Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HD failure notice??


  • This topic is locked This topic is locked
20 replies to this topic

#1 sierra xb

sierra xb

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 22 July 2012 - 11:30 PM

I started my computer the other day and immediately got this notice...

"System error. Hard disk failure detected
It is highly recommended to run complete HDD scan to prevent loss of personal files"

I also recieved 25 messages containing the following...

"System message - Write Fault Error
A write command during the test failed to complete. This may be due to a media or read/write error.
The system reference to aninvalid system memory address"

down on the taskbar i also recieved this message...

"critical error drive sector not found"

at first, i still had all of my desktop icons, so i was able to run Avira and do a full system scan (copy of report included below). It detected the following items...

TR/ATRAPS.Gen2
JAVA/Dldr.Treams.BH
TR/Graftor.36875.2 (two detections of this one)

now, all of the icons are gone except IE, and my recycle bin. Program list is empty, desktop is black.

My computer is a dell optiplex gx280 running windows xp

Here is the avira scan log...

Avira Free Antivirus
Report file date: Sunday, July 22, 2012 07:15

Scanning for 3914456 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Administrator
Computer name : DELLGX280

Version information:
BUILD.DAT : 12.0.0.1125 41829 Bytes 5/2/2012 17:40:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 5/2/2012 07:48:51
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 22:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 08:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 07:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 7/16/2012 00:39:29
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 03:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 08:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 08:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 18:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 19:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 00:38:51
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 00:38:52
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 00:38:53
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 00:38:53
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 00:38:53
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 00:38:54
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 00:38:54
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 00:38:55
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 00:38:55
VBASE014.VDF : 7.11.34.201 169472 Bytes 7/2/2012 00:38:57
VBASE015.VDF : 7.11.35.19 122368 Bytes 7/4/2012 00:38:58
VBASE016.VDF : 7.11.35.87 146944 Bytes 7/6/2012 00:38:59
VBASE017.VDF : 7.11.35.143 126464 Bytes 7/9/2012 00:39:00
VBASE018.VDF : 7.11.35.235 151552 Bytes 7/12/2012 00:39:01
VBASE019.VDF : 7.11.36.45 118784 Bytes 7/13/2012 00:39:02
VBASE020.VDF : 7.11.36.107 123904 Bytes 7/16/2012 23:16:07
VBASE021.VDF : 7.11.36.147 238592 Bytes 7/17/2012 23:16:10
VBASE022.VDF : 7.11.36.209 135168 Bytes 7/19/2012 23:16:26
VBASE023.VDF : 7.11.37.19 116224 Bytes 7/21/2012 23:16:14
VBASE024.VDF : 7.11.37.20 2048 Bytes 7/21/2012 23:16:14
VBASE025.VDF : 7.11.37.21 2048 Bytes 7/21/2012 23:16:14
VBASE026.VDF : 7.11.37.22 2048 Bytes 7/21/2012 23:16:14
VBASE027.VDF : 7.11.37.23 2048 Bytes 7/21/2012 23:16:14
VBASE028.VDF : 7.11.37.24 2048 Bytes 7/21/2012 23:16:15
VBASE029.VDF : 7.11.37.25 2048 Bytes 7/21/2012 23:16:15
VBASE030.VDF : 7.11.37.26 2048 Bytes 7/21/2012 23:16:15
VBASE031.VDF : 7.11.37.36 54272 Bytes 7/21/2012 23:16:16
Engine version : 8.2.10.118
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/16/2012 00:39:26
AESCRIPT.DLL : 8.1.4.34 455035 Bytes 7/19/2012 23:16:43
AESCN.DLL : 8.1.8.2 131444 Bytes 2/17/2012 01:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 7/16/2012 00:39:27
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 08:22:40
AEPACK.DLL : 8.3.0.16 807287 Bytes 7/19/2012 23:16:42
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 7/19/2012 23:16:39
AEHEUR.DLL : 8.1.4.76 5063031 Bytes 7/19/2012 23:16:38
AEHELP.DLL : 8.1.23.2 258422 Bytes 7/16/2012 00:39:13
AEGEN.DLL : 8.1.5.34 434548 Bytes 7/19/2012 23:16:27
AEEXP.DLL : 8.1.0.68 86389 Bytes 7/19/2012 23:16:44
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/16/2012 00:39:11
AECORE.DLL : 8.1.27.2 201078 Bytes 7/16/2012 00:39:10
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 08:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 07:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 07:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 07:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 07:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 07:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 06:11:02
AVSMTP.DLL : 12.3.0.15 63440 Bytes 5/2/2012 07:51:35
NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 08:33:29
RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 5/2/2012 09:03:52
RCTEXT.DLL : 12.3.0.15 96720 Bytes 5/2/2012 22:40:44

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Sunday, July 22, 2012 07:15

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

The scan of running processes will be started
Scan process 'nwiz.exe' - '1' Module(s) have been scanned
Scan process 'attrib.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'attrib.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'attrib.exe' - '1' Module(s) have been scanned
Scan process 'attrib.exe' - '1' Module(s) have been scanned
Scan process 'attrib.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'daemonu.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'SASCORE.EXE' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'YNmgewtRfOqdbYh.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'LWS.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1169' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 05-30-2011 - 08-55-49.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Administrator\Local Settings\Application Data\{40c924e7-3aea-aab0-255b-09253ab21bf1}\n
[DETECTION] Is the TR/Graftor.36875.2 Trojan
C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache45263064125464293.tmp
[0] Archive type: ZIP
--> dxyuops/cedl0wdrs.class
[DETECTION] Contains recognition pattern of the EXP/0507.CO.2 exploit
--> dxyuops/cvfd.class
[DETECTION] Contains recognition pattern of the EXP/0507.CP.2 exploit
--> dxyuops/jx98.class
[DETECTION] Contains recognition pattern of the EXP/5353.AL.3 exploit
--> dxyuops/M4S1art.class
[DETECTION] Contains recognition pattern of the EXP/2010-0840.CH exploit
--> dxyuops/OPX.class
[DETECTION] Contains recognition pattern of the EXP/0507.CQ.2 exploit
--> dxyuops/rtrsds.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.AK Java virus
--> dxyuops/tert.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.AL Java virus
--> dxyuops/uiop.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.BH Java virus
C:\Documents and Settings\Administrator\My Documents\Subaru tech\PDFTown.com-97-98-impreza.part1.rar
[WARNING] Error multiple volume
C:\Documents and Settings\Administrator\My Documents\Subaru tech\PDFTown.com-97-98-impreza.part2.rar
[WARNING] Error multiple volume
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudDefenseCenter.zip
[WARNING] The file is password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudDefenseCenter1.zip
[WARNING] The file is password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudWindowsRecovery.zip
[WARNING] The file is password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudWindowsRecovery1.zip
[WARNING] The file is password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsActiveDesktop.zip
[WARNING] The file is password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsExplorer.zip
[WARNING] The file is password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip
[WARNING] The file is password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride.zip
[WARNING] The file is password protected
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1227279706jtun_sav10ennful25.m25.full.zip
[WARNING] The file is password protected
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1242256104jtun_nav2k8enn11m25.m25
[WARNING] Invalid end of file
C:\WINDOWS\Installer\{40c924e7-3aea-aab0-255b-09253ab21bf1}\n
[DETECTION] Is the TR/Graftor.36875.2 Trojan
C:\WINDOWS\Installer\{40c924e7-3aea-aab0-255b-09253ab21bf1}\U\80000032.@
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan

Beginning disinfection:
C:\WINDOWS\Installer\{40c924e7-3aea-aab0-255b-09253ab21bf1}\U\80000032.@
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '52908ae3.qua'.
C:\WINDOWS\Installer\{40c924e7-3aea-aab0-255b-09253ab21bf1}\n
[DETECTION] Is the TR/Graftor.36875.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4ab2a545.qua'.
C:\Documents and Settings\Administrator\Local Settings\temp\jar_cache45263064125464293.tmp
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.BH Java virus
[NOTE] The file was moved to the quarantine directory under the name '181aff7d.qua'.
C:\Documents and Settings\Administrator\Local Settings\Application Data\{40c924e7-3aea-aab0-255b-09253ab21bf1}\n
[DETECTION] Is the TR/Graftor.36875.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '7edab06f.qua'.


