Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google keeps redirecting with random pop up firefox tabs and Adobe flsh install popups


  • This topic is locked This topic is locked
15 replies to this topic

#1 nirvanaandy

nirvanaandy

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 28 July 2012 - 06:31 PM

Google in firefox keeps redirecting.
Opens random website tabs.
Office scan (disabled during dds and GMER) show multiple violations
GMER showed message that the system has been infected by rootkit!!!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_31
Run by Rakesh at 12:17:35 on 2012-07-28
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1919.1311 [GMT -7:00]
.
AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {36C23C57-71AF-490F-BCA8-BBF0638BE6A4}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exe
C:\WINDOWS\system32\lxeacoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\LANDesk\LDCLient\softmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe
C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Rakesh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LANDesk\LDCLient\amclient.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\rakesh\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10q_Plugin.exe -update plugin
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [DIRECT!] c:\program files\courion corporation\identity management suite direct!\direct.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\bcmntray
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [IntelAPMClient] "c:\program files\landesk\ldclient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
mRun: [SDClientMonitor] "c:\program files\landesk\ldclient\webportal\sdclientmonitor.exe"
mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"
mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\rakesh\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\rakesh\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: employee.com\t-mobile
Trusted Zone: gsm1900.org
Trusted Zone: t-mobile.com
Trusted Zone: tmomail.net
Trusted Zone: voicestream.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1337564311506
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{518B6D93-C512-42EC-BF6C-9AEDE099F98B} : DhcpNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rakesh\application data\mozilla\firefox\profiles\n5rm45ey.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\rakesh\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\rakesh\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\rakesh\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2005-11-15 5632]
R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2007-1-9 122880]
R2 iPCAgent;iPCAgent;c:\program files\ipass\ipassconnect\iPCAgent.exe [2006-1-19 90112]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-6-10 193192]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2008-1-4 266240]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2005-2-18 36624]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2006-7-17 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2006-7-17 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2006-7-17 3712]
S2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2005-2-18 262416]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2005-11-18 30192]
S3 Intel Remote Control Helper;Intel Remote Control Helper;c:\windows\system32\drivers\rch.sys [2005-11-15 49972]
S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [2006-2-15 851341]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-20 113120]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2007-8-28 575064]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== Created Last 30 ================
.
2012-07-23 19:33:25 -------- d-----w- c:\documents and settings\all users\application data\6F63A59D02FC572ED9A03A97E56C3425
2012-07-19 17:44:31 -------- d-sh--w- C:\found.000
2012-07-04 02:47:21 -------- d-----w- C:\Rakesh_Docs
.
==================== Find3M ====================
.
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-03 05:49:52 883616 ----a-w- C:\FixExec.com
.
============= FINISH: 12:18:27.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 29 July 2012 - 02:13 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 nirvanaandy

nirvanaandy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 29 July 2012 - 02:13 PM

hello, Please see requested Logs below, ( 1st security checkup.txt then 2nd ComboFix log.)
I am currently uncertain how my machine is working, and so far i have not seen a popup in last 5 mins.

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Trend Micro OfficeScan Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java version out of Date!
Adobe Flash Player 9 Flash Player out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.181.14 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Trend Micro OfficeScan Client pccntmon.exe
Trend Micro OfficeScan Client ntrtscan.exe
Trend Micro OfficeScan Client tmlisten.exe
Trend Micro OfficeScan Client TmProxy.exe
Trend Micro OfficeScan Client CNTAoSMgr.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 27% Defragment your hard drive soon!
````````````````````End of Log``````````````````````



---------------------------------------------------------------------------------------------------------

ComboFix 12-07-29.02 - Rakesh 07/29/2012 11:32:07.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1919.1427 [GMT -7:00]
Running from: c:\documents and settings\Rakesh\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {36C23C57-71AF-490F-BCA8-BBF0638BE6A4}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB18204$
c:\windows\$NtUninstallKB18204$\3437530104\@
c:\windows\$NtUninstallKB18204$\3437530104\Desktop.ini
c:\windows\$NtUninstallKB18204$\3437530104\L\00000004.@
c:\windows\$NtUninstallKB18204$\3437530104\L\201d3dde
c:\windows\$NtUninstallKB18204$\3437530104\L\qstarcwf
c:\windows\$NtUninstallKB18204$\3437530104\U\00000004.@
c:\windows\$NtUninstallKB18204$\3437530104\U\00000008.@
c:\windows\$NtUninstallKB18204$\3437530104\U\000000cb.@
c:\windows\$NtUninstallKB18204$\3437530104\U\80000000.@
c:\windows\$NtUninstallKB18204$\3437530104\U\80000032.@
c:\windows\$NtUninstallKB18204$\763226285
.
Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 18:27 . 2004-08-04 12:00 74752 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2012-07-29 18:27 . 2004-08-04 12:00 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-07-23 19:33 . 2012-07-28 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\6F63A59D02FC572ED9A03A97E56C3425
2012-07-19 17:44 . 2012-07-19 17:44 -------- d-----w- C:\found.000
2012-07-04 02:47 . 2012-07-04 02:57 -------- d-----w- C:\Rakesh_Docs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 20:46 . 2011-06-22 03:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-03 05:49 . 2012-05-04 03:28 883616 ----a-w- C:\FixExec.com
2012-07-23 17:17 . 2012-05-21 01:07 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-22 02:11 . 2007-08-14 17:50 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rakesh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rakesh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rakesh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rakesh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-16 335872]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-12 710000]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"DIRECT!"="c:\program files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe" [2004-09-02 98304]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"IntelAPMClient"="c:\program files\LANDesk\LDCLient\amclient.exe" [2007-06-12 327680]
"SDClientMonitor"="c:\program files\LANDesk\LDCLient\webportal\sdclientmonitor.exe" [2006-11-01 258048]
"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2010-05-05 770728]
"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2010-05-05 148280]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-29 1485208]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-01-06 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
.
c:\documents and settings\Rakesh\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Rakesh\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 15:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-03-22 02:11 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prolific_OneButton]
2004-06-10 00:00 49152 ----a-r- c:\program files\Prolific\One Button\OneBtn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-12-21 21:31 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentAgent.exe"=
"c:\\Program Files\\Belkin\\Router Setup and Monitor\\BelkinSetup.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [11/15/2005 2:33 PM 5632]
R2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [1/9/2007 12:03 PM 122880]
R2 iPCAgent;iPCAgent;c:\program files\iPass\iPassConnect\iPCAgent.exe [1/19/2006 7:06 PM 90112]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [6/10/2011 3:46 PM 193192]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\SoftMon.exe [1/4/2008 1:37 PM 266240]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2/18/2005 6:04 PM 262416]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [2/18/2005 6:04 PM 36624]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [7/17/2006 9:29 AM 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [7/17/2006 9:29 AM 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [7/17/2006 9:29 AM 3712]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [8/28/2007 1:45 AM 575064]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/18/2005 12:45 PM 30192]
S3 Intel Remote Control Helper;Intel Remote Control Helper;c:\windows\system32\drivers\rch.sys [11/15/2005 3:37 PM 49972]
S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [2/15/2006 10:56 AM 851341]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/20/2012 6:07 PM 113120]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/16/2005 11:54 AM 664064]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Xyz777s
s3savagemx
MTsensor
msftpsvc
acdservice
REVOSENS
LXARScan
R300
mwsarcpkt
lvprcsrv
bc_prt_f
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1292428093-839522115-1003Core.job
- c:\documents and settings\Rakesh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-15 23:07]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1292428093-839522115-1003UA.job
- c:\documents and settings\Rakesh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-15 23:07]
.
