Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
19 replies to this topic

#1 Jenny77

Jenny77

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 31 July 2012 - 07:30 AM

Hi, a friend gave me a site to go to the other day. There were pop up ads and my Antivirus alerted me with a virus or something. It did scan and move said item to quarantine. Even though it did say that it caught it, I have been getting redirects when I go to search anything on Google. Also when I do run my Cleanup program to remove cookies and prefetch files it has been warning me each time that one or more browsers has been detected. It doesn't normally do this and I don't have any browsers open at the time.

I have ran another Virus scan and nothing new has shown up. Though I still get the redirects. Also, I did get help from here earlier this year when I had a Root kit and Google redirects. However, I still have a folder in my C drive called TDSSKiller_Quarantine. My anti-virus always picks this folder and its files up and I just leave it alone. I was wondering if I am to leave that alone or is it ok to let my anti-virus move it to its quarantine?




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jenny at 5:02:47 on 2012-07-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2650 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [bngpys] rundll32.exe "c:\documents and settings\jenny\application data\bngpys.dll",GetHtmlCharset
mRun: [dlsqos] "c:\windows\system32\rundll32.exe" "c:\documents and settings\jenny\application data\dlsqos.dll",_InPlaceRepeat
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\jenny\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7477FDD4-1F0A-4473-96C6-E32B0F5BC05E} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jenny\application data\mozilla\firefox\profiles\3jrbzezj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://pmh.bingstart.com/s/?src=FF-Address&site=Bing&cfg=2-207-0-1FcBG&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\jenny\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\jenny\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-23 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-4-23 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-4-23 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-23 83392]
R3 JSWSCIMD;JSWSCIMD;c:\windows\system32\drivers\jswscimd.sys [2010-3-6 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-9-30 453120]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-2-26 2253120]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120]
.
=============== Created Last 30 ================
.
2012-07-28 16:49:34 -------- d-----w- c:\documents and settings\jenny\local settings\application data\{3A7B2C11-D8D4-11E1-8270-B8AC6F996F26}
2012-07-28 16:49:30 436224 ----a-w- c:\documents and settings\jenny\application data\dlsqos.dll
2012-07-28 16:48:38 131584 ----a-w- c:\documents and settings\jenny\application data\bngpys.dll
2012-07-21 14:31:28 -------- d-----w- c:\documents and settings\jenny\local settings\application data\Facebook
.
==================== Find3M ====================
.
2012-07-30 09:44:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-30 09:44:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-08 16:17:51 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 5:03:17.00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:30 PM

Posted 01 August 2012 - 02:26 PM

Hello and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)

For now, leave the TDSSKiller folder as it is.


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: Do not choose Cure or Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 Jenny77

Jenny77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 02 August 2012 - 09:09 AM

Hello!!! Thank you very much for helping! My computer seems to be running fine. It's not really caused me any problems except for the ones mentioned above. Since running these programs it does seem to be running faster now though. :-)










