Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware pop ups


  • This topic is locked This topic is locked
78 replies to this topic

#1 Jo2hearts

Jo2hearts

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 AM

Posted 27 July 2012 - 12:37 PM

Hi. I keep getting a pop message saying "blocked access to a potentially malicious website. ###.###.###.# outgoing." I ran avg, microsoft essentials,malwarebytes, and combofix. Can someone look at my log and tell me what I should do? Thank you very much.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:21 AM

Posted 28 July 2012 - 12:42 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Jo2hearts

Jo2hearts
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 AM

Posted 28 July 2012 - 11:26 PM

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2012
AVG PC Tuneup 2011
AVG 2012
Microsoft Security Essentials
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
AVG PC Tuneup 2011
Java™ 6 Update 31
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of Date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
User My Documents Downloads Antivirus\SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````


Thank you

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:21 AM

Posted 28 July 2012 - 11:33 PM

let me have the other two reports when ready please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Jo2hearts

Jo2hearts
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 AM

Posted 28 July 2012 - 11:41 PM

I appreciate your help. Here is the tdss. I am doing the asw now.

00:31:56.0765 10052 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
00:31:57.0015 10052 ============================================================
00:31:57.0015 10052 Current date / time: 2012/07/29 00:31:57.0015
00:31:57.0015 10052 SystemInfo:
00:31:57.0015 10052
00:31:57.0015 10052 OS Version: 5.1.2600 ServicePack: 3.0
00:31:57.0015 10052 Product type: Workstation
00:31:57.0015 10052 ComputerName: USER-BB5026FE16
00:31:57.0015 10052 UserName: User
00:31:57.0015 10052 Windows directory: C:\WINDOWS
00:31:57.0015 10052 System windows directory: C:\WINDOWS
00:31:57.0015 10052 Processor architecture: Intel x86
00:31:57.0015 10052 Number of processors: 1
00:31:57.0015 10052 Page size: 0x1000
00:31:57.0015 10052 Boot type: Normal boot
00:31:57.0015 10052 ============================================================
00:32:00.0500 10052 Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:32:00.0500 10052 ============================================================
00:32:00.0500 10052 \Device\Harddisk0\DR0:
00:32:00.0500 10052 MBR partitions:
00:32:00.0500 10052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
00:32:00.0500 10052 ============================================================
00:32:00.0593 10052 C: <-> \Device\Harddisk0\DR0\Partition0
00:32:00.0593 10052 ============================================================
00:32:00.0593 10052 Initialize success
00:32:00.0593 10052 ============================================================
00:32:02.0156 9788 ============================================================
00:32:02.0156 9788 Scan started
00:32:02.0156 9788 Mode: Manual;
00:32:02.0156 9788 ============================================================
00:32:03.0781 9788 Abiosdsk - ok
00:32:03.0781 9788 abp480n5 - ok
00:32:03.0828 9788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:32:03.0921 9788 ACPI - ok
00:32:04.0000 9788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:32:04.0109 9788 ACPIEC - ok
00:32:04.0750 9788 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:32:04.0828 9788 AdobeFlashPlayerUpdateSvc - ok
00:32:04.0843 9788 adpu160m - ok
00:32:05.0375 9788 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
00:32:05.0687 9788 AdvancedSystemCareService5 - ok
00:32:05.0703 9788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:32:05.0750 9788 aec - ok
00:32:05.0875 9788 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:32:06.0218 9788 AFD - ok
00:32:06.0218 9788 Aha154x - ok
00:32:06.0234 9788 aic78u2 - ok
00:32:06.0250 9788 aic78xx - ok
00:32:06.0296 9788 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:32:06.0375 9788 Alerter - ok
00:32:06.0390 9788 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:32:06.0390 9788 ALG - ok
00:32:06.0406 9788 AliIde - ok
00:32:06.0406 9788 amsint - ok
00:32:06.0421 9788 AppMgmt - ok
00:32:06.0421 9788 asc - ok
00:32:06.0437 9788 asc3350p - ok
00:32:06.0453 9788 asc3550 - ok
00:32:06.0546 9788 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:32:06.0640 9788 aspnet_state - ok
00:32:06.0781 9788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:32:06.0843 9788 AsyncMac - ok
00:32:06.0890 9788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:32:06.0890 9788 atapi - ok
00:32:06.0906 9788 Atdisk - ok
00:32:07.0046 9788 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
00:32:07.0062 9788 Ati HotKey Poller - ok
00:32:07.0156 9788 ATI Smart (1a73f763dfad0ca36dbb45bbe1ab66e5) C:\WINDOWS\system32\ati2sgag.exe
00:32:07.0687 9788 ATI Smart - ok
00:32:07.0843 9788 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:32:07.0953 9788 ati2mtag - ok
00:32:07.0984 9788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:32:08.0046 9788 Atmarpc - ok
00:32:08.0093 9788 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:32:08.0125 9788 AudioSrv - ok
00:32:08.0171 9788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:32:08.0218 9788 audstub - ok
00:32:08.0671 9788 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