2012-07-29 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-11-15 02:38]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: employee.com\t-mobile
Trusted Zone: gsm1900.org
Trusted Zone: t-mobile.com
Trusted Zone: tmomail.net
Trusted Zone: voicestream.com
TCP: DhcpNameServer = 192.168.2.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rakesh\Application Data\Mozilla\Firefox\Profiles\n5rm45ey.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-CTFMON - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-29 11:44
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\drivers\tsk1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\00\0f\04!\08t"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(592)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\documents and settings\Rakesh\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LANDesk\LDClient\LocalSch.EXE
c:\windows\system32\CBA\pds.exe
c:\program files\LANDesk\LDCLient\tmcsvc.exe
c:\progra~1\LANDesk\LDCLient\issuser.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxeacoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\oracle\ora92\bin\omtsreco.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Dantz\Retrospect\retrorun.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\msiexec.exe
c:\progra~1\LANDesk\LDCLient\rcgui.exe
c:\progra~1\LANDesk\LDClient\collector.exe
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\program files\TREND MICRO\OFFICESCAN CLIENT\0FCD0G.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\bcmntray.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-07-29 11:52:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-29 18:52
.
Pre-Run: 18,464,399,360 bytes free
Post-Run: 18,865,754,112 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E61E8E3B025900DC34C3669F54A7B243

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 29 July 2012 - 02:26 PM

Greetings

It looks like it removed the virus but I am going to make sure it is gone and stays gone

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 nirvanaandy

nirvanaandy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 31 July 2012 - 12:02 AM

Hi Gringo,
Please see attached requested Logs.

21:02:25.0788 2284 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:02:26.0459 2284 ============================================================
21:02:26.0459 2284 Current date / time: 2012/07/30 21:02:26.0459
21:02:26.0459 2284 SystemInfo:
21:02:26.0459 2284
21:02:26.0459 2284 OS Version: 5.1.2600 ServicePack: 2.0
21:02:26.0459 2284 Product type: Workstation
21:02:26.0459 2284 ComputerName: TTS-23143E21703
21:02:26.0459 2284 UserName: Rakesh
21:02:26.0459 2284 Windows directory: C:\WINDOWS
21:02:26.0459 2284 System windows directory: C:\WINDOWS
21:02:26.0459 2284 Processor architecture: Intel x86
21:02:26.0459 2284 Number of processors: 1
21:02:26.0459 2284 Page size: 0x1000
21:02:26.0459 2284 Boot type: Normal boot
21:02:26.0459 2284 ============================================================
21:02:34.0716 2284 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:02:34.0887 2284 ============================================================
21:02:34.0887 2284 \Device\Harddisk0\DR0:
21:02:35.0044 2284 MBR partitions:
21:02:35.0044 2284 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41
21:02:35.0044 2284 ============================================================
21:02:37.0432 2284 C: <-> \Device\Harddisk0\DR0\Partition0
21:02:37.0432 2284 ============================================================
21:02:37.0432 2284 Initialize success
21:02:37.0432 2284 ============================================================
21:02:50.0324 3888 ============================================================
21:02:50.0324 3888 Scan started
21:02:50.0324 3888 Mode: Manual;
21:02:50.0324 3888 ============================================================
21:02:51.0089 3888 Abiosdsk - ok
21:02:51.0105 3888 abp480n5 - ok
21:02:51.0120 3888 acdservice - ok
21:02:51.0198 3888 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:02:51.0214 3888 ACPI - ok
21:02:51.0245 3888 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:02:51.0277 3888 ACPIEC - ok
21:02:51.0292 3888 adpu160m - ok
21:02:51.0355 3888 aeaudio (75bee80a25fc7f690dcd57570dc159c1) C:\WINDOWS\system32\drivers\aeaudio.sys
21:02:51.0355 3888 aeaudio - ok
21:02:51.0417 3888 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
21:02:51.0433 3888 aec - ok
21:02:51.0479 3888 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:02:51.0511 3888 AegisP - ok
21:02:51.0573 3888 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
21:02:51.0620 3888 AFD - ok
21:02:51.0823 3888 AffinegyService (7e077309910ce334c3b2b7b8665a55c4) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
21:02:51.0901 3888 AffinegyService - ok
21:02:51.0916 3888 AFGMp50 - ok
21:02:51.0963 3888 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
21:02:51.0979 3888 AFGSp50 - ok
21:02:52.0073 3888 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:02:52.0260 3888 AgereSoftModem - ok
21:02:52.0275 3888 Aha154x - ok
21:02:52.0291 3888 aic78u2 - ok
21:02:52.0307 3888 aic78xx - ok
21:02:52.0385 3888 akshasp (d5987b854a62867d399a3d3d744547e5) C:\WINDOWS\system32\DRIVERS\akshasp.sys
21:02:52.0463 3888 akshasp - ok
21:02:52.0494 3888 aksusb (25c07de96a774622001935e36693c9c2) C:\WINDOWS\system32\DRIVERS\aksusb.sys
21:02:52.0541 3888 aksusb - ok
21:02:52.0588 3888 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
21:02:52.0588 3888 Alerter - ok
21:02:52.0634 3888 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
21:02:52.0634 3888 ALG - ok
21:02:52.0650 3888 AliIde - ok
21:02:52.0681 3888 amsint - ok
21:02:52.0853 3888 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:02:52.0869 3888 Apple Mobile Device - ok
21:02:52.0900 3888 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
21:02:52.0931 3888 AppMgmt - ok
21:02:52.0962 3888 asc - ok
21:02:52.0978 3888 asc3350p - ok
21:02:52.0993 3888 asc3550 - ok
21:02:53.0165 3888 aspnet_state (4eabf511b1af176a971c3271e48fa3a8) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:02:53.0212 3888 aspnet_state - ok
21:02:53.0243 3888 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:02:53.0259 3888 AsyncMac - ok
21:02:53.0337 3888 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:02:53.0337 3888 atapi - ok
21:02:53.0337 3888 Atdisk - ok
21:02:53.0431 3888 Ati HotKey Poller (a8464ca51c598101a3fef341f4f0b6e0) C:\WINDOWS\system32\Ati2evxx.exe
21:02:53.0446 3888 Ati HotKey Poller - ok
21:02:53.0509 3888 ati2mtag (83f24e252908e59c4a7ef203bf7f4c02) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:02:53.0540 3888 ati2mtag - ok
21:02:53.0555 3888 atiide (899c9f94ed5ec5eff71aa6e17a084419) C:\WINDOWS\system32\DRIVERS\atiide.sys
21:02:53.0571 3888 atiide - ok
21:02:53.0602 3888 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:02:53.0618 3888 Atmarpc - ok
21:02:53.0649 3888 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
21:02:53.0665 3888 AudioSrv - ok
21:02:53.0743 3888 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:02:53.0743 3888 audstub - ok