09:32:12.0281 3460 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:32:12.0593 3460 ============================================================
09:32:12.0593 3460 Current date / time: 2012/08/02 09:32:12.0593
09:32:12.0593 3460 SystemInfo:
09:32:12.0593 3460
09:32:12.0593 3460 OS Version: 5.1.2600 ServicePack: 3.0
09:32:12.0593 3460 Product type: Workstation
09:32:12.0593 3460 ComputerName: JENNY-675848FCA
09:32:12.0593 3460 UserName: Jenny
09:32:12.0593 3460 Windows directory: C:\WINDOWS
09:32:12.0593 3460 System windows directory: C:\WINDOWS
09:32:12.0593 3460 Processor architecture: Intel x86
09:32:12.0593 3460 Number of processors: 2
09:32:12.0593 3460 Page size: 0x1000
09:32:12.0593 3460 Boot type: Normal boot
09:32:12.0593 3460 ============================================================
09:32:14.0031 3460 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:32:14.0078 3460 ============================================================
09:32:14.0078 3460 \Device\Harddisk0\DR0:
09:32:14.0078 3460 MBR partitions:
09:32:14.0078 3460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x57541401
09:32:14.0078 3460 ============================================================
09:32:14.0093 3460 C: <-> \Device\Harddisk0\DR0\Partition0
09:32:14.0109 3460 ============================================================
09:32:14.0109 3460 Initialize success
09:32:14.0109 3460 ============================================================
09:32:19.0515 0552 ============================================================
09:32:19.0515 0552 Scan started
09:32:19.0515 0552 Mode: Manual;
09:32:19.0515 0552 ============================================================
09:32:19.0703 0552 Abiosdsk - ok
09:32:19.0703 0552 abp480n5 - ok
09:32:19.0765 0552 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:32:19.0765 0552 ACPI - ok
09:32:19.0796 0552 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:32:19.0796 0552 ACPIEC - ok
09:32:19.0843 0552 ACS (8cddbfcdac7226fe0202c7338107725b) C:\WINDOWS\system32\acs.exe
09:32:19.0859 0552 ACS - ok
09:32:19.0937 0552 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:32:19.0953 0552 AdobeFlashPlayerUpdateSvc - ok
09:32:19.0953 0552 adpu160m - ok
09:32:19.0968 0552 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:32:19.0984 0552 aec - ok
09:32:20.0046 0552 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:32:20.0046 0552 AFD - ok
09:32:20.0046 0552 Aha154x - ok
09:32:20.0062 0552 aic78u2 - ok
09:32:20.0062 0552 aic78xx - ok
09:32:20.0093 0552 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:32:20.0109 0552 Alerter - ok
09:32:20.0125 0552 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:32:20.0125 0552 ALG - ok
09:32:20.0125 0552 AliIde - ok
09:32:20.0125 0552 amsint - ok
09:32:20.0218 0552 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
09:32:20.0218 0552 AntiVirSchedulerService - ok
09:32:20.0250 0552 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
09:32:20.0265 0552 AntiVirService - ok
09:32:20.0281 0552 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:32:20.0296 0552 AppMgmt - ok
09:32:20.0296 0552 asc - ok
09:32:20.0296 0552 asc3350p - ok
09:32:20.0296 0552 asc3550 - ok
09:32:20.0328 0552 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:32:20.0343 0552 aspnet_state - ok
09:32:20.0359 0552 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:32:20.0375 0552 AsyncMac - ok
09:32:20.0375 0552 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:32:20.0375 0552 atapi - ok
09:32:20.0375 0552 Atdisk - ok
09:32:20.0390 0552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:32:20.0390 0552 Atmarpc - ok
09:32:20.0437 0552 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:32:20.0437 0552 AudioSrv - ok
09:32:20.0484 0552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:32:20.0484 0552 audstub - ok
09:32:20.0484 0552 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:32:20.0500 0552 avgntflt - ok
09:32:20.0500 0552 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:32:20.0515 0552 avipbb - ok
09:32:20.0515 0552 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
09:32:20.0515 0552 avkmgr - ok
09:32:20.0562 0552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:32:20.0562 0552 Beep - ok
09:32:20.0640 0552 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:32:20.0687 0552 BITS - ok
09:32:20.0718 0552 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:32:20.0734 0552 Browser - ok
09:32:20.0765 0552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:32:20.0765 0552 cbidf2k - ok
09:32:20.0781 0552 cd20xrnt - ok
09:32:20.0796 0552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:32:20.0796 0552 Cdaudio - ok
09:32:20.0812 0552 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:32:20.0812 0552 Cdfs - ok