End of the scan: Sunday, July 22, 2012 09:45
Used time: 1:44:36 Hour(s)

The scan has been done completely.

10679 Scanned directories
368455 Files were scanned
11 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
368444 Files not concerned
2342 Archives were scanned
13 Warnings
4 Notes




Any help would be greatly appreciated, thanks

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 27 July 2012 - 11:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462018 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:49 AM

Posted 28 July 2012 - 12:07 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 sierra xb

sierra xb
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 28 July 2012 - 11:26 AM

ok, thank you for your reply...

ran defogger
ran security check, here are the results...

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AntiVir Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 20
Java version out of Date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 35% Defragment your hard drive soon!
````````````````````End of Log``````````````````````


ran DDS, here are the logs

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Administrator at 9:19:23 on 2012-07-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2211 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Documents and Settings\All Users\Application Data\YNmgewtRfOqdbYh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "c:\documents and settings\administrator\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_265_ActiveX.exe -update activex
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [YNmgewtRfOqdbYh.exe] c:\documents and settings\all users\application data\YNmgewtRfOqdbYh.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\setup_~1.lnk - c:\documents and settings\administrator\desktop\new repair tools\virus removal tool\setup_9.0.0.722_07.06.2011_00-58\startup.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1095424038890
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229558819250
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.6.1
TCP: Interfaces\{0AA8B134-F217-4D96-B804-441E8EC131FF} : DhcpNameServer = 192.168.6.1
TCP: Interfaces\{D9CFB39F-9C71-473E-AFFF-64A213CFE24E} : DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-7-15 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-7-15 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-7-15 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-7-15 83392]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-2-20 2253120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-11 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-11 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-22 06:02:29 340480 ---ha-w- c:\documents and settings\all users\application data\YNmgewtRfOqdbYh.exe
2012-07-16 00:43:25 -------- d--h--w- c:\documents and settings\administrator\application data\Avira
2012-07-16 00:37:31 83392 ---ha-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-16 00:37:31 36000 ---ha-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-16 00:37:22 -------- d--h--w- c:\program files\Avira
2012-07-16 00:37:22 -------- d--h--w- c:\documents and settings\all users\application data\Avira
.
==================== Find3M ====================
.
2012-07-13 15:08:54 70344 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 15:08:54 426184 ---ha-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 20:46:44 22344 ---ha-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ---ha-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ---ha-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ---ha-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ---ha-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ---ha-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ---ha-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ---ha-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ---ha-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ---ha-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ---ha-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ---ha-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ---ha-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ---ha-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ---ha-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ---ha-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ---ha-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ---ha-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ---ha-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 9:19:48.70 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/17/2004 5:16:58 AM
System Uptime: 7/28/2012 8:51:07 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0XF964
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 3.453 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP314: 5/29/2012 8:26:05 PM - System Checkpoint
RP315: 5/30/2012 9:11:18 PM - System Checkpoint
RP316: 5/31/2012 10:17:33 PM - System Checkpoint
RP317: 6/2/2012 8:55:36 AM - System Checkpoint
RP318: 6/3/2012 4:35:10 PM - System Checkpoint
RP319: 6/4/2012 10:08:00 PM - System Checkpoint
RP320: 6/6/2012 7:36:02 AM - System Checkpoint
RP321: 6/7/2012 10:25:19 AM - System Checkpoint
RP322: 6/8/2012 3:53:13 PM - System Checkpoint
RP323: 6/9/2012 3:58:13 PM - System Checkpoint
RP324: 6/10/2012 4:37:43 PM - System Checkpoint
RP325: 6/11/2012 8:06:33 PM - System Checkpoint
RP326: 6/13/2012 7:34:29 AM - System Checkpoint
RP327: 6/14/2012 4:28:33 PM - System Checkpoint
RP328: 6/15/2012 6:00:47 PM - System Checkpoint
RP329: 6/17/2012 7:39:33 AM - System Checkpoint
RP330: 6/18/2012 9:20:41 AM - System Checkpoint
RP331: 6/19/2012 10:33:51 AM - System Checkpoint
RP332: 6/20/2012 4:59:29 PM - Software Distribution Service 3.0
RP333: 6/21/2012 5:31:21 PM - System Checkpoint
RP334: 6/22/2012 6:05:13 PM - System Checkpoint
RP335: 6/23/2012 6:17:22 PM - System Checkpoint
RP336: 6/24/2012 8:29:59 PM - System Checkpoint
RP337: 6/25/2012 9:46:15 PM - System Checkpoint
RP338: 6/27/2012 7:36:07 AM - System Checkpoint
RP339: 6/28/2012 4:40:15 PM - System Checkpoint
RP340: 6/29/2012 6:19:04 PM - System Checkpoint
RP341: 7/1/2012 7:36:34 AM - System Checkpoint
RP342: 7/2/2012 9:30:42 AM - System Checkpoint
RP343: 7/3/2012 12:47:43 PM - System Checkpoint
RP344: 7/4/2012 4:25:30 PM - System Checkpoint
RP345: 7/5/2012 4:34:47 PM - System Checkpoint
RP346: 7/6/2012 5:57:49 PM - System Checkpoint
RP347: 7/7/2012 7:56:34 PM - System Checkpoint
RP348: 7/8/2012 9:18:17 PM - System Checkpoint
RP349: 7/9/2012 10:13:50 PM - System Checkpoint
RP350: 7/10/2012 10:44:58 PM - System Checkpoint
RP351: 7/12/2012 7:25:50 AM - System Checkpoint
RP352: 7/13/2012 8:31:16 AM - System Checkpoint
RP353: 7/13/2012 7:44:02 PM - Software Distribution Service 3.0
RP354: 7/14/2012 8:37:54 PM - System Checkpoint
RP355: 7/15/2012 11:23:28 PM - System Checkpoint
RP356: 7/17/2012 9:33:01 AM - System Checkpoint
RP357: 7/18/2012 5:54:41 PM - System Checkpoint
RP358: 7/19/2012 6:50:20 PM - System Checkpoint
RP359: 7/20/2012 7:28:26 PM - System Checkpoint
RP360: 7/21/2012 8:41:12 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Avira Free Antivirus
Big City Adventure - San Francisco
Big City Adventure: Sydney, Australia
Big Fish Games: Game Manager
Broadcom Gigabit Integrated Controller
Camera Support Core Library
Camera Window
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
City Sights: Hello Seattle
Click to Call with Skype
Critical Update for Windows Media Player 11 (KB959772)
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159
GIMP 2.6.11
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 20
LiveUpdate 3.3 (Symantec Corporation)
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.0
MovieEdit Task
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Control Panel 285.58
NVIDIA Graphics Driver 285.58
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Update 1.5.20
NVIDIA Update Components
OGA Notifier 2.0.0048.0
PhotoStitch
PowerDVD
QuickTime
RAW Image Task 1.1
RemoteCapture Task 1.0.3
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
SecondLifeViewer (remove only)
SecondLifeViewer2 (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype™ 5.5
Sonic CinePlayer Decoder Pack
SoundMAX
Spybot - Search & Destroy
SUPERAntiSpyware
System Requirements Lab
TOPO!
TOPO! California Map Pack
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vacation Quest: The Hawaiian Islands
VLC media player 0.9.8a
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WOT for Internet Explorer
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
7/22/2012 6:00:45 PM, error: Dhcp [1002] - The IP address lease 192.168.6.100 for the Network Card with network address 0014225C3C64 has been denied by the DHCP server 192.168.6.1 (The DHCP Server sent a DHCPNACK message).
7/22/2012 1:27:47 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
7/22/2012 1:26:34 PM, error: SRService [104] - The System Restore initialization process failed.
7/21/2012 7:14:43 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
.