21:02:53.0790 3888 BCM42RLY (62db04646d81798582464c32ef1cc3b2) C:\WINDOWS\System32\drivers\BCM42RLY.SYS
21:02:53.0805 3888 BCM42RLY - ok
21:02:53.0899 3888 BCM43XX (fa4a4a50b4b2647afedc676cc68c69cc) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:02:53.0930 3888 BCM43XX - ok
21:02:53.0946 3888 bc_prt_f - ok
21:02:53.0977 3888 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:02:53.0992 3888 Beep - ok
21:02:54.0086 3888 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
21:02:54.0195 3888 BITS - ok
21:02:54.0523 3888 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:02:54.0586 3888 Bonjour Service - ok
21:02:54.0664 3888 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
21:02:54.0679 3888 Browser - ok
21:02:54.0742 3888 caboagp (10d5fb74ee18ea49c30daaa203c0e0ec) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
21:02:54.0757 3888 caboagp - ok
21:02:54.0773 3888 catchme - ok
21:02:54.0882 3888 CBA8 (c519f99d43d1886614fc61f5190c8e7c) C:\Program Files\LANDesk\Shared Files\residentagent.exe
21:02:54.0945 3888 CBA8 - ok
21:02:55.0007 3888 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:02:55.0023 3888 cbidf2k - ok
21:02:55.0069 3888 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:02:55.0101 3888 CCDECODE - ok
21:02:55.0241 3888 CcmExec (e4b94f8edb3540d43a473d552c30d395) C:\WINDOWS\system32\CCM\CcmExec.exe
21:02:55.0319 3888 CcmExec - ok
21:02:55.0350 3888 cd20xrnt - ok
21:02:55.0428 3888 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:02:55.0444 3888 Cdaudio - ok
21:02:55.0506 3888 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
21:02:55.0538 3888 Cdfs - ok
21:02:55.0584 3888 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:02:55.0616 3888 Cdrom - ok
21:02:55.0631 3888 Changer - ok
21:02:55.0678 3888 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
21:02:55.0694 3888 CiSvc - ok
21:02:55.0725 3888 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
21:02:55.0756 3888 ClipSrv - ok
21:02:55.0897 3888 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:02:55.0975 3888 clr_optimization_v2.0.50727_32 - ok
21:02:56.0022 3888 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:02:56.0037 3888 CmBatt - ok
21:02:56.0053 3888 CmdIde - ok
21:02:56.0100 3888 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:02:56.0115 3888 Compbatt - ok
21:02:56.0131 3888 COMSysApp - ok
21:02:56.0162 3888 Cpqarray - ok
21:02:56.0209 3888 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
21:02:56.0224 3888 CryptSvc - ok
21:02:56.0271 3888 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
21:02:56.0287 3888 CVirtA - ok
21:02:56.0318 3888 dac2w2k - ok
21:02:56.0334 3888 dac960nt - ok
21:02:56.0412 3888 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
21:02:56.0443 3888 DcomLaunch - ok
21:02:56.0521 3888 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
21:02:56.0537 3888 Dhcp - ok
21:02:56.0599 3888 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
21:02:56.0615 3888 Disk - ok
21:02:56.0630 3888 dmadmin - ok
21:02:56.0740 3888 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
21:02:56.0833 3888 dmboot - ok
21:02:56.0849 3888 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
21:02:56.0880 3888 dmio - ok
21:02:56.0927 3888 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:02:56.0942 3888 dmload - ok
21:02:56.0989 3888 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
21:02:57.0005 3888 dmserver - ok
21:02:57.0067 3888 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
21:02:57.0067 3888 DMusic - ok
21:02:57.0145 3888 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
21:02:57.0177 3888 DNE - ok
21:02:57.0208 3888 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
21:02:57.0239 3888 Dnscache - ok
21:02:57.0239 3888 dpti2o - ok
21:02:57.0270 3888 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
21:02:57.0270 3888 drmkaud - ok
21:02:57.0333 3888 dtscsi (6461e57bb51a848aae26f52427b7cf9e) C:\WINDOWS\System32\Drivers\dtscsi.sys
21:02:57.0395 3888 dtscsi - ok
21:02:57.0458 3888 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
21:02:57.0473 3888 ERSvc - ok
21:02:57.0551 3888 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
21:02:57.0551 3888 Eventlog - ok
21:02:57.0629 3888 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll
21:02:57.0629 3888 EventSystem - ok
21:02:57.0692 3888 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
21:02:57.0738 3888 Fastfat - ok
21:02:57.0801 3888 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
21:02:57.0832 3888 FastUserSwitchingCompatibility - ok
21:02:57.0863 3888 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:02:57.0879 3888 Fdc - ok
21:02:57.0941 3888 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
21:02:57.0957 3888 Fips - ok
21:02:57.0988 3888 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:02:58.0004 3888 Flpydisk - ok
21:02:58.0066 3888 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:02:58.0113 3888 FltMgr - ok
21:02:58.0191 3888 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:02:58.0207 3888 Fs_Rec - ok
21:02:58.0285 3888 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys
21:02:58.0300 3888 FTDIBUS - ok
21:02:58.0332 3888 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:02:58.0363 3888 Ftdisk - ok
21:02:58.0410 3888 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\WINDOWS\system32\drivers\ftser2k.sys
21:02:58.0425 3888 FTSER2K - ok
21:02:58.0472 3888 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:02:58.0503 3888 GEARAspiWDM - ok
21:02:58.0706 3888 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
21:02:58.0722 3888 GoogleDesktopManager-051210-111108 - ok
21:02:58.0753 3888 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:02:58.0769 3888 Gpc - ok
21:02:58.0878 3888 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
21:02:59.0034 3888 Hardlock - ok
21:02:59.0081 3888 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
21:02:59.0112 3888 Haspnt - ok
21:02:59.0190 3888 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:02:59.0206 3888 helpsvc - ok
21:02:59.0253 3888 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
21:02:59.0268 3888 HidServ - ok
21:02:59.0331 3888 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:02:59.0346 3888 hidusb - ok
21:02:59.0377 3888 hpn - ok
21:02:59.0455 3888 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
21:02:59.0471 3888 HTTP - ok
21:02:59.0533 3888 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
21:02:59.0533 3888 HTTPFilter - ok
21:02:59.0549 3888 i2omgmt - ok
21:02:59.0565 3888 i2omp - ok
21:02:59.0643 3888 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:02:59.0658 3888 i8042prt - ok
21:02:59.0736 3888 idisw2km (da242c93d44675136c719cb1e83cd2a1) C:\WINDOWS\system32\DRIVERS\idisw2km.sys
21:02:59.0752 3888 idisw2km - ok
21:02:59.0892 3888 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:02:59.0955 3888 IDriverT - ok
21:03:00.0017 3888 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:03:00.0033 3888 Imapi - ok
21:03:00.0111 3888 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