00:32:08.0875 9788 AVGIDSAgent - ok
00:32:09.0140 9788 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
00:32:09.0187 9788 AVGIDSDriver - ok
00:32:09.0203 9788 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
00:32:09.0203 9788 AVGIDSFilter - ok
00:32:09.0218 9788 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
00:32:09.0234 9788 AVGIDSHX - ok
00:32:09.0250 9788 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
00:32:09.0265 9788 AVGIDSShim - ok
00:32:09.0296 9788 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
00:32:09.0312 9788 Avgldx86 - ok
00:32:09.0328 9788 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
00:32:09.0343 9788 Avgmfx86 - ok
00:32:09.0359 9788 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
00:32:09.0359 9788 Avgrkx86 - ok
00:32:09.0390 9788 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
00:32:09.0406 9788 Avgtdix - ok
00:32:09.0546 9788 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
00:32:09.0562 9788 avgwd - ok
00:32:09.0609 9788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:32:09.0656 9788 Beep - ok
00:32:09.0828 9788 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:32:09.0890 9788 BITS - ok
00:32:09.0921 9788 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:32:09.0921 9788 Browser - ok
00:32:10.0015 9788 catchme - ok
00:32:10.0046 9788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:32:10.0062 9788 cbidf2k - ok
00:32:10.0109 9788 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:32:10.0140 9788 CCDECODE - ok
00:32:10.0140 9788 cd20xrnt - ok
00:32:10.0187 9788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:32:10.0234 9788 Cdaudio - ok
00:32:10.0281 9788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:32:10.0296 9788 Cdfs - ok
00:32:10.0312 9788 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:32:10.0328 9788 Cdrom - ok
00:32:10.0343 9788 Changer - ok
00:32:10.0375 9788 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:32:10.0390 9788 CiSvc - ok
00:32:10.0421 9788 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:32:10.0453 9788 ClipSrv - ok
00:32:10.0546 9788 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:32:10.0593 9788 clr_optimization_v2.0.50727_32 - ok
00:32:10.0593 9788 CmdIde - ok
00:32:10.0593 9788 COMSysApp - ok
00:32:10.0609 9788 Cpqarray - ok
00:32:10.0656 9788 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE
00:32:10.0656 9788 Creative Service for CDROM Access - ok
00:32:10.0703 9788 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:32:10.0734 9788 CryptSvc - ok
00:32:10.0765 9788 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
00:32:10.0843 9788 ctsfm2k - ok
00:32:10.0859 9788 dac2w2k - ok
00:32:10.0859 9788 dac960nt - ok
00:32:10.0921 9788 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:32:10.0968 9788 DcomLaunch - ok
00:32:11.0015 9788 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:32:11.0031 9788 Dhcp - ok
00:32:11.0046 9788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:32:11.0062 9788 Disk - ok
00:32:11.0062 9788 dmadmin - ok
00:32:11.0140 9788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:32:11.0343 9788 dmboot - ok
00:32:11.0375 9788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:32:11.0375 9788 dmio - ok
00:32:11.0406 9788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:32:11.0406 9788 dmload - ok
00:32:11.0437 9788 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:32:11.0468 9788 dmserver - ok
00:32:11.0500 9788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:32:11.0515 9788 DMusic - ok
00:32:11.0562 9788 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:32:11.0562 9788 Dnscache - ok
00:32:11.0593 9788 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:32:11.0593 9788 Dot3svc - ok
00:32:11.0609 9788 dpti2o - ok
00:32:11.0609 9788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:32:11.0609 9788 drmkaud - ok
00:32:11.0656 9788 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
00:32:11.0859 9788 drvmcdb - ok
00:32:11.0875 9788 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
00:32:12.0062 9788 drvnddm - ok
00:32:12.0109 9788 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:32:12.0156 9788 E100B - ok
00:32:12.0187 9788 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:32:12.0203 9788 EapHost - ok
00:32:12.0234 9788 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:32:12.0234 9788 ERSvc - ok
00:32:12.0281 9788 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:32:12.0281 9788 Eventlog - ok
00:32:12.0343 9788 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:32:12.0390 9788 EventSystem - ok
00:32:12.0437 9788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:32:12.0484 9788 Fastfat - ok
00:32:12.0515 9788 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:32:12.0562 9788 FastUserSwitchingCompatibility - ok
00:32:12.0578 9788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:32:12.0593 9788 Fdc - ok
00:32:12.0609 9788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:32:12.0625 9788 Fips - ok
00:32:12.0640 9788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:32:12.0656 9788 Flpydisk - ok
00:32:12.0671 9788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:32:12.0687 9788 FltMgr - ok
00:32:12.0781 9788 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:32:12.0796 9788 FontCache3.0.0.0 - ok
00:32:12.0828 9788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:32:12.0828 9788 Fs_Rec - ok
00:32:12.0843 9788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:32:12.0875 9788 Ftdisk - ok