==== End Of File ===========================



since the last tine i sent anything, my avira picked up another virus, even though i have not been using the computer. It detected this one...

TR/Tibs.IT.212

everything else is the same. Most of my desktop icons are gone (except IE and my trash), program list is gone, cannot access computer files or control panel. I still have internet access though.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:49 AM

Posted 28 July 2012 - 12:00 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 sierra xb

sierra xb
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 28 July 2012 - 03:08 PM

ok, i ran combofix...here is the log...


ComboFix 12-07-27.03 - Administrator 07/28/2012 12:23:06.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2519 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\bmp2A.tmp
c:\documents and settings\All Users\Application Data\13B4A64C9B.sys
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\YNmgewtRfOqdbYh.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-16 00:43 . 2012-07-16 00:43 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Avira
2012-07-16 00:37 . 2012-04-27 17:20 137928 ---ha-w- c:\windows\system32\drivers\avipbb.sys
2012-07-16 00:37 . 2012-04-25 07:32 83392 ---ha-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-16 00:37 . 2012-04-17 04:18 36000 ---ha-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-16 00:37 . 2012-07-16 00:37 -------- d--h--w- c:\program files\Avira
2012-07-16 00:37 . 2012-07-16 00:37 -------- d--h--w- c:\documents and settings\All Users\Application Data\Avira
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 15:08 . 2012-04-05 02:22 426184 ---ha-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 15:08 . 2011-06-13 23:07 70344 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2011-07-31 22:53 22344 ---ha-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2004-08-04 10:00 1866112 ---ha-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ---ha-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 10:00 1172480 ---ha-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 10:00 152576 ---ha-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2008-10-16 21:09 22040 ---ha-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2008-10-16 21:07 15384 ---ha-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2004-09-17 12:12 329240 ---ha-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2004-09-17 12:12 210968 ---ha-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2004-09-17 12:12 219160 ---ha-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2008-10-16 21:09 45080 ---ha-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2008-10-16 21:07 15384 ---ha-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2004-09-17 12:12 35864 ---ha-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2004-09-17 12:12 53784 ---ha-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2004-08-04 10:00 97304 ---ha-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2008-10-16 21:07 17944 ---ha-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2004-09-17 12:12 577048 ---ha-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2004-09-17 12:12 1933848 ---ha-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2008-12-18 00:07 275696 ---ha-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2008-12-18 00:07 17136 ---ha-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 22:18 . 2008-10-16 22:07 214256 ---ha-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-04 10:00 599040 ---ha-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-03-04 03:33 916992 ---ha-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-04 10:00 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 10:00 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 10:00 385024 ---ha-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-03-30 01:23 2148352 ---ha-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2005-03-30 01:01 2026496 ---ha-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-09-17 12:10 139656 ---ha-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
setup_9.0.0.722_07.06.2011_00-58.lnk - c:\documents and settings\Administrator\Desktop\new repair tools\Virus Removal Tool\setup_9.0.0.722_07.06.2011_00-58\startup.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-02 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ---ha-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ---ha-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 02:36 30040 ---ha-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 22:46 77824 ---ha-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 22:50 114688 ---ha-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 22:49 94208 ---ha-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 11:40 218032 ---ha-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-21 00:23 118784 -c-h--w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 22:42 1404928 -c-ha-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 18:43 248040 -c-ha-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [7/15/2012 5:37 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 11:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 10:54 AM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/15/2012 5:37 PM 86224]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2/20/2012 10:58 AM 2253120]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2010 10:29 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2010 10:29 AM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-1060284298-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-01 23:16]
.
2012-07-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-1060284298-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-01 23:16]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 17:29]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 17:29]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1060284298-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-14 23:44]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1060284298-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-14 23:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.6.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
HKLM-Run-YNmgewtRfOqdbYh.exe - c:\documents and settings\All Users\Application Data\YNmgewtRfOqdbYh.exe
Notify-NavLogon - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
AddRemove-SecondLifeViewer - c:\program files\SecondLifeViewer\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-28 12:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-1060284298-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,6d,8a,85,8d,ad,7d,4e,87,d6,5d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,6d,8a,85,8d,ad,7d,4e,87,d6,5d,\
.
[HKEY_USERS\S-1-5-21-343818398-1060284298-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-07-28 13:02:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 20:02
.
Pre-Run: 3,621,253,120 bytes free
Post-Run: 5,320,278,016 bytes free
.
- - End Of File - - E8134DDF512FA7EA0AA1531247174BFE




ok, after the restart, my icons and program lists are back up

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:49 AM

Posted 28 July 2012 - 04:18 PM

Greetings

that removed some junk

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 sierra xb

sierra xb
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 28 July 2012 - 04:56 PM

ok, ran TDSSKiller, no threats detected...here is the log

14:37:19.0000 3980 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:37:19.0562 3980 ============================================================
14:37:19.0562 3980 Current date / time: 2012/07/28 14:37:19.0562
14:37:19.0562 3980 SystemInfo:
14:37:19.0562 3980
14:37:19.0562 3980 OS Version: 5.1.2600 ServicePack: 3.0
14:37:19.0562 3980 Product type: Workstation
14:37:19.0562 3980 ComputerName: DELLGX280
14:37:19.0562 3980 UserName: Administrator
14:37:19.0562 3980 Windows directory: C:\WINDOWS
14:37:19.0562 3980 System windows directory: C:\WINDOWS
14:37:19.0562 3980 Processor architecture: Intel x86
14:37:19.0562 3980 Number of processors: 1
14:37:19.0562 3980 Page size: 0x1000
14:37:19.0562 3980 Boot type: Normal boot
14:37:19.0562 3980 ============================================================
14:37:21.0390 3980 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:37:21.0390 3980 Drive \Device\Harddisk1\DR2 - Size: 0xF4FFE00 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:37:21.0390 3980 ============================================================
14:37:21.0390 3980 \Device\Harddisk0\DR0:
14:37:21.0390 3980 MBR partitions:
14:37:21.0390 3980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
14:37:21.0390 3980 \Device\Harddisk1\DR2:
14:37:21.0390 3980 MBR partitions:
14:37:21.0390 3980 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x6, StartLBA 0x63, BlocksNum 0x7A59D
14:37:21.0390 3980 ============================================================
14:37:21.0437 3980 C: <-> \Device\Harddisk0\DR0\Partition0