21:03:00.0111 3888 ImapiService - ok
21:03:00.0142 3888 ini910u - ok
21:03:00.0267 3888 Intel Local Scheduler Service (58c5db3134365ba2ca95786846aecc16) C:\Program Files\LANDesk\LDClient\LocalSch.EXE
21:03:00.0314 3888 Intel Local Scheduler Service - ok
21:03:00.0376 3888 Intel PDS (ae97c986f9c1bb5421c20e6766f358fe) C:\WINDOWS\system32\CBA\pds.exe
21:03:00.0408 3888 Intel PDS - ok
21:03:00.0470 3888 Intel Remote Control Helper (cc2eb44ab8c5e3c05db23b41f5c9847d) C:\WINDOWS\system32\drivers\rch.sys
21:03:00.0517 3888 Intel Remote Control Helper - ok
21:03:00.0579 3888 Intel Targeted Multicast (d247e1157d047d69aad76cf28b94abcb) C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
21:03:00.0626 3888 Intel Targeted Multicast - ok
21:03:00.0642 3888 IntelIde - ok
21:03:00.0720 3888 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:03:00.0735 3888 intelppm - ok
21:03:00.0782 3888 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:03:00.0798 3888 Ip6Fw - ok
21:03:00.0923 3888 iPassConnectEngine (5cf11c2d37f06dea93fccd4818bb94fe) C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
21:03:01.0063 3888 iPassConnectEngine - ok
21:03:01.0110 3888 iPCAgent (3854058b9e59c94869a303de3f4f5046) C:\Program Files\iPass\iPassConnect\iPCAgent.exe
21:03:01.0172 3888 iPCAgent - ok
21:03:01.0219 3888 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:03:01.0235 3888 IpFilterDriver - ok
21:03:01.0266 3888 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:03:01.0282 3888 IpInIp - ok
21:03:01.0344 3888 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:03:01.0360 3888 IpNat - ok
21:03:01.0453 3888 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
21:03:01.0500 3888 iPod Service - ok
21:03:01.0547 3888 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:03:01.0563 3888 IPSec - ok
21:03:01.0625 3888 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:03:01.0641 3888 IRENUM - ok
21:03:01.0703 3888 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:03:01.0719 3888 isapnp - ok
21:03:01.0765 3888 ISSUSER - ok
21:03:01.0937 3888 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
21:03:01.0968 3888 JavaQuickStarterService - ok
21:03:02.0046 3888 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:03:02.0062 3888 Kbdclass - ok
21:03:02.0124 3888 kbstuff (ee79516334a94d263c784958e1ed0ae4) C:\WINDOWS\system32\DRIVERS\kbstuff5.sys
21:03:02.0140 3888 kbstuff - ok
21:03:02.0218 3888 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
21:03:02.0218 3888 kmixer - ok
21:03:02.0296 3888 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
21:03:02.0327 3888 KSecDD - ok
21:03:02.0390 3888 L8042pr2 (0f8b7bf7097d1e8d78f2f52a2bea03cd) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
21:03:02.0421 3888 L8042pr2 - ok
21:03:02.0483 3888 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
21:03:02.0515 3888 lanmanserver - ok
21:03:02.0562 3888 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
21:03:02.0608 3888 lanmanworkstation - ok
21:03:02.0624 3888 lbrtfdc - ok
21:03:02.0686 3888 ldblank (fc9bd3d862fa66c19826d05cb15c245b) C:\WINDOWS\system32\DRIVERS\ldblank.sys
21:03:02.0702 3888 ldblank - ok
21:03:02.0718 3888 ldmirror (f4a55732a6996cb64a1b7080b5871de8) C:\WINDOWS\system32\DRIVERS\ldmirror.sys
21:03:02.0733 3888 ldmirror - ok
21:03:02.0780 3888 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
21:03:02.0796 3888 LHidFlt2 - ok
21:03:02.0858 3888 LHidUsb (ffb851b1b2f6596b7d3182b977a85206) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
21:03:02.0874 3888 LHidUsb - ok
21:03:02.0936 3888 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
21:03:02.0952 3888 LmHosts - ok
21:03:02.0983 3888 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
21:03:02.0999 3888 LMouFlt2 - ok
21:03:03.0014 3888 lvprcsrv - ok
21:03:03.0030 3888 LXARScan - ok
21:03:03.0170 3888 lxeaCATSCustConnectService (2349335a8033fd9834d1c401eae1c9bf) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe
21:03:03.0217 3888 lxeaCATSCustConnectService - ok
21:03:03.0233 3888 lxea_device - ok
21:03:03.0404 3888 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
21:03:03.0451 3888 MDM - ok
21:03:03.0514 3888 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
21:03:03.0529 3888 Messenger - ok
21:03:03.0592 3888 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
21:03:03.0607 3888 MidiSyn - ok
21:03:03.0623 3888 mirrorflt (5eea9d31e405c2a7716a596f068ecec8) C:\WINDOWS\system32\DRIVERS\mirrorflt.sys
21:03:03.0639 3888 mirrorflt - ok
21:03:03.0701 3888 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:03:03.0717 3888 mnmdd - ok
21:03:03.0779 3888 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
21:03:03.0810 3888 mnmsrvc - ok
21:03:03.0873 3888 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
21:03:03.0873 3888 Modem - ok
21:03:03.0966 3888 mosuport (6950752fa1a6d094aa72070a28e0edb0) C:\WINDOWS\system32\DRIVERS\mosuport.sys
21:03:04.0107 3888 mosuport - ok
21:03:04.0169 3888 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:03:04.0185 3888 Mouclass - ok
21:03:04.0247 3888 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:03:04.0247 3888 mouhid - ok
21:03:04.0325 3888 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
21:03:04.0341 3888 MountMgr - ok
21:03:04.0466 3888 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:03:04.0497 3888 MozillaMaintenance - ok
21:03:04.0513 3888 mraid35x - ok
21:03:04.0559 3888 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:03:04.0591 3888 MRxDAV - ok
21:03:04.0606 3888 MRxSmb - ok
21:03:04.0653 3888 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
21:03:04.0684 3888 MSDTC - ok
21:03:04.0747 3888 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
21:03:04.0762 3888 Msfs - ok
21:03:04.0778 3888 msftpsvc - ok
21:03:04.0794 3888 MSIServer - ok
21:03:04.0872 3888 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:03:04.0872 3888 MSKSSRV - ok
21:03:04.0903 3888 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:03:04.0918 3888 MSPCLOCK - ok
21:03:04.0950 3888 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
21:03:04.0965 3888 MSPQM - ok
21:03:05.0028 3888 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:03:05.0028 3888 mssmbios - ok
21:03:05.0075 3888 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
21:03:05.0075 3888 MSTEE - ok
21:03:05.0090 3888 MTsensor - ok
21:03:05.0153 3888 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
21:03:05.0199 3888 Mup - ok
21:03:05.0215 3888 mwsarcpkt - ok
21:03:05.0277 3888 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:03:05.0309 3888 NABTSFEC - ok
21:03:05.0371 3888 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
21:03:05.0418 3888 NDIS - ok
21:03:05.0480 3888 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:03:05.0496 3888 NdisIP - ok
21:03:05.0558 3888 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:03:05.0574 3888 NdisTapi - ok
21:03:05.0636 3888 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:03:05.0652 3888 Ndisuio - ok
21:03:05.0683 3888 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:03:05.0714 3888 NdisWan - ok
