ok
00:59:42.0029 1728 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:59:42.0044 1728 MSTEE - ok
00:59:42.0091 1728 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:59:42.0123 1728 Mup - ok
00:59:42.0169 1728 MxlW2k (19dd5c581eef70134ccef87d626f4417) C:\WINDOWS\system32\drivers\MxlW2k.sys
00:59:42.0201 1728 MxlW2k - ok
00:59:42.0232 1728 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:59:42.0248 1728 NABTSFEC - ok
00:59:42.0294 1728 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:59:42.0326 1728 napagent - ok
00:59:42.0373 1728 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:59:42.0404 1728 NDIS - ok
00:59:42.0435 1728 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:59:42.0451 1728 NdisIP - ok
00:59:42.0513 1728 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:59:42.0513 1728 NdisTapi - ok
00:59:42.0560 1728 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:59:42.0591 1728 Ndisuio - ok
00:59:42.0607 1728 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:59:42.0638 1728 NdisWan - ok
00:59:42.0685 1728 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:59:42.0685 1728 NDProxy - ok
00:59:42.0732 1728 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:59:42.0732 1728 NetBIOS - ok
00:59:42.0779 1728 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:59:42.0810 1728 NetBT - ok
00:59:42.0857 1728 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:59:42.0873 1728 NetDDE - ok
00:59:42.0888 1728 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:59:42.0888 1728 NetDDEdsdm - ok
00:59:42.0919 1728 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:59:42.0919 1728 Netlogon - ok
00:59:42.0982 1728 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:59:42.0998 1728 Netman - ok
00:59:43.0091 1728 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:59:43.0123 1728 NetTcpPortSharing - ok
00:59:43.0169 1728 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:59:43.0185 1728 NIC1394 - ok
00:59:43.0248 1728 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:59:43.0248 1728 Nla - ok
00:59:43.0310 1728 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:59:43.0310 1728 Npfs - ok
00:59:43.0357 1728 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:59:43.0388 1728 Ntfs - ok
00:59:43.0435 1728 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
00:59:43.0435 1728 NtLmSsp - ok
00:59:43.0498 1728 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:59:43.0529 1728 NtmsSvc - ok
00:59:43.0576 1728 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:59:43.0591 1728 Null - ok
00:59:43.0716 1728 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:59:43.0935 1728 nv - ok
00:59:44.0091 1728 NVSvc (ff73ccf924226c1e4d4af8f34cf2d1f3) C:\WINDOWS\System32\nvsvc32.exe
00:59:44.0123 1728 NVSvc - ok
00:59:44.0185 1728 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:59:44.0201 1728 NwlnkFlt - ok
00:59:44.0216 1728 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:59:44.0248 1728 NwlnkFwd - ok
00:59:44.0435 1728 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:59:44.0498 1728 odserv - ok
00:59:44.0560 1728 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:59:44.0576 1728 ohci1394 - ok
00:59:44.0638 1728 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:59:46.0013 1728 ose - ok
00:59:46.0060 1728 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:59:46.0107 1728 Parport - ok
00:59:46.0123 1728 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:59:46.0123 1728 PartMgr - ok
00:59:46.0154 1728 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:59:46.0169 1728 ParVdm - ok
00:59:46.0201 1728 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:59:46.0201 1728 PCI - ok
00:59:46.0216 1728 PCIDump - ok
00:59:46.0263 1728 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
00:59:46.0279 1728 PCIIde - ok
00:59:46.0310 1728 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:59:46.0357 1728 Pcmcia - ok
00:59:46.0373 1728 PDCOMP - ok
00:59:46.0404 1728 PDFRAME - ok
00:59:46.0419 1728 PDRELI - ok
00:59:46.0435 1728 PDRFRAME - ok
00:59:46.0451 1728 perc2 - ok
00:59:46.0482 1728 perc2hib - ok
00:59:46.0560 1728 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
00:59:46.0576 1728 pfc - ok
00:59:46.0638 1728 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:59:46.0638 1728 PlugPlay - ok
00:59:46.0685 1728 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:59:46.0685 1728 PolicyAgent - ok
00:59:46.0732 1728 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:59:46.0763 1728 PptpMiniport - ok
00:59:46.0779 1728 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
00:59:46.0810 1728 Processor - ok
00:59:46.0826 1728 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:59:46.0841 1728 ProtectedStorage - ok
00:59:46.0888 1728 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
00:59:46.0904 1728 Ps2 - ok