00:32:12.0890 9788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:32:12.0921 9788 Gpc - ok
00:32:12.0953 9788 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:32:12.0984 9788 helpsvc - ok
00:32:12.0984 9788 HidServ - ok
00:32:13.0046 9788 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:32:13.0062 9788 HidUsb - ok
00:32:13.0109 9788 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:32:13.0140 9788 hkmsvc - ok
00:32:13.0140 9788 hpn - ok
00:32:13.0296 9788 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
00:32:13.0312 9788 hpqcxs08 - ok
00:32:13.0343 9788 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
00:32:13.0578 9788 hpqddsvc - ok
00:32:13.0625 9788 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:32:13.0703 9788 HTTP - ok
00:32:13.0718 9788 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:32:13.0765 9788 HTTPFilter - ok
00:32:13.0765 9788 i2omgmt - ok
00:32:13.0765 9788 i2omp - ok
00:32:13.0781 9788 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:32:13.0796 9788 i8042prt - ok
00:32:13.0859 9788 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:32:13.0890 9788 IDriverT - ok
00:32:14.0015 9788 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:32:14.0046 9788 idsvc - ok
00:32:14.0093 9788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:32:14.0109 9788 Imapi - ok
00:32:14.0156 9788 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:32:14.0203 9788 ImapiService - ok
00:32:14.0203 9788 ini910u - ok
00:32:14.0296 9788 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:32:14.0312 9788 IntelIde - ok
00:32:14.0328 9788 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:32:14.0328 9788 intelppm - ok
00:32:14.0343 9788 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:32:14.0375 9788 Ip6Fw - ok
00:32:14.0406 9788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:32:14.0421 9788 IpFilterDriver - ok
00:32:14.0453 9788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:32:14.0468 9788 IpInIp - ok
00:32:14.0484 9788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:32:14.0500 9788 IpNat - ok
00:32:14.0546 9788 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:32:14.0562 9788 IPSec - ok
00:32:14.0593 9788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:32:14.0609 9788 IRENUM - ok
00:32:14.0625 9788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:32:14.0640 9788 isapnp - ok
00:32:14.0796 9788 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
00:32:14.0859 9788 JavaQuickStarterService - ok
00:32:14.0906 9788 JL2005C (a7b973de438a6b98ca7f365837d2f548) C:\WINDOWS\system32\Drivers\jl2005c.sys
00:32:15.0140 9788 JL2005C - ok
00:32:15.0187 9788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:32:15.0203 9788 Kbdclass - ok
00:32:15.0250 9788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:32:15.0250 9788 kmixer - ok
00:32:15.0296 9788 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:32:15.0390 9788 KSecDD - ok
00:32:15.0437 9788 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:32:15.0484 9788 lanmanserver - ok
00:32:15.0515 9788 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:32:15.0562 9788 lanmanworkstation - ok
00:32:15.0562 9788 lbrtfdc - ok
00:32:15.0578 9788 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:32:15.0593 9788 LmHosts - ok
00:32:15.0625 9788 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
00:32:15.0656 9788 MBAMProtector - ok
00:32:15.0734 9788 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:32:15.0750 9788 MBAMService - ok
00:32:15.0765 9788 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:32:15.0796 9788 Messenger - ok
00:32:15.0843 9788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:32:15.0843 9788 mnmdd - ok
00:32:15.0875 9788 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:32:15.0921 9788 mnmsrvc - ok
00:32:15.0953 9788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:32:16.0015 9788 Modem - ok
00:32:16.0046 9788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:32:16.0078 9788 Mouclass - ok
00:32:16.0109 9788 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:32:16.0140 9788 mouhid - ok
00:32:16.0156 9788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:32:16.0156 9788 MountMgr - ok
00:32:16.0203 9788 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
00:32:16.0203 9788 MpFilter - ok
00:32:16.0312 9788 MpKsl781467cc (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{89F4A23E-648A-4F9B-B873-5B55F38141B4}\MpKsl781467cc.sys
00:32:16.0468 9788 MpKsl781467cc - ok
00:32:16.0468 9788 mraid35x - ok
00:32:16.0953 9788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:32:16.0984 9788 MRxDAV - ok
00:32:17.0031 9788 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:32:17.0406 9788 MRxSmb - ok
00:32:17.0437 9788 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:32:17.0468 9788 MSDTC - ok
00:32:17.0484 9788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:32:17.0484 9788 Msfs - ok
00:32:17.0500 9788 MSIServer - ok
00:32:17.0515 9788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:32:17.0515 9788 MSKSSRV - ok
00:32:17.0625 9788 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:32:17.0671 9788 MsMpSvc - ok
00:32:17.0703 9788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:32:17.0734 9788 MSPCLOCK - ok
00:32:17.0750 9788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:32:17.0796 9788 MSPQM - ok
00:32:17.0828 9788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:32:17.0828 9788 mssmbios - ok