21:03:05.0730 3888 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
21:03:05.0746 3888 NDProxy - ok
21:03:05.0777 3888 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:03:05.0793 3888 NetBIOS - ok
21:03:05.0824 3888 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:03:05.0855 3888 NetBT - ok
21:03:05.0917 3888 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
21:03:05.0964 3888 NetDDE - ok
21:03:05.0980 3888 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
21:03:05.0980 3888 NetDDEdsdm - ok
21:03:05.0995 3888 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
21:03:06.0011 3888 Netlogon - ok
21:03:06.0089 3888 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
21:03:06.0105 3888 Netman - ok
21:03:06.0152 3888 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
21:03:06.0167 3888 Nla - ok
21:03:06.0230 3888 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
21:03:06.0245 3888 Npfs - ok
21:03:06.0323 3888 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
21:03:06.0370 3888 Ntfs - ok
21:03:06.0386 3888 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
21:03:06.0386 3888 NtLmSsp - ok
21:03:06.0448 3888 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
21:03:06.0511 3888 NtmsSvc - ok
21:03:06.0729 3888 ntrtscan (bc1f3302e9669f97df40097789d29219) C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
21:03:06.0776 3888 ntrtscan - ok
21:03:06.0885 3888 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:03:06.0901 3888 Null - ok
21:03:06.0963 3888 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:03:06.0994 3888 NwlnkFlt - ok
21:03:07.0041 3888 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:03:07.0057 3888 NwlnkFwd - ok
21:03:07.0166 3888 OracleMTSRecoveryService - ok
21:03:07.0275 3888 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:03:07.0307 3888 ose - ok
21:03:07.0369 3888 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
21:03:07.0400 3888 Parport - ok
21:03:07.0463 3888 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
21:03:07.0478 3888 PartMgr - ok
21:03:07.0572 3888 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:03:07.0572 3888 ParVdm - ok
21:03:07.0619 3888 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
21:03:07.0634 3888 PCI - ok
21:03:07.0650 3888 PCIDump - ok
21:03:07.0712 3888 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:03:07.0728 3888 PCIIde - ok
21:03:07.0806 3888 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:03:07.0853 3888 Pcmcia - ok
21:03:07.0868 3888 PDCOMP - ok
21:03:07.0884 3888 PDFRAME - ok
21:03:07.0900 3888 PDRELI - ok
21:03:07.0915 3888 PDRFRAME - ok
21:03:07.0931 3888 perc2 - ok
21:03:07.0947 3888 perc2hib - ok
21:03:08.0165 3888 PLFlash DeviceIoControl Service (551f1bfb927ebedc91e56de078f84343) C:\WINDOWS\system32\IoctlSvc.exe
21:03:08.0165 3888 PLFlash DeviceIoControl Service - ok
21:03:08.0243 3888 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
21:03:08.0243 3888 PlugPlay - ok
21:03:08.0399 3888 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
21:03:08.0399 3888 PolicyAgent - ok
21:03:08.0477 3888 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:03:08.0493 3888 PptpMiniport - ok
21:03:08.0602 3888 prepdrvr (19505c4134f3181fc2203e087140c192) C:\WINDOWS\system32\CCM\prepdrv.sys
21:03:08.0618 3888 prepdrvr - ok
21:03:08.0633 3888 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
21:03:08.0633 3888 ProtectedStorage - ok
21:03:08.0649 3888 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
21:03:08.0680 3888 PSched - ok
21:03:08.0743 3888 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:03:08.0758 3888 Ptilink - ok
21:03:08.0774 3888 ql1080 - ok
21:03:08.0805 3888 Ql10wnt - ok
21:03:08.0821 3888 ql12160 - ok
21:03:08.0836 3888 ql1240 - ok
21:03:08.0852 3888 ql1280 - ok
21:03:08.0867 3888 R300 - ok
21:03:08.0914 3888 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:03:08.0930 3888 RasAcd - ok
21:03:08.0977 3888 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
21:03:09.0008 3888 RasAuto - ok
21:03:09.0023 3888 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:03:09.0055 3888 Rasl2tp - ok
21:03:09.0117 3888 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll
21:03:09.0148 3888 RasMan - ok
21:03:09.0180 3888 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:03:09.0195 3888 RasPppoe - ok
21:03:09.0211 3888 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:03:09.0226 3888 Raspti - ok
21:03:09.0320 3888 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:03:09.0351 3888 Rdbss - ok
21:03:09.0382 3888 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:03:09.0382 3888 RDPCDD - ok
21:03:09.0461 3888 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:03:09.0523 3888 rdpdr - ok
21:03:09.0601 3888 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
21:03:09.0632 3888 RDPWD - ok
21:03:09.0679 3888 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
21:03:09.0726 3888 RDSessMgr - ok
21:03:09.0757 3888 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:03:09.0773 3888 redbook - ok
21:03:09.0929 3888 Reflection Line Printer Daemon (cb96047c559904fa4a14a6bbe5564967) C:\Program Files\Reflection\lpdserv.exe
21:03:10.0007 3888 Reflection Line Printer Daemon - ok
21:03:10.0054 3888 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
21:03:10.0069 3888 RemoteAccess - ok
21:03:10.0132 3888 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
21:03:10.0147 3888 RemoteRegistry - ok
21:03:10.0272 3888 RetroLauncher (6fb9b33d20a2aac7c89884246a0e25fb) C:\Program Files\Dantz\Retrospect\retrorun.exe
21:03:10.0319 3888 RetroLauncher - ok
21:03:10.0397 3888 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
21:03:10.0413 3888 RpcLocator - ok
21:03:10.0491 3888 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\System32\rpcss.dll
21:03:10.0506 3888 RpcSs - ok
21:03:10.0522 3888 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:03:10.0569 3888 RSVP - ok
21:03:10.0647 3888 RTL8023 (265e3427e74cf322126c83e12c7869ec) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
21:03:10.0662 3888 RTL8023 - ok
21:03:10.0725 3888 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:03:10.0740 3888 rtl8139 - ok
21:03:10.0756 3888 s3savagemx - ok
21:03:10.0818 3888 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
21:03:10.0818 3888 SamSs - ok
21:03:10.0881 3888 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
21:03:10.0928 3888 SCardSvr - ok
21:03:11.0006 3888 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
21:03:11.0053 3888 Schedule - ok
21:03:11.0115 3888 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:03:11.0131 3888 Secdrv - ok
21:03:11.0146 3888 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
21:03:11.0162 3888 seclogon - ok
21:03:11.0256 3888 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
21:03:11.0271 3888 senfilt - ok
21:03:11.0302 3888 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
21:03:11.0302 3888 SENS - ok
21:03:11.0365 3888 Sentinel (d23fc3f409fdbb2a5c230abc137c4b45) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