00:59:46.0919 1728 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:59:46.0951 1728 PSched - ok
00:59:46.0982 1728 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:59:47.0060 1728 Ptilink - ok
00:59:47.0107 1728 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
00:59:47.0107 1728 PxHelp20 - ok
00:59:47.0138 1728 ql1080 - ok
00:59:47.0154 1728 Ql10wnt - ok
00:59:47.0169 1728 ql12160 - ok
00:59:47.0201 1728 ql1240 - ok
00:59:47.0216 1728 ql1280 - ok
00:59:47.0232 1728 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:59:47.0248 1728 RasAcd - ok
00:59:47.0310 1728 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:59:47.0326 1728 RasAuto - ok
00:59:47.0373 1728 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:59:47.0388 1728 Rasl2tp - ok
00:59:47.0451 1728 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:59:47.0466 1728 RasMan - ok
00:59:47.0498 1728 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:59:47.0513 1728 RasPppoe - ok
00:59:47.0544 1728 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:59:47.0560 1728 Raspti - ok
00:59:47.0623 1728 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:59:47.0638 1728 Rdbss - ok
00:59:47.0654 1728 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:59:47.0669 1728 RDPCDD - ok
00:59:47.0748 1728 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
00:59:47.0763 1728 RDPWD - ok
00:59:47.0810 1728 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:59:47.0826 1728 RDSessMgr - ok
00:59:47.0873 1728 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:59:47.0888 1728 redbook - ok
00:59:47.0935 1728 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:59:47.0951 1728 RemoteAccess - ok
00:59:47.0982 1728 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
00:59:47.0998 1728 RpcLocator - ok
00:59:48.0076 1728 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
00:59:48.0091 1728 RpcSs - ok
00:59:48.0138 1728 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
00:59:48.0154 1728 RSVP - ok
00:59:48.0216 1728 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
00:59:48.0263 1728 RTL8023xp - ok
00:59:48.0310 1728 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
00:59:48.0326 1728 rtl8139 - ok
00:59:48.0373 1728 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
00:59:48.0404 1728 S3Psddr - ok
00:59:48.0466 1728 SABProcEnum - ok
00:59:48.0513 1728 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:59:48.0513 1728 SamSs - ok
00:59:48.0560 1728 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:59:48.0576 1728 SASDIFSV - ok
00:59:48.0607 1728 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
00:59:48.0623 1728 SASENUM - ok
00:59:48.0654 1728 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
00:59:48.0669 1728 SASKUTIL - ok
00:59:48.0716 1728 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:59:48.0732 1728 SCardSvr - ok
00:59:48.0779 1728 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:59:48.0794 1728 Schedule - ok
00:59:48.0841 1728 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:59:48.0873 1728 Secdrv - ok
00:59:48.0904 1728 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:59:48.0919 1728 seclogon - ok
00:59:48.0966 1728 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:59:48.0966 1728 SENS - ok
00:59:49.0013 1728 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:59:49.0029 1728 Serenum - ok
00:59:49.0076 1728 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:59:49.0107 1728 Serial - ok
00:59:49.0201 1728 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:59:49.0216 1728 Sfloppy - ok
00:59:49.0279 1728 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:59:49.0310 1728 SharedAccess - ok
00:59:49.0357 1728 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:59:49.0373 1728 ShellHWDetection - ok
00:59:49.0404 1728 Simbad - ok
00:59:49.0435 1728 SISAGP (99d5140d748ba27576a4c883e536e6d6) C:\WINDOWS\system32\DRIVERS\SISAGP.sys
00:59:49.0435 1728 SISAGP - ok
00:59:49.0482 1728 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:59:49.0498 1728 SLIP - ok
00:59:49.0560 1728 snapman (b6aa9bbff890ffea333ffe81d0b888ff) C:\WINDOWS\system32\DRIVERS\snapman.sys
00:59:49.0607 1728 snapman - ok
00:59:49.0638 1728 Sparrow - ok
00:59:49.0685 1728 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:59:49.0701 1728 splitter - ok
00:59:49.0763 1728 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:59:49.0763 1728 Spooler - ok
00:59:49.0794 1728 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:59:49.0810 1728 sr - ok
00:59:49.0857 1728 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:59:49.0873 1728 srservice - ok
00:59:49.0935 1728 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:59:49.0951 1728 Srv - ok
00:59:50.0013 1728 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:59:50.0029 1728 SSDPSRV - ok