00:32:17.0859 9788 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:32:17.0890 9788 MSTEE - ok
00:32:17.0921 9788 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:32:17.0968 9788 Mup - ok
00:32:18.0015 9788 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:32:18.0078 9788 NABTSFEC - ok
00:32:18.0093 9788 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:32:18.0156 9788 napagent - ok
00:32:18.0187 9788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:32:18.0218 9788 NDIS - ok
00:32:18.0250 9788 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:32:18.0281 9788 NdisIP - ok
00:32:18.0328 9788 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:32:18.0468 9788 NdisTapi - ok
00:32:18.0515 9788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:32:18.0531 9788 Ndisuio - ok
00:32:18.0562 9788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:32:18.0609 9788 NdisWan - ok
00:32:18.0640 9788 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:32:18.0656 9788 NDProxy - ok
00:32:18.0687 9788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:32:18.0703 9788 NetBIOS - ok
00:32:18.0718 9788 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:32:18.0734 9788 NetBT - ok
00:32:18.0781 9788 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:32:18.0828 9788 NetDDE - ok
00:32:18.0859 9788 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:32:18.0875 9788 NetDDEdsdm - ok
00:32:18.0906 9788 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:32:18.0906 9788 Netlogon - ok
00:32:18.0921 9788 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:32:18.0937 9788 Netman - ok
00:32:19.0046 9788 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:32:19.0062 9788 NetTcpPortSharing - ok
00:32:19.0109 9788 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:32:19.0125 9788 Nla - ok
00:32:19.0187 9788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:32:19.0218 9788 Npfs - ok
00:32:19.0265 9788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:32:19.0312 9788 Ntfs - ok
00:32:19.0312 9788 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:32:19.0312 9788 NtLmSsp - ok
00:32:19.0437 9788 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:32:19.0453 9788 NtmsSvc - ok
00:32:19.0515 9788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:32:19.0531 9788 Null - ok
00:32:19.0562 9788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:32:19.0593 9788 NwlnkFlt - ok
00:32:19.0593 9788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:32:19.0593 9788 NwlnkFwd - ok
00:32:19.0609 9788 OMCI - ok
00:32:19.0656 9788 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
00:32:19.0703 9788 ossrv - ok
00:32:19.0765 9788 P17 (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys
00:32:19.0796 9788 P17 - ok
00:32:19.0828 9788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:32:19.0843 9788 Parport - ok
00:32:19.0859 9788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:32:19.0875 9788 PartMgr - ok
00:32:19.0921 9788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:32:19.0937 9788 ParVdm - ok
00:32:19.0953 9788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:32:19.0968 9788 PCI - ok
00:32:19.0984 9788 PCIDump - ok
00:32:20.0015 9788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:32:20.0015 9788 PCIIde - ok
00:32:20.0031 9788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:32:20.0093 9788 Pcmcia - ok
00:32:20.0093 9788 PDCOMP - ok
00:32:20.0093 9788 PDFRAME - ok
00:32:20.0093 9788 PDRELI - ok
00:32:20.0093 9788 PDRFRAME - ok
00:32:20.0093 9788 perc2 - ok
00:32:20.0109 9788 perc2hib - ok
00:32:20.0140 9788 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
00:32:20.0140 9788 PfModNT - ok
00:32:20.0203 9788 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:32:20.0203 9788 PlugPlay - ok
00:32:20.0250 9788 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:32:20.0250 9788 PolicyAgent - ok
00:32:20.0265 9788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:32:20.0265 9788 PptpMiniport - ok
00:32:20.0265 9788 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:32:20.0265 9788 ProtectedStorage - ok
00:32:20.0281 9788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:32:20.0312 9788 PSched - ok
00:32:20.0343 9788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:32:20.0359 9788 Ptilink - ok
00:32:20.0406 9788 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:32:20.0562 9788 PxHelp20 - ok
00:32:20.0578 9788 ql1080 - ok
00:32:20.0578 9788 Ql10wnt - ok
00:32:20.0593 9788 ql12160 - ok
00:32:20.0593 9788 ql1240 - ok
00:32:20.0609 9788 ql1280 - ok
00:32:20.0656 9788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:32:20.0656 9788 RasAcd - ok
00:32:20.0703 9788 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:32:20.0750 9788 RasAuto - ok
00:32:20.0781 9788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:32:20.0796 9788 Rasl2tp - ok
00:32:20.0828 9788 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:32:20.0859 9788 RasMan - ok
00:32:20.0890 9788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:32:20.0906 9788 RasPppoe - ok
00:32:20.0921 9788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:32:20.0937 9788 Raspti - ok
00:32:20.0953 9788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:32:20.0984 9788 Rdbss - ok
00:32:20.0984 9788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:32:21.0000 9788 RDPCDD - ok
00:32:21.0046 9788 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
00:32:21.0046 9788 RDPWD - ok
00:32:21.0093 9788 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:32:21.0093 9788 RDSessMgr - ok