21:03:11.0380 3888 Sentinel - ok
21:03:11.0427 3888 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:03:11.0443 3888 Serenum - ok
21:03:11.0490 3888 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
21:03:11.0521 3888 Serial - ok
21:03:11.0568 3888 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
21:03:11.0583 3888 sermouse - ok
21:03:11.0630 3888 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:03:11.0646 3888 Sfloppy - ok
21:03:11.0724 3888 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
21:03:11.0771 3888 SharedAccess - ok
21:03:11.0833 3888 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
21:03:11.0833 3888 ShellHWDetection - ok
21:03:11.0849 3888 Simbad - ok
21:03:11.0911 3888 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:03:11.0927 3888 SLIP - ok
21:03:11.0974 3888 smwdm (854786d53c11ea9842f51176b139bd4b) C:\WINDOWS\system32\drivers\smwdm.sys
21:03:12.0005 3888 smwdm - ok
21:03:12.0738 3888 SNP2STD (6426e28531423b9b088892c176de1b29) C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
21:03:13.0534 3888 SNP2STD - ok
21:03:13.0706 3888 Softmon (2b4e8ee0060e4a0d3a1c8d62fd518a43) C:\Program Files\LANDesk\LDCLient\softmon.exe
21:03:13.0784 3888 Softmon - ok
21:03:13.0893 3888 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
21:03:13.0956 3888 SoundMAX Agent Service (default) - ok
21:03:14.0049 3888 Sparrow - ok
21:03:14.0112 3888 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
21:03:14.0112 3888 splitter - ok
21:03:14.0174 3888 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
21:03:14.0174 3888 Spooler - ok
21:03:14.0268 3888 sptd (dbf3108ae213d1fdf615197c0cf0f9a9) C:\WINDOWS\System32\Drivers\sptd.sys
21:03:14.0346 3888 sptd - ok
21:03:14.0377 3888 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
21:03:14.0393 3888 sr - ok
21:03:14.0455 3888 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
21:03:14.0502 3888 srservice - ok
21:03:14.0580 3888 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
21:03:14.0658 3888 Srv - ok
21:03:14.0736 3888 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
21:03:14.0752 3888 SSDPSRV - ok
21:03:14.0830 3888 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
21:03:14.0892 3888 stisvc - ok
21:03:14.0939 3888 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:03:14.0955 3888 streamip - ok
21:03:15.0017 3888 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:03:15.0033 3888 swenum - ok
21:03:15.0080 3888 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
21:03:15.0080 3888 swmidi - ok
21:03:15.0095 3888 SwPrv - ok
21:03:15.0126 3888 symc810 - ok
21:03:15.0142 3888 symc8xx - ok
21:03:15.0345 3888 SymWSC (67c5af84809468061121fbcbecb19285) C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
21:03:15.0407 3888 SymWSC - ok
21:03:15.0423 3888 sym_hi - ok
21:03:15.0439 3888 sym_u3 - ok
21:03:15.0501 3888 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
21:03:15.0517 3888 sysaudio - ok
21:03:15.0595 3888 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
21:03:15.0626 3888 SysmonLog - ok
21:03:15.0720 3888 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
21:03:15.0735 3888 TapiSrv - ok
21:03:15.0829 3888 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:03:15.0891 3888 Tcpip - ok
21:03:15.0954 3888 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:03:15.0969 3888 TDPIPE - ok
21:03:16.0001 3888 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
21:03:16.0016 3888 TDTCP - ok
21:03:16.0079 3888 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:03:16.0094 3888 TermDD - ok
21:03:16.0125 3888 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
21:03:16.0141 3888 TermService - ok
21:03:16.0203 3888 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
21:03:16.0203 3888 Themes - ok
21:03:16.0281 3888 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
21:03:16.0313 3888 TlntSvr - ok
21:03:16.0375 3888 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\WINDOWS\system32\drivers\tmcomm.sys
21:03:16.0406 3888 tmcomm - ok
21:03:16.0594 3888 TmFilter (717e406972bbc07f8fb2a989416cab73) C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
21:03:16.0594 3888 TmFilter - ok
21:03:16.0687 3888 tmlisten (6b2addc5e9ad5bdbdf382d44345e1e7d) C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
21:03:16.0734 3888 tmlisten - ok
21:03:16.0765 3888 TmPreFilter (379c4f99994a56b66e11d1e32bb22a1c) C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
21:03:16.0765 3888 TmPreFilter - ok
21:03:16.0859 3888 TmProxy (b12a86329bfb0f04f7a5fc30f31608f5) C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
21:03:16.0890 3888 TmProxy - ok
21:03:17.0015 3888 tmtdi (08c7c93708f7c5b2d97547f1e8b213c5) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
21:03:17.0031 3888 tmtdi - ok
21:03:17.0062 3888 TosIde - ok
21:03:17.0124 3888 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
21:03:17.0156 3888 TrkWks - ok
21:03:17.0218 3888 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
21:03:17.0234 3888 Udfs - ok
21:03:17.0249 3888 ultra - ok
21:03:17.0312 3888 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
21:03:17.0312 3888 UMWdf - ok
21:03:17.0390 3888 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
21:03:17.0437 3888 Update - ok
21:03:17.0515 3888 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
21:03:17.0561 3888 upnphost - ok
21:03:17.0608 3888 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
21:03:17.0639 3888 UPS - ok
21:03:17.0686 3888 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:03:17.0717 3888 USBAAPL - ok
21:03:17.0764 3888 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:03:17.0796 3888 usbccgp - ok
21:03:17.0858 3888 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:03:17.0874 3888 usbehci - ok
21:03:17.0905 3888 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:03:17.0920 3888 usbhub - ok
21:03:17.0936 3888 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:03:17.0952 3888 usbohci - ok
21:03:17.0998 3888 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:03:18.0014 3888 usbprint - ok
21:03:18.0061 3888 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:03:18.0076 3888 usbscan - ok
21:03:18.0123 3888 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:03:18.0139 3888 USBSTOR - ok
21:03:18.0201 3888 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
21:03:18.0217 3888 VgaSave - ok
21:03:18.0233 3888 ViaIde - ok
21:03:18.0264 3888 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
21:03:18.0279 3888 VolSnap - ok
21:03:18.0482 3888 VSApiNt (642eb152cb980ad9181b2161066be629) C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
21:03:18.0498 3888 VSApiNt - ok
21:03:18.0607 3888 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
21:03:18.0638 3888 vsdatant - ok
21:03:18.0716 3888 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
21:03:18.0779 3888 VSS - ok
21:03:18.0857 3888 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
21:03:18.0904 3888 W32Time - ok
21:03:18.0982 3888 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:03:18.0997 3888 Wanarp - ok
21:03:19.0029 3888 WDICA - ok