14:37:21.0437 3980 ============================================================
14:37:21.0437 3980 Initialize success
14:37:21.0437 3980 ============================================================
14:37:25.0531 2980 ============================================================
14:37:25.0531 2980 Scan started
14:37:25.0531 2980 Mode: Manual;
14:37:25.0531 2980 ============================================================
14:37:26.0734 2980 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:37:26.0734 2980 !SASCORE - ok
14:37:26.0843 2980 Abiosdsk - ok
14:37:26.0843 2980 abp480n5 - ok
14:37:26.0859 2980 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:37:26.0875 2980 ACPI - ok
14:37:26.0890 2980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:37:26.0890 2980 ACPIEC - ok
14:37:26.0906 2980 adpu160m - ok
14:37:26.0937 2980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:37:26.0937 2980 aec - ok
14:37:27.0015 2980 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:37:27.0015 2980 AFD - ok
14:37:27.0015 2980 Aha154x - ok
14:37:27.0031 2980 aic78u2 - ok
14:37:27.0031 2980 aic78xx - ok
14:37:27.0062 2980 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:37:27.0062 2980 Alerter - ok
14:37:27.0078 2980 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:37:27.0093 2980 ALG - ok
14:37:27.0093 2980 AliIde - ok
14:37:27.0109 2980 amsint - ok
14:37:27.0187 2980 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:37:27.0187 2980 AntiVirSchedulerService - ok
14:37:27.0218 2980 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:37:27.0218 2980 AntiVirService - ok
14:37:27.0265 2980 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:37:27.0265 2980 AppMgmt - ok
14:37:27.0265 2980 asc - ok
14:37:27.0281 2980 asc3350p - ok
14:37:27.0281 2980 asc3550 - ok
14:37:27.0359 2980 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:37:27.0375 2980 aspnet_state - ok
14:37:27.0390 2980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:37:27.0390 2980 AsyncMac - ok
14:37:27.0406 2980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:37:27.0406 2980 atapi - ok
14:37:27.0421 2980 Atdisk - ok
14:37:27.0453 2980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:37:27.0453 2980 Atmarpc - ok
14:37:27.0484 2980 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:37:27.0500 2980 AudioSrv - ok
14:37:27.0515 2980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:37:27.0531 2980 audstub - ok
14:37:27.0546 2980 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
14:37:27.0546 2980 avgntflt - ok
14:37:27.0578 2980 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
14:37:27.0593 2980 avipbb - ok
14:37:27.0609 2980 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
14:37:27.0625 2980 avkmgr - ok
14:37:27.0640 2980 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:37:27.0656 2980 b57w2k - ok
14:37:27.0671 2980 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:37:27.0671 2980 Beep - ok
14:37:27.0703 2980 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:37:27.0703 2980 BITS - ok
14:37:27.0734 2980 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:37:27.0734 2980 Browser - ok
14:37:27.0796 2980 catchme - ok
14:37:27.0812 2980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:37:27.0812 2980 cbidf2k - ok
14:37:27.0828 2980 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:37:27.0843 2980 CCDECODE - ok
14:37:27.0843 2980 cd20xrnt - ok
14:37:27.0875 2980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:37:27.0875 2980 Cdaudio - ok
14:37:27.0906 2980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:37:27.0906 2980 Cdfs - ok
14:37:27.0921 2980 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:37:27.0921 2980 Cdrom - ok
14:37:27.0953 2980 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
14:37:27.0953 2980 cercsr6 - ok
14:37:27.0968 2980 Changer - ok
14:37:28.0000 2980 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:37:28.0000 2980 CiSvc - ok
14:37:28.0015 2980 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:37:28.0015 2980 ClipSrv - ok
14:37:28.0078 2980 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:37:28.0093 2980 clr_optimization_v2.0.50727_32 - ok
14:37:28.0140 2980 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:37:28.0156 2980 clr_optimization_v4.0.30319_32 - ok
14:37:28.0156 2980 CmdIde - ok
14:37:28.0171 2980 COMSysApp - ok
14:37:28.0187 2980 Cpqarray - ok
14:37:28.0218 2980 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:37:28.0218 2980 CryptSvc - ok
14:37:28.0218 2980 dac2w2k - ok
14:37:28.0234 2980 dac960nt - ok
14:37:28.0265 2980 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:37:28.0281 2980 DcomLaunch - ok
14:37:28.0312 2980 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:37:28.0312 2980 Dhcp - ok
14:37:28.0328 2980 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:37:28.0328 2980 Disk - ok
14:37:28.0328 2980 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
14:37:28.0343 2980 DLABMFSM - ok
14:37:28.0359 2980 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
14:37:28.0359 2980 DLABOIOM - ok
14:37:28.0375 2980 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:37:28.0375 2980 DLACDBHM - ok
14:37:28.0375 2980 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
14:37:28.0375 2980 DLADResM - ok
14:37:28.0406 2980 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
14:37:28.0406 2980 DLAIFS_M - ok
14:37:28.0421 2980 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
14:37:28.0421 2980 DLAOPIOM - ok
14:37:28.0437 2980 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
14:37:28.0437 2980 DLAPoolM - ok
14:37:28.0453 2980 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
14:37:28.0453 2980 DLARTL_M - ok
14:37:28.0468 2980 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
14:37:28.0468 2980 DLAUDFAM - ok
14:37:28.0484 2980 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
14:37:28.0484 2980 DLAUDF_M - ok
14:37:28.0500 2980 dmadmin - ok
14:37:28.0578 2980 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:37:28.0625 2980 dmboot - ok
14:37:28.0656 2980 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:37:28.0656 2980 dmio - ok
14:37:28.0687 2980 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:37:28.0687 2980 dmload - ok
14:37:28.0703 2980 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:37:28.0718 2980 dmserver - ok
14:37:28.0750 2980 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:37:28.0750 2980 DMusic - ok
14:37:28.0796 2980 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:37:28.0796 2980 Dnscache - ok
14:37:28.0843 2980 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:37:28.0875 2980 Dot3svc - ok
14:37:28.0875 2980 dpti2o - ok
14:37:28.0906 2980 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:37:28.0906 2980 drmkaud - ok
14:37:28.0937 2980 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:37:28.0937 2980 DRVMCDB - ok
14:37:28.0953 2980 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:37:28.0953 2980 DRVNDDM - ok
14:37:28.0984 2980 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:37:28.0984 2980 EapHost - ok
14:37:29.0015 2980 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:37:29.0015 2980 ERSvc - ok
14:37:29.0046 2980 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:37:29.0062 2980 Eventlog - ok
14:37:29.0093 2980 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:37:29.0093 2980 EventSystem - ok
14:37:29.0109 2980 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:37:29.0109 2980 Fastfat - ok
14:37:29.0140 2980 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:37:29.0140 2980 FastUserSwitchingCompatibility - ok
14:37:29.0156 2980 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:37:29.0171 2980 Fdc - ok
14:37:29.0187 2980 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
14:37:29.0187 2980 FilterService - ok
14:37:29.0203 2980 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:37:29.0218 2980 Fips - ok
14:37:29.0218 2980 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:37:29.0234 2980 Flpydisk - ok
14:37:29.0250 2980 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:37:29.0250 2980 FltMgr - ok
14:37:29.0312 2980 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:37:29.0312 2980 FontCache3.0.0.0 - ok
14:37:29.0343 2980 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:37:29.0343 2980 Fs_Rec - ok
14:37:29.0359 2980 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:37:29.0359 2980 Ftdisk - ok
14:37:29.0390 2980 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:37:29.0390 2980 Gpc - ok
14:37:29.0453 2980 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:37:29.0453 2980 gupdate - ok
14:37:29.0453 2980 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:37:29.0453 2980 gupdatem - ok
14:37:29.0515 2980 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:37:29.0515 2980 helpsvc - ok
14:37:29.0546 2980 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
14:37:29.0546 2980 HidServ - ok
14:37:29.0578 2980 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:37:29.0578 2980 hidusb - ok