00:32:21.0125 9788 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:32:21.0125 9788 redbook - ok
00:32:21.0171 9788 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:32:21.0234 9788 RemoteAccess - ok
00:32:21.0281 9788 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
00:32:21.0281 9788 RpcLocator - ok
00:32:21.0328 9788 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
00:32:21.0328 9788 RpcSs - ok
00:32:21.0359 9788 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:32:21.0406 9788 RSVP - ok
00:32:21.0421 9788 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:32:21.0437 9788 SamSs - ok
00:32:21.0468 9788 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:32:21.0500 9788 SCardSvr - ok
00:32:21.0546 9788 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:32:21.0593 9788 Schedule - ok
00:32:21.0625 9788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:32:21.0640 9788 Secdrv - ok
00:32:21.0671 9788 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:32:21.0671 9788 seclogon - ok
00:32:21.0750 9788 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
00:32:21.0781 9788 senfilt - ok
00:32:21.0812 9788 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:32:21.0812 9788 SENS - ok
00:32:21.0828 9788 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:32:21.0843 9788 serenum - ok
00:32:21.0859 9788 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:32:21.0875 9788 Serial - ok
00:32:21.0906 9788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:32:21.0921 9788 Sfloppy - ok
00:32:21.0953 9788 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:32:21.0968 9788 SharedAccess - ok
00:32:22.0015 9788 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:32:22.0015 9788 ShellHWDetection - ok
00:32:22.0015 9788 Simbad - ok
00:32:22.0062 9788 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:32:22.0062 9788 SLIP - ok
00:32:22.0093 9788 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
00:32:22.0109 9788 smwdm - ok
00:32:22.0125 9788 Sparrow - ok
00:32:22.0140 9788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:32:22.0140 9788 splitter - ok
00:32:22.0187 9788 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:32:22.0187 9788 Spooler - ok
00:32:22.0250 9788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:32:22.0281 9788 sr - ok
00:32:22.0328 9788 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:32:22.0343 9788 srservice - ok
00:32:22.0453 9788 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:32:22.0500 9788 Srv - ok
00:32:22.0515 9788 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
00:32:22.0671 9788 sscdbhk5 - ok
00:32:22.0703 9788 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:32:22.0734 9788 SSDPSRV - ok
00:32:22.0781 9788 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
00:32:22.0906 9788 ssrtln - ok
00:32:22.0968 9788 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:32:23.0015 9788 stisvc - ok
00:32:23.0062 9788 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:32:23.0093 9788 streamip - ok
00:32:23.0109 9788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:32:23.0109 9788 swenum - ok
00:32:23.0171 9788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:32:23.0187 9788 swmidi - ok
00:32:23.0187 9788 SwPrv - ok
00:32:23.0203 9788 symc810 - ok
00:32:23.0218 9788 symc8xx - ok
00:32:23.0218 9788 sym_hi - ok
00:32:23.0234 9788 sym_u3 - ok
00:32:23.0281 9788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:32:23.0312 9788 sysaudio - ok
00:32:23.0343 9788 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:32:23.0343 9788 SysmonLog - ok
00:32:23.0390 9788 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:32:23.0406 9788 TapiSrv - ok
00:32:23.0453 9788 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:32:23.0500 9788 Tcpip - ok
00:32:23.0531 9788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:32:23.0546 9788 TDPIPE - ok
00:32:23.0578 9788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:32:23.0609 9788 TDTCP - ok
00:32:23.0625 9788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:32:23.0625 9788 TermDD - ok
00:32:23.0687 9788 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:32:23.0734 9788 TermService - ok
00:32:23.0812 9788 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
00:32:23.0968 9788 tfsnboio - ok
00:32:23.0984 9788 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
00:32:24.0109 9788 tfsncofs - ok
00:32:24.0140 9788 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
00:32:24.0312 9788 tfsndrct - ok
00:32:24.0359 9788 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
00:32:24.0484 9788 tfsndres - ok
00:32:24.0500 9788 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
00:32:24.0734 9788 tfsnifs - ok
00:32:24.0750 9788 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
00:32:24.0906 9788 tfsnopio - ok
00:32:24.0937 9788 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
00:32:25.0109 9788 tfsnpool - ok
00:32:25.0156 9788 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
00:32:25.0375 9788 tfsnudf - ok
00:32:25.0390 9788 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
00:32:25.0500 9788 tfsnudfa - ok
00:32:25.0546 9788 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:32:25.0546 9788 Themes - ok
00:32:25.0562 9788 TosIde - ok
00:32:25.0609 9788 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:32:25.0625 9788 TrkWks - ok
00:32:25.0640 9788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:32:25.0640 9788 Udfs - ok
00:32:25.0656 9788 ultra - ok