00:59:50.0091 1728 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:59:50.0123 1728 stisvc - ok
00:59:50.0169 1728 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:59:50.0185 1728 streamip - ok
00:59:50.0232 1728 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:59:50.0248 1728 swenum - ok
00:59:50.0279 1728 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:59:50.0466 1728 swmidi - ok
00:59:50.0482 1728 SwPrv - ok
00:59:50.0513 1728 symc810 - ok
00:59:50.0529 1728 symc8xx - ok
00:59:50.0544 1728 sym_hi - ok
00:59:50.0560 1728 sym_u3 - ok
00:59:50.0623 1728 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:59:50.0638 1728 sysaudio - ok
00:59:50.0669 1728 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:59:50.0701 1728 SysmonLog - ok
00:59:50.0732 1728 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:59:50.0763 1728 TapiSrv - ok
00:59:50.0841 1728 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:59:50.0857 1728 Tcpip - ok
00:59:50.0919 1728 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:59:50.0935 1728 TDPIPE - ok
00:59:50.0966 1728 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:59:50.0982 1728 TDTCP - ok
00:59:51.0029 1728 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:59:51.0044 1728 TermDD - ok
00:59:51.0076 1728 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:59:51.0107 1728 TermService - ok
00:59:51.0169 1728 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:59:51.0169 1728 Themes - ok
00:59:51.0201 1728 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
00:59:51.0232 1728 tifsfilter - ok
00:59:51.0279 1728 timounter (74711884439bdf9ccf446c79cb05fac0) C:\WINDOWS\system32\DRIVERS\timntr.sys
00:59:51.0419 1728 timounter - ok
00:59:51.0451 1728 TosIde - ok
00:59:51.0498 1728 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:59:51.0513 1728 TrkWks - ok
00:59:51.0560 1728 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:59:51.0591 1728 Udfs - ok
00:59:51.0623 1728 ultra - ok
00:59:51.0669 1728 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:59:51.0732 1728 Update - ok
00:59:51.0763 1728 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:59:51.0794 1728 upnphost - ok
00:59:51.0826 1728 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:59:51.0841 1728 UPS - ok
00:59:51.0888 1728 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:59:51.0904 1728 usbehci - ok
00:59:51.0935 1728 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:59:51.0966 1728 usbhub - ok
00:59:51.0998 1728 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:59:52.0029 1728 usbohci - ok
00:59:52.0076 1728 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:59:52.0091 1728 usbprint - ok
00:59:52.0138 1728 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:59:52.0154 1728 usbscan - ok
00:59:52.0201 1728 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:59:52.0216 1728 USBSTOR - ok
00:59:52.0248 1728 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:59:52.0263 1728 usbuhci - ok
00:59:52.0310 1728 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:59:52.0326 1728 VgaSave - ok
00:59:52.0373 1728 viaagp1 (099f10c7b9d4c7a2bf48d4c6eca1e7f1) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
00:59:52.0388 1728 viaagp1 - ok
00:59:52.0435 1728 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
00:59:52.0451 1728 ViaIde - ok
00:59:52.0466 1728 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:59:52.0482 1728 VolSnap - ok
00:59:52.0623 1728 vseamps (9ba46ed5fc55ce97aa7bbbe273f1b1e3) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
00:59:52.0638 1728 vseamps - ok
00:59:52.0654 1728 vsedsps (37708f105e90b0ff29dca7cfdc748c70) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
00:59:52.0669 1728 vsedsps - ok
00:59:52.0701 1728 vseqrts (994a1ab4cbeb530678f0d27cecee50ac) C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
00:59:54.0091 1728 vseqrts - ok
00:59:54.0138 1728 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:59:54.0169 1728 VSS - ok
00:59:54.0201 1728 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:59:54.0216 1728 W32Time - ok
00:59:54.0248 1728 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:59:54.0279 1728 Wanarp - ok
00:59:54.0294 1728 WDICA - ok
00:59:54.0357 1728 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:59:54.0388 1728 wdmaud - ok
00:59:54.0419 1728 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:59:54.0419 1728 WebClient - ok
00:59:54.0498 1728 WinDriver6 (2c7d830e86b378771af5dafeae428a09) C:\WINDOWS\system32\drivers\windrvr6.sys
00:59:54.0544 1728 WinDriver6 - ok
00:59:54.0638 1728 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:59:54.0685 1728 winmgmt - ok
00:59:54.0779 1728 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
00:59:54.0982 1728 WinRM - ok
00:59:55.0138 1728 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
00:59:55.0169 1728 WmdmPmSN - ok