14:37:29.0609 2980 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:37:29.0625 2980 hkmsvc - ok
14:37:29.0625 2980 hpn - ok
14:37:29.0687 2980 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:37:29.0687 2980 HTTP - ok
14:37:29.0703 2980 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:37:29.0718 2980 HTTPFilter - ok
14:37:29.0718 2980 i2omgmt - ok
14:37:29.0734 2980 i2omp - ok
14:37:29.0750 2980 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
14:37:29.0765 2980 i8042prt - ok
14:37:29.0843 2980 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:37:29.0906 2980 ialm - ok
14:37:30.0015 2980 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:37:30.0125 2980 idsvc - ok
14:37:30.0218 2980 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:37:30.0234 2980 Imapi - ok
14:37:30.0265 2980 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:37:30.0281 2980 ImapiService - ok
14:37:30.0296 2980 ini910u - ok
14:37:30.0312 2980 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:37:30.0312 2980 IntelIde - ok
14:37:30.0343 2980 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:37:30.0343 2980 intelppm - ok
14:37:30.0359 2980 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:37:30.0359 2980 Ip6Fw - ok
14:37:30.0375 2980 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:37:30.0390 2980 IpInIp - ok
14:37:30.0406 2980 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:37:30.0406 2980 IpNat - ok
14:37:30.0421 2980 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:37:30.0421 2980 IPSec - ok
14:37:30.0437 2980 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:37:30.0453 2980 IRENUM - ok
14:37:30.0484 2980 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:37:30.0484 2980 isapnp - ok
14:37:30.0531 2980 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
14:37:30.0531 2980 JavaQuickStarterService - ok
14:37:30.0546 2980 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:37:30.0546 2980 Kbdclass - ok
14:37:30.0562 2980 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:37:30.0578 2980 kbdhid - ok
14:37:30.0609 2980 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:37:30.0625 2980 kmixer - ok
14:37:30.0656 2980 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:37:30.0656 2980 KSecDD - ok
14:37:30.0671 2980 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:37:30.0671 2980 lanmanserver - ok
14:37:30.0703 2980 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:37:30.0718 2980 lanmanworkstation - ok
14:37:30.0718 2980 lbrtfdc - ok
14:37:30.0890 2980 LiveUpdate (e34152d03caaaaa81dd66d803f392522) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
14:37:31.0015 2980 LiveUpdate - ok
14:37:31.0140 2980 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:37:31.0140 2980 LmHosts - ok
14:37:31.0187 2980 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
14:37:31.0203 2980 lvpopflt - ok
14:37:31.0265 2980 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
14:37:31.0265 2980 LVPr2Mon - ok
14:37:31.0312 2980 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
14:37:31.0312 2980 LVPrcSrv - ok
14:37:31.0343 2980 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
14:37:31.0359 2980 LVRS - ok
14:37:31.0625 2980 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
14:37:31.0687 2980 LVUVC - ok
14:37:31.0828 2980 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:37:31.0828 2980 Messenger - ok
14:37:31.0906 2980 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:37:31.0921 2980 Microsoft Office Groove Audit Service - ok
14:37:31.0953 2980 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:37:31.0968 2980 mnmdd - ok
14:37:31.0984 2980 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:37:32.0000 2980 mnmsrvc - ok
14:37:32.0015 2980 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:37:32.0031 2980 Modem - ok
14:37:32.0031 2980 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:37:32.0046 2980 Mouclass - ok
14:37:32.0062 2980 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:37:32.0062 2980 mouhid - ok
14:37:32.0093 2980 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:37:32.0093 2980 MountMgr - ok
14:37:32.0093 2980 mraid35x - ok
14:37:32.0109 2980 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:37:32.0125 2980 MRxDAV - ok
14:37:32.0171 2980 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:37:32.0187 2980 MRxSmb - ok
14:37:32.0203 2980 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:37:32.0203 2980 MSDTC - ok
14:37:32.0265 2980 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:37:32.0265 2980 Msfs - ok
14:37:32.0281 2980 MSIServer - ok
14:37:32.0312 2980 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:37:32.0312 2980 MSKSSRV - ok
14:37:32.0328 2980 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:37:32.0328 2980 MSPCLOCK - ok
14:37:32.0343 2980 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:37:32.0343 2980 MSPQM - ok
14:37:32.0375 2980 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:37:32.0375 2980 mssmbios - ok
14:37:32.0390 2980 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:37:32.0406 2980 MSTEE - ok
14:37:32.0468 2980 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:37:32.0468 2980 Mup - ok
14:37:32.0500 2980 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:37:32.0515 2980 NABTSFEC - ok
14:37:32.0562 2980 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:37:32.0609 2980 napagent - ok
14:37:32.0656 2980 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:37:32.0656 2980 NDIS - ok
14:37:32.0671 2980 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:37:32.0687 2980 NdisIP - ok
14:37:32.0718 2980 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:37:32.0718 2980 NdisTapi - ok
14:37:32.0765 2980 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:37:32.0781 2980 Ndisuio - ok
14:37:32.0796 2980 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:37:32.0812 2980 NdisWan - ok
14:37:32.0828 2980 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:37:32.0828 2980 NDProxy - ok
14:37:32.0828 2980 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:37:32.0843 2980 NetBIOS - ok
14:37:32.0875 2980 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:37:32.0890 2980 NetBT - ok
14:37:32.0921 2980 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:37:32.0937 2980 NetDDE - ok
14:37:32.0937 2980 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:37:32.0937 2980 NetDDEdsdm - ok
14:37:32.0968 2980 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:37:32.0968 2980 Netlogon - ok
14:37:33.0000 2980 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:37:33.0015 2980 Netman - ok
14:37:33.0062 2980 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:37:33.0093 2980 NetTcpPortSharing - ok
14:37:33.0125 2980 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:37:33.0125 2980 Nla - ok
14:37:33.0140 2980 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:37:33.0140 2980 Npfs - ok
14:37:33.0203 2980 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:37:33.0203 2980 Ntfs - ok
14:37:33.0203 2980 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:37:33.0203 2980 NtLmSsp - ok
14:37:33.0265 2980 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:37:33.0265 2980 NtmsSvc - ok
14:37:33.0312 2980 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:37:33.0312 2980 Null - ok
14:37:33.0843 2980 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:37:34.0171 2980 nv - ok
14:37:34.0312 2980 NVSvc (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe
14:37:34.0312 2980 NVSvc - ok
14:37:34.0593 2980 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
14:37:34.0640 2980 nvUpdatusService - ok
14:37:34.0796 2980 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:37:34.0796 2980 NwlnkFlt - ok
14:37:34.0828 2980 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:37:34.0828 2980 NwlnkFwd - ok
14:37:34.0968 2980 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:37:35.0062 2980 odserv - ok
14:37:35.0109 2980 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:37:35.0140 2980 ose - ok
14:37:35.0187 2980 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:37:35.0203 2980 Parport - ok
14:37:35.0218 2980 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:37:35.0218 2980 PartMgr - ok
14:37:35.0250 2980 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:37:35.0250 2980 ParVdm - ok
14:37:35.0265 2980 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:37:35.0265 2980 PCI - ok
14:37:35.0281 2980 PCIDump - ok
14:37:35.0296 2980 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
14:37:35.0296 2980 PCIIde - ok
14:37:35.0343 2980 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:37:35.0359 2980 Pcmcia - ok
14:37:35.0359 2980 PDCOMP - ok
14:37:35.0375 2980 PDFRAME - ok
14:37:35.0375 2980 PDRELI - ok
14:37:35.0390 2980 PDRFRAME - ok
14:37:35.0390 2980 perc2 - ok
14:37:35.0406 2980 perc2hib - ok
14:37:35.0468 2980 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:37:35.0468 2980 PlugPlay - ok
14:37:35.0484 2980 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:37:35.0484 2980 PolicyAgent - ok