00:32:25.0703 9788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:32:25.0718 9788 Update - ok
00:32:25.0750 9788 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:32:25.0796 9788 upnphost - ok
00:32:25.0812 9788 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:32:25.0828 9788 UPS - ok
00:32:25.0875 9788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:32:25.0906 9788 usbccgp - ok
00:32:25.0921 9788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:32:25.0921 9788 usbehci - ok
00:32:25.0953 9788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:32:25.0968 9788 usbhub - ok
00:32:25.0984 9788 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:32:26.0000 9788 usbprint - ok
00:32:26.0031 9788 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:32:26.0046 9788 usbscan - ok
00:32:26.0062 9788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:32:26.0078 9788 USBSTOR - ok
00:32:26.0109 9788 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:32:26.0109 9788 usbuhci - ok
00:32:26.0140 9788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:32:26.0156 9788 VgaSave - ok
00:32:26.0156 9788 ViaIde - ok
00:32:26.0187 9788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:32:26.0187 9788 VolSnap - ok
00:32:26.0234 9788 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:32:26.0281 9788 VSS - ok
00:32:26.0359 9788 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:32:26.0375 9788 W32Time - ok
00:32:26.0406 9788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:32:26.0406 9788 Wanarp - ok
00:32:26.0421 9788 WDICA - ok
00:32:26.0468 9788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:32:26.0484 9788 wdmaud - ok
00:32:26.0531 9788 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:32:26.0531 9788 WebClient - ok
00:32:26.0718 9788 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:32:26.0750 9788 winmgmt - ok
00:32:26.0828 9788 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
00:32:26.0890 9788 WinRM - ok
00:32:26.0953 9788 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe
00:32:26.0953 9788 WMDM PMSP Service - ok
00:32:26.0984 9788 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
00:32:27.0109 9788 WmdmPmSN - ok
00:32:27.0156 9788 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:32:27.0203 9788 WmiApSrv - ok
00:32:27.0359 9788 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
00:32:27.0390 9788 WMPNetworkSvc - ok
00:32:27.0437 9788 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:32:27.0453 9788 WS2IFSL - ok
00:32:27.0484 9788 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
00:32:27.0515 9788 wscsvc - ok
00:32:27.0546 9788 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:32:27.0562 9788 WSTCODEC - ok
00:32:27.0578 9788 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:32:27.0593 9788 wuauserv - ok
00:32:27.0640 9788 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:32:27.0671 9788 WudfPf - ok
00:32:27.0703 9788 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:32:27.0750 9788 WudfRd - ok
00:32:27.0765 9788 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:32:27.0765 9788 WudfSvc - ok
00:32:27.0828 9788 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:32:27.0843 9788 WZCSVC - ok
00:32:27.0875 9788 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:32:27.0953 9788 xmlprov - ok
00:32:28.0046 9788 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:32:28.0109 9788 YahooAUService - ok
00:32:28.0156 9788 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:32:28.0171 9788 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
00:32:28.0171 9788 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
00:32:28.0187 9788 Boot (0x1200) (286733cd30b4556a859e3f42e04faf23) \Device\Harddisk0\DR0\Partition0
00:32:28.0187 9788 \Device\Harddisk0\DR0\Partition0 - ok
00:32:28.0187 9788 ============================================================
00:32:28.0187 9788 Scan finished
00:32:28.0187 9788 ============================================================
00:32:28.0203 8432 Detected object count: 1
00:32:28.0203 8432 Actual detected object count: 1
00:32:41.0531 8432 \Device\Harddisk0\DR0\# - copied to quarantine
00:32:41.0593 8432 \Device\Harddisk0\DR0 - copied to quarantine
00:32:41.0625 8432 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
00:32:41.0656 8432 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
00:32:41.0875 8432 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
00:32:42.0421 8432 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
00:32:42.0468 8432 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
00:32:42.0546 8432 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
00:32:44.0187 8432 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
00:32:44.0531 8432 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
00:32:44.0562 8432 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
00:32:44.0578 8432 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
00:32:44.0937 8432 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
00:32:45.0015 8432 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
00:32:45.0046 8432 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
00:32:45.0046 8432 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
00:32:45.0062 8432 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
00:32:45.0218 8432 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
00:32:45.0234 8432 \Device\Harddisk0\DR0 - ok
00:32:45.0234 8432 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
00:33:10.0062 10140 Deinitialize success