00:59:55.0263 1728 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
00:59:55.0326 1728 WmiApSrv - ok
00:59:55.0419 1728 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:59:55.0607 1728 WMPNetworkSvc - ok
00:59:55.0763 1728 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
00:59:55.0779 1728 WpdUsb - ok
00:59:55.0919 1728 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:59:56.0091 1728 WPFFontCache_v0400 - ok
00:59:56.0138 1728 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:59:56.0154 1728 WS2IFSL - ok
00:59:56.0201 1728 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
00:59:56.0216 1728 wscsvc - ok
00:59:56.0248 1728 WSearch - ok
00:59:56.0294 1728 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:59:56.0310 1728 WSTCODEC - ok
00:59:56.0357 1728 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:59:56.0373 1728 wuauserv - ok
00:59:56.0419 1728 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:59:56.0419 1728 WudfPf - ok
00:59:56.0451 1728 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:59:56.0513 1728 WudfRd - ok
00:59:56.0560 1728 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:59:56.0591 1728 WudfSvc - ok
00:59:56.0654 1728 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:59:56.0685 1728 WZCSVC - ok
00:59:56.0732 1728 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:59:56.0763 1728 xmlprov - ok
00:59:56.0826 1728 {6080A529-897E-4629-A488-ABA0C29B635E} (f0890825e7a9f4a808190a781c480568) C:\WINDOWS\system32\drivers\ialmsbw.sys
00:59:56.0873 1728 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
00:59:56.0904 1728 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (8854f5453cce4c5831538e935f92f73b) C:\WINDOWS\system32\drivers\ialmkchw.sys
00:59:56.0919 1728 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
00:59:56.0951 1728 MBR (0x1B8) (24bf22b59c30b9b11e1af62cfc3c418e) \Device\Harddisk0\DR0
00:59:56.0998 1728 \Device\Harddisk0\DR0 - ok
00:59:57.0013 1728 Boot (0x1200) (59941af2d2b83c1b3bf668e6145b649f) \Device\Harddisk0\DR0\Partition0
00:59:57.0013 1728 \Device\Harddisk0\DR0\Partition0 - ok
00:59:57.0029 1728 Boot (0x1200) (5f0361f57066795a0233de6545eccdb8) \Device\Harddisk0\DR0\Partition1
00:59:57.0029 1728 \Device\Harddisk0\DR0\Partition1 - ok
00:59:57.0029 1728 ============================================================
00:59:57.0029 1728 Scan finished
00:59:57.0029 1728 ============================================================
00:59:57.0060 2112 Detected object count: 0
00:59:57.0060 2112 Actual detected object count: 0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 18 July 2012 - 12:40 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Arney X

Arney X
  • Topic Starter

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT, USA
  • Local time:02:16 PM

Posted 18 July 2012 - 02:33 AM

Succinct response, Gringo. I like it.

MAN, that aswMBR took a lot longer than I expected! Here's the log file:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-18 01:22:46
-----------------------------
01:22:46.419 OS Version: Windows 5.1.2600 Service Pack 3
01:22:46.419 Number of processors: 1 586 0x207
01:22:46.419 ComputerName: 2ND-ORIGINAL-XP UserName: Owner
01:22:47.669 Initialize success
01:29:25.185 AVAST engine defs: 12071701
01:30:10.404 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:30:10.404 Disk 0 Vendor: MAXTOR_STM3500630A 3.AAE Size: 476940MB BusType: 3
01:30:10.419 Disk 0 MBR read successfully
01:30:10.419 Disk 0 MBR scan
01:30:10.466 Disk 0 unknown MBR code
01:30:10.466 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 33768 MB offset 63
01:30:10.623 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 443168 MB offset 69158880
01:30:10.638 Disk 0 scanning sectors +976767120
01:30:10.732 Disk 0 scanning C:\WINDOWS\system32\drivers
01:30:41.154 Service scanning
01:31:20.232 Modules scanning
01:31:28.107 Disk 0 trace - called modules:
01:31:28.123 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
01:31:28.654 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f72ab8]
01:31:28.654 3 CLASSPNP.SYS[f7596fd7] -> nt!IofCallDriver -> \Device\0000005c[0x86f4f130]
01:31:28.654 5 ACPI.sys[f750d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f77d98]
01:31:29.591 AVAST engine scan C:\WINDOWS
01:32:25.232 AVAST engine scan C:\WINDOWS\system32
01:43:42.935 AVAST engine scan C:\WINDOWS\system32\drivers
01:44:52.185 AVAST engine scan C:\Documents and Settings\Owner
02:24:56.685 AVAST engine scan C:\Documents and Settings\All Users
03:08:18.779 Scan finished successfully
03:29:57.607 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
03:29:57.607 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 18 July 2012 - 02:40 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
explorer.exe
svchost.exe
winlogon.exe
rundll32.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users