14:37:35.0500 2980 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:37:35.0515 2980 PptpMiniport - ok
14:37:35.0515 2980 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:37:35.0515 2980 ProtectedStorage - ok
14:37:35.0531 2980 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:37:35.0546 2980 PSched - ok
14:37:35.0562 2980 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:37:35.0578 2980 Ptilink - ok
14:37:35.0593 2980 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:37:35.0593 2980 PxHelp20 - ok
14:37:35.0593 2980 ql1080 - ok
14:37:35.0609 2980 Ql10wnt - ok
14:37:35.0609 2980 ql12160 - ok
14:37:35.0625 2980 ql1240 - ok
14:37:35.0625 2980 ql1280 - ok
14:37:35.0640 2980 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:37:35.0640 2980 RasAcd - ok
14:37:35.0671 2980 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:37:35.0687 2980 RasAuto - ok
14:37:35.0718 2980 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:37:35.0718 2980 Rasl2tp - ok
14:37:35.0750 2980 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:37:35.0750 2980 RasMan - ok
14:37:35.0765 2980 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:37:35.0781 2980 RasPppoe - ok
14:37:35.0796 2980 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:37:35.0796 2980 Raspti - ok
14:37:35.0812 2980 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:37:35.0812 2980 Rdbss - ok
14:37:35.0828 2980 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:37:35.0843 2980 RDPCDD - ok
14:37:35.0859 2980 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:37:35.0890 2980 rdpdr - ok
14:37:35.0921 2980 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
14:37:35.0921 2980 RDPWD - ok
14:37:35.0953 2980 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:37:35.0984 2980 RDSessMgr - ok
14:37:36.0000 2980 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:37:36.0015 2980 redbook - ok
14:37:36.0046 2980 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:37:36.0062 2980 RemoteAccess - ok
14:37:36.0078 2980 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:37:36.0078 2980 RemoteRegistry - ok
14:37:36.0109 2980 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:37:36.0125 2980 RpcLocator - ok
14:37:36.0156 2980 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:37:36.0156 2980 RpcSs - ok
14:37:36.0203 2980 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:37:36.0203 2980 RSVP - ok
14:37:36.0234 2980 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:37:36.0234 2980 SamSs - ok
14:37:36.0296 2980 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:37:36.0312 2980 SASDIFSV - ok
14:37:36.0328 2980 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:37:36.0343 2980 SASKUTIL - ok
14:37:36.0406 2980 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:37:36.0421 2980 SCardSvr - ok
14:37:36.0453 2980 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:37:36.0468 2980 Schedule - ok
14:37:36.0484 2980 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:37:36.0500 2980 Secdrv - ok
14:37:36.0515 2980 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:37:36.0515 2980 seclogon - ok
14:37:36.0562 2980 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
14:37:36.0625 2980 senfilt - ok
14:37:36.0640 2980 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:37:36.0656 2980 SENS - ok
14:37:36.0671 2980 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:37:36.0671 2980 serenum - ok
14:37:36.0687 2980 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:37:36.0687 2980 Serial - ok
14:37:36.0718 2980 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:37:36.0734 2980 Sfloppy - ok
14:37:36.0765 2980 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:37:36.0781 2980 SharedAccess - ok
14:37:36.0796 2980 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:37:36.0812 2980 ShellHWDetection - ok
14:37:36.0812 2980 Simbad - ok
14:37:36.0843 2980 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:37:36.0843 2980 SLIP - ok
14:37:36.0890 2980 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
14:37:36.0921 2980 smwdm - ok
14:37:36.0921 2980 Sparrow - ok
14:37:36.0937 2980 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:37:36.0953 2980 splitter - ok
14:37:36.0968 2980 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:37:36.0968 2980 Spooler - ok
14:37:37.0000 2980 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:37:37.0000 2980 sr - ok
14:37:37.0031 2980 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:37:37.0031 2980 srservice - ok
14:37:37.0109 2980 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:37:37.0125 2980 Srv - ok
14:37:37.0156 2980 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:37:37.0156 2980 SSDPSRV - ok
14:37:37.0187 2980 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:37:37.0203 2980 ssmdrv - ok
14:37:37.0265 2980 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:37:37.0265 2980 stisvc - ok
14:37:37.0328 2980 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:37:37.0343 2980 stllssvr - ok
14:37:37.0390 2980 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:37:37.0406 2980 streamip - ok
14:37:37.0437 2980 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:37:37.0437 2980 swenum - ok
14:37:37.0468 2980 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:37:37.0468 2980 swmidi - ok
14:37:37.0484 2980 SwPrv - ok
14:37:37.0484 2980 symc810 - ok
14:37:37.0500 2980 symc8xx - ok
14:37:37.0500 2980 sym_hi - ok
14:37:37.0515 2980 sym_u3 - ok
14:37:37.0531 2980 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:37:37.0546 2980 sysaudio - ok
14:37:37.0562 2980 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:37:37.0578 2980 SysmonLog - ok
14:37:37.0609 2980 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:37:37.0625 2980 TapiSrv - ok
14:37:37.0656 2980 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:37:37.0656 2980 Tcpip - ok
14:37:37.0687 2980 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:37:37.0687 2980 TDPIPE - ok
14:37:37.0703 2980 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:37:37.0718 2980 TDTCP - ok
14:37:37.0734 2980 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:37:37.0734 2980 TermDD - ok
14:37:37.0781 2980 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:37:37.0781 2980 TermService - ok
14:37:37.0812 2980 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:37:37.0812 2980 Themes - ok
14:37:37.0828 2980 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
14:37:37.0843 2980 TlntSvr - ok
14:37:37.0859 2980 TosIde - ok
14:37:37.0890 2980 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:37:37.0890 2980 TrkWks - ok
14:37:37.0937 2980 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:37:37.0937 2980 Udfs - ok
14:37:37.0953 2980 ultra - ok
14:37:38.0000 2980 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:37:38.0031 2980 Update - ok
14:37:38.0062 2980 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:37:38.0062 2980 upnphost - ok
14:37:38.0078 2980 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:37:38.0078 2980 UPS - ok
14:37:38.0109 2980 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:37:38.0125 2980 usbaudio - ok
14:37:38.0140 2980 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:37:38.0140 2980 usbccgp - ok
14:37:38.0156 2980 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:37:38.0156 2980 usbehci - ok
14:37:38.0187 2980 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:37:38.0187 2980 usbhub - ok
14:37:38.0218 2980 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:37:38.0218 2980 usbscan - ok
14:37:38.0234 2980 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:37:38.0250 2980 USBSTOR - ok
14:37:38.0265 2980 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:37:38.0265 2980 usbuhci - ok
14:37:38.0296 2980 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
14:37:38.0312 2980 usbvideo - ok
14:37:38.0343 2980 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:37:38.0343 2980 VgaSave - ok
14:37:38.0359 2980 ViaIde - ok
14:37:38.0375 2980 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:37:38.0390 2980 VolSnap - ok
14:37:38.0421 2980 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:37:38.0437 2980 VSS - ok
14:37:38.0468 2980 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:37:38.0468 2980 W32Time - ok
14:37:38.0500 2980 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:37:38.0500 2980 Wanarp - ok
14:37:38.0515 2980 WDICA - ok
14:37:38.0546 2980 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:37:38.0562 2980 wdmaud - ok
14:37:38.0593 2980 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:37:38.0609 2980 WebClient - ok
14:37:38.0656 2980 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:37:38.0671 2980 winmgmt - ok
14:37:38.0750 2980 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
14:37:38.0828 2980 WinRM - ok
14:37:38.0875 2980 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:37:38.0875 2980 WmdmPmSN - ok
14:37:38.0921 2980 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:37:38.0937 2980 Wmi - ok