21:03:19.0107 3888 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
21:03:19.0107 3888 wdmaud - ok
21:03:19.0153 3888 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
21:03:19.0185 3888 WebClient - ok
21:03:19.0278 3888 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:03:19.0310 3888 winmgmt - ok
21:03:19.0356 3888 wltrysvc - ok
21:03:19.0403 3888 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
21:03:19.0434 3888 WmdmPmSN - ok
21:03:19.0512 3888 Wmi (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
21:03:19.0544 3888 Wmi - ok
21:03:19.0559 3888 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:03:19.0575 3888 WmiAcpi - ok
21:03:19.0606 3888 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:03:19.0637 3888 WmiApSrv - ok
21:03:19.0715 3888 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:03:19.0731 3888 WS2IFSL - ok
21:03:19.0793 3888 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
21:03:19.0825 3888 wscsvc - ok
21:03:19.0871 3888 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:03:19.0887 3888 WSTCODEC - ok
21:03:19.0950 3888 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
21:03:19.0950 3888 wuauserv - ok
21:03:20.0137 3888 Wuser32 (4f739bb957986f7df55dc6545b86b6fd) C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
21:03:20.0137 3888 Wuser32 - ok
21:03:20.0230 3888 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
21:03:20.0246 3888 WZCSVC - ok
21:03:20.0324 3888 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
21:03:20.0355 3888 xmlprov - ok
21:03:20.0371 3888 Xyz777s - ok
21:03:20.0433 3888 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:03:20.0948 3888 \Device\Harddisk0\DR0 - ok
21:03:20.0964 3888 Boot (0x1200) (ef5e993ac013e4e5e1fdc31e21490a66) \Device\Harddisk0\DR0\Partition0
21:03:20.0964 3888 \Device\Harddisk0\DR0\Partition0 - ok
21:03:20.0980 3888 ============================================================
21:03:20.0980 3888 Scan finished
21:03:20.0980 3888 ============================================================
21:03:20.0995 4020 Detected object count: 0
21:03:20.0995 4020 Actual detected object count: 0
21:05:07.0337 3092 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-30 21:05:24
-----------------------------
21:05:24.834 OS Version: Windows 5.1.2600 Service Pack 2
21:05:24.834 Number of processors: 1 586 0x209
21:05:24.834 ComputerName: TTS-23143E21703 UserName: Rakesh
21:05:25.474 Initialize success
21:17:28.512 AVAST engine defs: 12073100
21:39:31.917 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:39:31.917 Disk 0 Vendor: ST9100823A 3.02 Size: 95396MB BusType: 3
21:39:32.011 Disk 0 MBR read successfully
21:39:32.011 Disk 0 MBR scan
21:39:32.058 Disk 0 Windows XP default MBR code
21:39:32.058 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95385 MB offset 63
21:39:32.074 Disk 0 scanning sectors +195350400
21:39:32.167 Disk 0 scanning C:\WINDOWS\system32\drivers
21:39:50.652 Service scanning
21:40:23.761 Modules scanning
21:40:33.089 Disk 0 trace - called modules:
21:40:33.105 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys atiide.sys PCIIDEX.SYS
21:40:33.105 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8052e8]
21:40:33.464 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\00000081[0x8a7692a0]
21:40:33.464 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7c5940]
21:40:33.933 AVAST engine scan C:\WINDOWS
21:41:05.699 AVAST engine scan C:\WINDOWS\system32
21:47:14.011 AVAST engine scan C:\WINDOWS\system32\drivers
21:48:10.589 AVAST engine scan C:\Documents and Settings\Rakesh
21:56:22.742 AVAST engine scan C:\Documents and Settings\All Users
21:58:08.593 Scan finished successfully
21:59:17.976 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rakesh\Desktop\MBR.dat"
21:59:17.992 The log file has been saved successfully to "C:\Documents and Settings\Rakesh\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 31 July 2012 - 12:16 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 02 August 2012 - 11:27 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 nirvanaandy

nirvanaandy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 03 August 2012 - 01:04 AM

Hi Gringo,
Please see below requested log.
yesterday when i tried to run combofix (by dragging the file)it said that the combofix was outdated and asked to download new one. After that it gave an error of kind and wouldn't run, even after restart. I downloaded combo fix again from previous link and ran again succesfuly




ComboFix 12-07-31.05 - Rakesh 08/02/2012 22:36:19.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1919.1483 [GMT -7:00]
Running from: c:\documents and settings\Rakesh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rakesh\Desktop\CFScript.txt
AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {36C23C57-71AF-490F-BCA8-BBF0638BE6A4}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Rakesh\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\Rakesh\Local Settings\temp\1.tmp\F_IN_BOX.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-07-29 18:27 . 2004-08-04 12:00 74752 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2012-07-29 18:27 . 2004-08-04 12:00 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-07-23 19:33 . 2012-07-28 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\6F63A59D02FC572ED9A03A97E56C3425
2012-07-19 17:44 . 2012-07-19 17:44 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 20:46 . 2011-06-22 03:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 17:17 . 2012-05-21 01:07 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-22 02:11 . 2007-08-14 17:50 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-29_18.44.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-03 05:43 . 2012-08-03 05:43 16384 c:\windows\Temp\Perflib_Perfdata_73c.dat
+ 2012-07-31 03:55 . 2012-07-31 03:55 2022 c:\windows\SoftwareDistribution\EventCache\{EB96D98D-545B-43D8-9824-0C06AC7E9F1C}.bin
+ 2012-08-03 05:47 . 2012-08-03 05:47 348160 c:\windows\Installer\2da6b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rakesh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rakesh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rakesh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Rakesh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-16 335872]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-12 710000]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"DIRECT!"="c:\program files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe" [2004-09-02 98304]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"IntelAPMClient"="c:\program files\LANDesk\LDCLient\amclient.exe" [2007-06-12 327680]
"SDClientMonitor"="c:\program files\LANDesk\LDCLient\webportal\sdclientmonitor.exe" [2006-11-01 258048]
"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2010-05-05 770728]
"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2010-05-05 148280]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-29 1485208]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-01-06 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
.