#6 Jo2hearts

Jo2hearts
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 AM

Posted 29 July 2012 - 12:02 AM

This is the asw log. Thank you

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 00:42:22
-----------------------------
00:42:22.828 OS Version: Windows 5.1.2600 Service Pack 3
00:42:22.828 Number of processors: 1 586 0x304
00:42:22.828 ComputerName: USER-BB5026FE16 UserName: User
00:42:23.671 Initialize success
00:44:17.359 AVAST engine defs: 12072801
00:44:31.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
00:44:31.375 Disk 0 Vendor: ST380817AS 3.42 Size: 76318MB BusType: 3
00:44:31.406 Disk 0 MBR read successfully
00:44:31.406 Disk 0 MBR scan
00:44:31.484 Disk 0 Windows XP default MBR code
00:44:31.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
00:44:31.515 Disk 0 scanning sectors +156280320
00:44:31.625 Disk 0 scanning C:\WINDOWS\system32\drivers
00:44:56.343 Service scanning
00:45:12.750 Service MpKslec5d7f2e c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{89F4A23E-648A-4F9B-B873-5B55F38141B4}\MpKslec5d7f2e.sys **LOCKED** 32
00:45:28.906 Modules scanning
00:45:44.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\My Documents\MBR.dat"
00:45:44.890 The log file has been saved successfully to "C:\Documents and Settings\User\My Documents\aswMBR.txt"
00:45:51.531 Disk 0 trace - called modules:
00:45:51.546 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
00:45:51.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b89030]
00:45:51.546 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x89c18d98]
00:46:00.875 AVAST engine scan C:\WINDOWS
00:46:13.046 AVAST engine scan C:\WINDOWS\system32
00:51:16.625 AVAST engine scan C:\WINDOWS\system32\drivers
00:51:45.125 AVAST engine scan C:\Documents and Settings\User
00:59:08.140 AVAST engine scan C:\Documents and Settings\All Users
01:01:10.718 Scan finished successfully
01:01:33.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\My Documents\MBR.dat"
01:01:33.593 The log file has been saved successfully to "C:\Documents and Settings\User\My Documents\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:21 AM

Posted 29 July 2012 - 12:06 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Jo2hearts

Jo2hearts
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 AM

Posted 29 July 2012 - 12:08 AM

Was I supposed to click "fix mbr" in asw?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:21 AM

Posted 29 July 2012 - 12:14 AM

No you were not


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Jo2hearts

Jo2hearts
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 AM

Posted 29 July 2012 - 12:34 AM

ok. good.

ComboFix 12-07-27.03 - User 07/29/2012 1:19.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1436 [GMT -4:00]
Running from: c:\documents and settings\User\My Documents\Downloads\Antivirus\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Application Data\.#
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 05:16 . 2012-07-29 05:16 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{048D5DEA-DF67-4350-B5F5-225823D126C2}\MpKsl5a2cf5d1.sys
2012-07-29 05:15 . 2012-07-29 05:15 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{048D5DEA-DF67-4350-B5F5-225823D126C2}\offreg.dll
2012-07-29 04:47 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{048D5DEA-DF67-4350-B5F5-225823D126C2}\mpengine.dll
2012-07-29 04:32 . 2012-07-29 04:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-27 20:47 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-27 02:12 . 2012-07-27 02:12 -------- d-----w- c:\documents and settings\User\Application Data\DriverCure
2012-07-27 02:12 . 2012-07-27 02:12 -------- d-----w- c:\documents and settings\User\Application Data\PC Unleashed Online
2012-07-27 02:11 . 2012-07-27 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Unleashed Online
2012-07-26 14:09 . 2012-07-26 14:09 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2012-07-26 14:09 . 2012-07-26 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-26 14:09 . 2012-07-26 14:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-26 14:09 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-20 20:46 . 2012-07-20 20:46 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\StartNow
2012-07-19 00:58 . 2012-07-19 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\eGames
2012-07-19 00:58 . 2012-07-19 00:58 -------- d-----w- c:\documents and settings\User\Application Data\eGames
2012-07-19 00:58 . 2012-07-19 00:58 -------- d-----w- c:\program files\Common Files\SWF Studio
2012-07-18 12:28 . 2012-07-18 12:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-07-18 12:28 . 2012-07-18 12:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2012-07-17 17:16 . 2012-07-17 17:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-07-13 15:06 . 2012-07-13 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games
2012-07-07 15:45 . 2012-07-07 15:45 -------- d-----w- c:\windows\system32\winrm
2012-07-07 15:45 . 2012-07-07 15:45 -------- d-----w- c:\windows\system32\GroupPolicy
2012-07-07 15:45 . 2012-07-07 15:45 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-07-07 15:43 . 2012-05-24 14:48 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-02 17:02 . 2012-07-02 17:02 452 ----a-w- c:\program files\0702201213025523.bat
2012-06-29 18:24 . 2012-06-29 18:24 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\SCE
2012-06-29 18:21 . 2012-06-29 18:21 -------- d-----w- c:\program files\Sony Online Entertainment
2012-06-29 18:21 . 2012-06-29 18:21 -------- d-----w- c:\documents and settings\User\Application Data\Sony Online Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 21:12 . 2012-05-14 11:54 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 21:12 . 2011-07-12 11:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 18:08 . 2011-07-12 03:06 230840 ----a-r- c:\windows\system32\cpnprt2.cid
2012-06-28 02:05 . 2012-06-28 02:05 452 ----a-w- c:\program files\0627201222054707.bat
2012-06-25 18:47 . 2012-06-25 18:47 453 ----a-w- c:\program files\0625201214473332.bat
2012-06-13 13:19 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2011-04-21 23:55 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2011-04-22 01:17 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2011-04-22 01:17 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2011-04-22 01:17 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2011-04-22 01:17 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2011-04-22 01:17 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2011-04-22 01:17 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2011-04-22 01:17 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2011-04-28 13:45 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2011-04-28 13:45 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2009-08-06 23:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2004-08-04 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-04-22 01:15 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-28 17:42 . 2011-12-28 17:42 462 ----a-w- c:\program files\1228201112424654.bat
2011-07-26 00:16 . 2011-07-26 00:16 450 ----a-w- c:\program files\0725201120161864.bat
2011-07-14 02:00 . 2011-07-14 02:00 452 ----a-w- c:\program files\0713201122002735.bat
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-27_03.11.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-29 04:35 . 2012-07-29 04:35 16384 c:\windows\Temp\Perflib_Perfdata_124.dat
+ 2012-07-27 21:12 . 2012-07-27 21:12 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
+ 2012-07-27 21:12 . 2012-07-27 21:12 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.dll
+ 2012-05-14 11:54 . 2012-07-27 21:12 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-05-14 11:54 . 2012-07-12 14:12 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-07-25 273544]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-08-11 282624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 23:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 03:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-20 00:48 32881 ----a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 08:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 301248]
R1 MpKsl5a2cf5d1;MpKsl5a2cf5d1;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{048D5DEA-DF67-4350-B5F5-225823D126C2}\MpKsl5a2cf5d1.sys [7/29/2012 1:16 AM 29904]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [3/26/2012 10:35 PM 913792]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/26/2012 10:09 AM 655944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/26/2012 10:09 AM 22344]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/14/2012 7:54 AM 250056]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL5A2CF5D1
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 21:12]
.
2012-07-29 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
2012-07-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-1078145449-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-07-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-1078145449-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} - hxxp://www.disneyphotopass.com/Scripts/ImageUploader7.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-29 01:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2952)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-07-29 01:29:11
ComboFix-quarantined-files.txt 2012-07-29 05:29
ComboFix2.txt 2012-07-27 03:15
.
Pre-Run: 57,335,611,392 bytes free
Post-Run: 58,144,235,520 bytes free
.
- - End Of File - - D16C6462CFEC1006C9FEA2C89CCA3AB3