14:37:38.0984 2980 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:37:39.0015 2980 WmiApSrv - ok
14:37:39.0109 2980 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:37:39.0203 2980 WMPNetworkSvc - ok
14:37:39.0250 2980 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:37:39.0250 2980 WpdUsb - ok
14:37:39.0359 2980 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:37:39.0421 2980 WPFFontCache_v0400 - ok
14:37:39.0437 2980 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:37:39.0453 2980 WS2IFSL - ok
14:37:39.0468 2980 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:37:39.0484 2980 wscsvc - ok
14:37:39.0484 2980 WSearch - ok
14:37:39.0515 2980 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:37:39.0515 2980 WSTCODEC - ok
14:37:39.0546 2980 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:37:39.0546 2980 wuauserv - ok
14:37:39.0578 2980 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:37:39.0578 2980 WudfPf - ok
14:37:39.0593 2980 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:37:39.0609 2980 WudfRd - ok
14:37:39.0625 2980 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:37:39.0640 2980 WudfSvc - ok
14:37:39.0687 2980 WUSB54GPV4SRV (70aeec67e87a2002e6b2cc353d56e222) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
14:37:39.0718 2980 WUSB54GPV4SRV - ok
14:37:39.0765 2980 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:37:39.0781 2980 WZCSVC - ok
14:37:39.0828 2980 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:37:39.0828 2980 xmlprov - ok
14:37:39.0984 2980 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:37:39.0984 2980 YahooAUService - ok
14:37:40.0046 2980 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:37:40.0437 2980 \Device\Harddisk0\DR0 - ok
14:37:40.0453 2980 MBR (0x1B8) (fe3aef5dee52f7de9c622ec12e92058e) \Device\Harddisk1\DR2
14:37:40.0484 2980 \Device\Harddisk1\DR2 - ok
14:37:40.0484 2980 Boot (0x1200) (8dd7d47e8a9b8dbd23a5e4ecf52cb103) \Device\Harddisk0\DR0\Partition0
14:37:40.0484 2980 \Device\Harddisk0\DR0\Partition0 - ok
14:37:40.0500 2980 Boot (0x1200) (710e98b9b2b214e582fbd318d756c479) \Device\Harddisk1\DR2\Partition0
14:37:40.0500 2980 \Device\Harddisk1\DR2\Partition0 - ok
14:37:40.0500 2980 ============================================================
14:37:40.0500 2980 Scan finished
14:37:40.0500 2980 ============================================================
14:37:40.0515 3592 Detected object count: 0
14:37:40.0515 3592 Actual detected object count: 0



ran aswMBR, here is the log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-28 14:39:43
-----------------------------
14:39:43.562 OS Version: Windows 5.1.2600 Service Pack 3
14:39:43.562 Number of processors: 1 586 0x401
14:39:43.562 ComputerName: DELLGX280 UserName:
14:39:44.109 Initialize success
14:43:21.468 AVAST engine defs: 12072801
14:44:04.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
14:44:04.859 Disk 0 Vendor: ST340014AS 8.12 Size: 38146MB BusType: 3
14:44:04.875 Disk 0 MBR read successfully
14:44:04.875 Disk 0 MBR scan
14:44:04.906 Disk 0 Windows XP default MBR code
14:44:04.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38138 MB offset 63
14:44:04.921 Disk 0 scanning sectors +78108030
14:44:05.000 Disk 0 scanning C:\WINDOWS\system32\drivers
14:44:17.765 Service scanning
14:44:42.468 Modules scanning
14:44:51.265 Disk 0 trace - called modules:
14:44:51.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
14:44:51.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad5bab8]
14:44:51.796 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8ad78d98]
14:44:52.250 AVAST engine scan C:\WINDOWS
14:45:08.234 AVAST engine scan C:\WINDOWS\system32
14:50:04.046 AVAST engine scan C:\WINDOWS\system32\drivers
14:50:21.625 AVAST engine scan C:\Documents and Settings\Administrator
14:53:34.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\MBR.dat"
14:53:34.531 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\aswMBR.txt"
14:54:11.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\MBR.dat"
14:54:11.812 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\aswMBR.txt"
14:55:46.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\repair logs\MBR.dat"
14:55:46.281 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\repair logs\aswMBR.txt"

#9 sierra xb

sierra xb
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 28 July 2012 - 05:11 PM

oops..ignore the asw log, it isnt done scanning apparently...will add the completed log when it is finished

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:49 AM

Posted 28 July 2012 - 05:13 PM

Greetings sierra xb


The next thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sierra xb

sierra xb
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 28 July 2012 - 08:00 PM

this is the combofix log...

ComboFix 12-07-27.03 - Administrator 07/28/2012 17:32:24.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2604 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-16 00:43 . 2012-07-16 00:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2012-07-16 00:37 . 2012-04-27 17:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-16 00:37 . 2012-04-25 07:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-16 00:37 . 2012-04-17 04:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-16 00:37 . 2012-07-16 00:37 -------- d-----w- c:\program files\Avira
2012-07-16 00:37 . 2012-07-16 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 15:08 . 2012-04-05 02:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 15:08 . 2011-06-13 23:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2011-07-31 22:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2004-08-04 10:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 10:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2004-09-17 12:12 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2004-09-17 12:12 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2004-09-17 12:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2004-09-17 12:12 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2004-09-17 12:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2004-08-04 10:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2004-09-17 12:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2004-09-17 12:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2008-12-18 00:07 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2008-12-18 00:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 22:18 . 2008-10-16 22:07 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-03-30 01:23 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-09-17 12:10 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-28_19.32.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-29 00:46 . 2012-07-29 00:46 16384 c:\windows\Temp\Perflib_Perfdata_74.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
setup_9.0.0.722_07.06.2011_00-58.lnk - c:\documents and settings\Administrator\Desktop\new repair tools\Virus Removal Tool\setup_9.0.0.722_07.06.2011_00-58\startup.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-02 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 02:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 22:46 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 22:50 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 22:49 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 11:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-21 00:23 118784 -c----w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 22:42 1404928 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 18:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [7/15/2012 5:37 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 11:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 10:54 AM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/15/2012 5:37 PM 86224]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2/20/2012 10:58 AM 2253120]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2010 10:29 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2010 10:29 AM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-1060284298-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-01 23:16]
.
2012-07-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-1060284298-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-01 23:16]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 17:29]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 17:29]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1060284298-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-14 23:44]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1060284298-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-14 23:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.6.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-28 17:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-1060284298-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,6d,8a,85,8d,ad,7d,4e,87,d6,5d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,6d,8a,85,8d,ad,7d,4e,87,d6,5d,\
.