c:\documents and settings\Rakesh\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Rakesh\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 15:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-03-22 02:11 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prolific_OneButton]
2004-06-10 00:00 49152 ----a-r- c:\program files\Prolific\One Button\OneBtn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-12-21 21:31 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Belkin\\Router Setup and Monitor\\BelkinSetup.exe"=
"c:\\Documents and Settings\\Rakesh\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [11/15/2005 2:33 PM 5632]
R2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [1/9/2007 12:03 PM 122880]
R2 iPCAgent;iPCAgent;c:\program files\iPass\iPassConnect\iPCAgent.exe [1/19/2006 7:06 PM 90112]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [6/10/2011 3:46 PM 193192]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\SoftMon.exe [1/4/2008 1:37 PM 266240]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2/18/2005 6:04 PM 262416]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [2/18/2005 6:04 PM 36624]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [7/17/2006 9:29 AM 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [7/17/2006 9:29 AM 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [7/17/2006 9:29 AM 3712]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [8/28/2007 1:45 AM 575064]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/18/2005 12:45 PM 30192]
S3 Intel Remote Control Helper;Intel Remote Control Helper;c:\windows\system32\drivers\rch.sys [11/15/2005 3:37 PM 49972]
S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [2/15/2006 10:56 AM 851341]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/20/2012 6:07 PM 113120]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/16/2005 11:54 AM 664064]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Xyz777s
s3savagemx
MTsensor
msftpsvc
acdservice
REVOSENS
LXARScan
R300
mwsarcpkt
lvprcsrv
bc_prt_f
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1292428093-839522115-1003Core.job
- c:\documents and settings\Rakesh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-15 23:07]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1292428093-839522115-1003UA.job
- c:\documents and settings\Rakesh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-15 23:07]
.
2012-08-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-11-15 02:38]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: employee.com\t-mobile
Trusted Zone: gsm1900.org
Trusted Zone: t-mobile.com
Trusted Zone: tmomail.net
Trusted Zone: voicestream.com
TCP: DhcpNameServer = 192.168.2.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rakesh\Application Data\Mozilla\Firefox\Profiles\n5rm45ey.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-02 22:45
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\drivers\tsk1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\00\0f\04!\08t"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3368)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\documents and settings\Rakesh\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LANDesk\LDClient\LocalSch.EXE
c:\windows\system32\CBA\pds.exe
c:\program files\LANDesk\LDCLient\tmcsvc.exe
c:\progra~1\LANDesk\LDCLient\issuser.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxeacoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\oracle\ora92\bin\omtsreco.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Dantz\Retrospect\retrorun.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\LANDesk\LDCLient\rcgui.exe
c:\progra~1\LANDesk\LDClient\collector.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\bcmntray.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\TREND MICRO\OFFICESCAN CLIENT\0FCD0G.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
.
**************************************************************************
.
Completion time: 2012-08-02 22:51:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-03 05:51
ComboFix2.txt 2012-07-29 18:52
.
Pre-Run: 18,567,819,264 bytes free
Post-Run: 18,629,623,808 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9D9A9A3A404C1A12C98A1A2062952E25

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 03 August 2012 - 01:07 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8.2.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 31
Java™ SE Runtime Environment 6 Update 1
Vuze
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 nirvanaandy

nirvanaandy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 05 August 2012 - 02:18 PM

Hi Gringo, Please see below requested logs.
I noticed that i did get redirected one more time when i clicked on "bleeping computer" search result link in google results (firefox).
It was a fashion website.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.05.07

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Rakesh :: TTS-23143E21703 [administrator]

8/5/2012 11:51:18 AM
mbam-log-2012-08-05 (11-51-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250057
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:15:14 PM, on 8/5/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exe
C:\WINDOWS\system32\lxeacoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\LANDesk\LDCLient\softmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe
C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\WINDOWS\tsnp2std.exe
C:\PROGRAM FILES\TREND MICRO\OFFICESCAN CLIENT\0FCD0G.EXE
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Rakesh\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Rakesh\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DIRECT!] C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [lxeamon.exe] "C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark S300-S400 Series\ezprint.exe"
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1292428093-179605362-682003330-308217\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1292428093-179605362-682003330-325478\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Rakesh\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.gsm1900.org (HKLM)
O15 - Trusted Zone: *.t-mobile.com (HKLM)
O15 - Trusted Zone: *.tmomail.net (HKLM)
O15 - Trusted Zone: *.voicestream.com (HKLM)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gsm1900.org
O17 - HKLM\Software\..\Telephony: DomainName = gsm1900.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gsm1900.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gsm1900.org
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: lxeaCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe
O23 - Service: lxea_device - - C:\WINDOWS\system32\lxeacoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - c:\oracle\ora92\bin\omtsreco.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Reflection Line Printer Daemon - WRQ, Inc. - C:\Program Files\Reflection\lpdserv.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 12895 bytes

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 05 August 2012 - 03:57 PM

Greetings


  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
      O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Rakesh\Application Data\Dropbox\bin\Dropbox.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 nirvanaandy

nirvanaandy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 07 August 2012 - 11:11 AM

Hi Gringo, Please see requested logs below,

C:\Documents and Settings\Rakesh\Local Settings\Application Data\{88319AAC-9490-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{48A37694-8FCE-4757-BB77-9659AF7FC483}\RP1\A0000037.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{48A37694-8FCE-4757-BB77-9659AF7FC483}\RP1\A0000108.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{48A37694-8FCE-4757-BB77-9659AF7FC483}\RP1\A0000231.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{48A37694-8FCE-4757-BB77-9659AF7FC483}\RP1\A0001231.sys Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\02.05.2012_20.17.26\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 07 August 2012 - 06:19 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\Documents and Settings\Rakesh\Local Settings\Application Data\{88319AAC-9490-11E1-826D-B8AC6F996F26}\"
    rd /s /q "C:\TDSSKiller_Quarantine\"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 nirvanaandy

nirvanaandy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 09 August 2012 - 01:21 AM

Gringo, Thank you for your patience and immense help. I am installing all the security software mentioned.
Again thanks for your help.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 09 August 2012 - 09:12 AM

you are more than welcome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users