#11 Jo2hearts

Jo2hearts
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 AM

Posted 29 July 2012 - 12:37 AM

I haven't gotten a pop up of a malicious outgoing message yet. It was every minute 1-2 days ago. Today it has been every few hours. I will let you know if I get one.

Is there anything else I need to run or do you think it might be fixed? Thank you

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:21 AM

Posted 29 July 2012 - 01:23 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Jo2hearts

Jo2hearts
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 AM

Posted 29 July 2012 - 10:14 AM

Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Advanced SystemCare 5
Angry Birds
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 2012
AVG PC Tuneup 2011
BufferChm
Burger Island
Burger Shop 2
Clone Wars
Cooking Dash
Coupon Printer for Windows
Creative MediaSource
CustomerResearchQFolder
D4300
D4300_Help
Dell Media Experience
Dell Resource CD
DeviceDiscovery
DeviceManagementQFolder
DJ_SF_03_D4300_ProductContext
DJ_SF_03_D4300_Software
DJ_SF_03_D4300_Software_Min
Doggie Dash
eSupportQFolder
Fashion Apprentice
Fashion Solitaire
ffdshow [rev 2527] [2008-12-19]
File Type Assistant
Free File Viewer 2011
Freeze.com NetAssistant
GPBaseService
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
HP Customer Participation Program 10.0
HP Deskjet D4300 Printer Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
InstallIQ Updater
Intel® PRO Network Connections Drivers
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java™ 6 Update 31
Jojo’s Fashion Show
JSWPFCom
JSWPFGrade2
JumpStart 3D Ages 6-8
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSN
NetAssistant
OpenOffice.org 3.3
PowerDVD 5.3
PSSWCORE
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Satisfashion
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923789)
Shop for HP Supplies
SmartWebPrintingOC
SolutionCenter
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
Sound Blaster Live! 24-bit
SoundMAX
Status
Toolbox
TrayApp
Uninstall Dual Mode Camera (TDC13E0)
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
VideoToolkit01
Vivitar Experience Image Manager
WebFldrs XP
WebReg
Wedding Dash 4-Ever
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Software Update
Yontoo Layers Runtime 1.10.01

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:21 AM

Posted 29 July 2012 - 02:18 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 31
Yontoo Layers Runtime 1.10.01
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Jo2hearts

Jo2hearts
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 AM

Posted 29 July 2012 - 04:01 PM

alwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-BB5026FE16 [administrator]

Protection: Enabled

7/29/2012 4:56:54 PM
mbam-log-2012-07-29 (16-56-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 176433
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users