[HKEY_USERS\S-1-5-21-343818398-1060284298-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4072)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2012-07-28 17:55:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-29 00:55
ComboFix2.txt 2012-07-28 20:02
.
Pre-Run: 5,223,780,352 bytes free
Post-Run: 5,263,949,824 bytes free
.
- - End Of File - - 70E61D1A1123764A0D307AF8BA84FBC4


after the restart, avira again detected TR/Trash.Gen, whicj had been previously quarantined before


other than that, the computer seems to be running ok, although a tad slower than usual

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:49 AM

Posted 28 July 2012 - 08:38 PM

after the restart, avira again detected TR/Trash.Gen, whicj had been previously quarantined before
I need to know the location


Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 20 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sierra xb

sierra xb
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 28 July 2012 - 09:58 PM

removed java 6
installed new version of java
ran ccleaner
ran MBAM, here is the log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: DELLGX280 [administrator]

7/28/2012 7:26:45 PM
mbam-log-2012-07-28 (19-26-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225582
Time elapsed: 7 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ran hijackthis, here is the log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:45:31 PM, on 7/28/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-343818398-1060284298-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-343818398-1060284298-725345543-1003\..\RunOnce: [spchecker] "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe" (User '?')
O4 - HKUS\S-1-5-21-343818398-1060284298-725345543-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'UpdatusUser')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: setup_9.0.0.722_07.06.2011_00-58.lnk = C:\Documents and Settings\Administrator\Desktop\new repair tools\Virus Removal Tool\setup_9.0.0.722_07.06.2011_00-58\startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1095424038890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229558819250
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9189 bytes


i found the location of the viruses that keep showing up...

TR/Trash.Gen is in
C:\Windows\Temp\logishrd\LVPrcInj01.dll

TR/Tibs.IT.212 is in
C:\System volume Information\-restore{1D1A2E80-0109-4BDE-9E88-983896FAB919}\RP360\A0071284.exe

a new one, TR/ZAccess.H is in
C:\Windows\Installer\{40c-924e7-3aea-aab0-255b-09253ab216f1}\L\00000004.@

computer itself seems to be running ok, but these TR things keep popping up even after quarantine

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:49 AM

Posted 28 July 2012 - 10:03 PM

Greetings

1st one false possitive because of location

2nd one is in system restore so no problem

3rd we need to remove


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\Windows\Installer\{40c-924e7-3aea-aab0-255b-09253ab216f1}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 sierra xb

sierra xb
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 28 July 2012 - 11:48 PM

ran the new script...here is the combofix log...

ComboFix 12-07-27.03 - Administrator 07/28/2012 21:31:11.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2508 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 02:22 . 2012-07-29 02:22 -------- d-----w- c:\program files\CCleaner
2012-07-29 02:19 . 2012-07-29 02:19 -------- d-----w- c:\program files\Common Files\Java
2012-07-29 02:19 . 2012-07-29 02:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Oracle
2012-07-29 02:19 . 2012-07-06 05:07 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-29 02:19 . 2012-07-06 05:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-29 02:18 . 2012-07-29 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-07-16 00:43 . 2012-07-16 00:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2012-07-16 00:37 . 2012-04-27 17:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-16 00:37 . 2012-04-25 07:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-16 00:37 . 2012-04-17 04:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-16 00:37 . 2012-07-16 00:37 -------- d-----w- c:\program files\Avira
2012-07-16 00:37 . 2012-07-16 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 15:08 . 2012-04-05 02:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 15:08 . 2011-06-13 23:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2011-07-31 22:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2004-08-04 10:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 10:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2004-09-17 12:12 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2004-09-17 12:12 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2004-09-17 12:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2004-09-17 12:12 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2004-09-17 12:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2004-08-04 10:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2004-09-17 12:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2004-09-17 12:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2008-12-18 00:07 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2008-12-18 00:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 22:18 . 2008-10-16 22:07 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-03-30 01:23 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-09-17 12:10 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-28_19.32.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-29 02:19 . 2012-07-29 02:19 16384 c:\windows\Temp\Perflib_Perfdata_ae0.dat
+ 2012-07-29 02:19 . 2012-07-06 05:06 227760 c:\windows\system32\javaws.exe
+ 2012-07-29 02:18 . 2012-07-29 02:18 174064 c:\windows\system32\javaw.exe
+ 2012-07-29 02:18 . 2012-07-29 02:18 174064 c:\windows\system32\java.exe
+ 2008-12-18 01:22 . 2012-07-29 02:22 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2012-07-29 02:19 . 2012-07-29 02:19 176128 c:\windows\Installer\502855.msi
+ 2012-07-29 02:19 . 2012-07-29 02:19 457216 c:\windows\Installer\502847.msi
+ 2012-07-29 02:18 . 2012-07-29 02:18 863744 c:\windows\Installer\502843.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
setup_9.0.0.722_07.06.2011_00-58.lnk - c:\documents and settings\Administrator\Desktop\new repair tools\Virus Removal Tool\setup_9.0.0.722_07.06.2011_00-58\startup.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-02 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 02:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 22:46 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 22:50 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 22:49 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 11:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-21 00:23 118784 -c----w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 22:42 1404928 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 18:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [7/15/2012 5:37 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 11:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 10:54 AM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/15/2012 5:37 PM 86224]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2/20/2012 10:58 AM 2253120]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2010 10:29 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2010 10:29 AM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-1060284298-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-01 23:16]
.
2012-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-1060284298-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-01 23:16]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 17:29]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 17:29]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1060284298-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-14 23:44]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1060284298-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-14 23:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.6.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-28 21:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-1060284298-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,6d,8a,85,8d,ad,7d,4e,87,d6,5d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,6d,8a,85,8d,ad,7d,4e,87,d6,5d,\
.
[HKEY_USERS\S-1-5-21-343818398-1060284298-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1920)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-07-28 21:40:28
ComboFix-quarantined-files.txt 2012-07-29 04:40
ComboFix2.txt 2012-07-29 00:55
ComboFix3.txt 2012-07-28 20:02
.
Pre-Run: 7,143,333,888 bytes free
Post-Run: 7,129,702,400 bytes free
.
- - End Of File - - 855D3CDF478FA765C7678215CC9135BB


so far everything seems to be ok. Am shutting down the computer for the night, i'll restart in the morning and see how things are going...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users