09:32:20.0828 0552 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:32:20.0828 0552 Cdrom - ok
09:32:20.0828 0552 Changer - ok
09:32:20.0859 0552 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:32:20.0859 0552 CiSvc - ok
09:32:20.0921 0552 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:32:20.0921 0552 ClipSrv - ok
09:32:20.0937 0552 clr_optimization_v2.0.50727_32 (7fa87325900183197bc9710d1ce4c9fa) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:32:20.0953 0552 clr_optimization_v2.0.50727_32 - ok
09:32:20.0953 0552 CmdIde - ok
09:32:20.0953 0552 COMSysApp - ok
09:32:20.0968 0552 Cpqarray - ok
09:32:21.0000 0552 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:32:21.0000 0552 CryptSvc - ok
09:32:21.0015 0552 dac2w2k - ok
09:32:21.0015 0552 dac960nt - ok
09:32:21.0031 0552 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:32:21.0031 0552 DcomLaunch - ok
09:32:21.0093 0552 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:32:21.0093 0552 Dhcp - ok
09:32:21.0093 0552 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:32:21.0109 0552 Disk - ok
09:32:21.0109 0552 dmadmin - ok
09:32:21.0156 0552 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:32:21.0187 0552 dmboot - ok
09:32:21.0187 0552 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:32:21.0203 0552 dmio - ok
09:32:21.0203 0552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:32:21.0203 0552 dmload - ok
09:32:21.0234 0552 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:32:21.0234 0552 dmserver - ok
09:32:21.0250 0552 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:32:21.0265 0552 DMusic - ok
09:32:21.0281 0552 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
09:32:21.0296 0552 DNINDIS5 - ok
09:32:21.0296 0552 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:32:21.0312 0552 Dnscache - ok
09:32:21.0375 0552 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:32:21.0390 0552 Dot3svc - ok
09:32:21.0390 0552 dpti2o - ok
09:32:21.0390 0552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:32:21.0390 0552 drmkaud - ok
09:32:21.0437 0552 e1express (da1d21bb7d9b06c64275564f8e86c94e) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
09:32:21.0437 0552 e1express - ok
09:32:21.0468 0552 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:32:21.0468 0552 EapHost - ok
09:32:21.0500 0552 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:32:21.0515 0552 ERSvc - ok
09:32:21.0515 0552 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:32:21.0531 0552 Eventlog - ok
09:32:21.0593 0552 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:32:21.0593 0552 EventSystem - ok
09:32:21.0640 0552 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:32:21.0640 0552 Fastfat - ok
09:32:21.0687 0552 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:32:21.0703 0552 FastUserSwitchingCompatibility - ok
09:32:21.0703 0552 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:32:21.0703 0552 Fdc - ok
09:32:21.0718 0552 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:32:21.0718 0552 Fips - ok
09:32:21.0718 0552 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:32:21.0734 0552 Flpydisk - ok
09:32:21.0765 0552 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:32:21.0765 0552 FltMgr - ok
09:32:21.0843 0552 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:32:21.0859 0552 FontCache3.0.0.0 - ok
09:32:21.0875 0552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:32:21.0890 0552 Fs_Rec - ok
09:32:21.0890 0552 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:32:21.0906 0552 Ftdisk - ok
09:32:21.0953 0552 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:32:21.0953 0552 Gpc - ok
09:32:21.0968 0552 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:32:21.0968 0552 HDAudBus - ok
09:32:22.0000 0552 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:32:22.0000 0552 helpsvc - ok
09:32:22.0000 0552 HidServ - ok
09:32:22.0015 0552 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:32:22.0031 0552 hidusb - ok
09:32:22.0062 0552 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:32:22.0078 0552 hkmsvc - ok
09:32:22.0078 0552 hpn - ok
09:32:22.0093 0552 HSFHWBS2 (663b895c3f8464339eacd1d9cf69d661) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:32:22.0109 0552 HSFHWBS2 - ok
09:32:22.0171 0552 HSF_DPV (7340b4d13875c413a6229bba8e4913ca) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
09:32:22.0187 0552 HSF_DPV - ok
09:32:22.0250 0552 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:32:22.0250 0552 HTTP - ok
09:32:22.0312 0552 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:32:22.0312 0552 HTTPFilter - ok
09:32:22.0312 0552 i2omgmt - ok
09:32:22.0312 0552 i2omp - ok
09:32:22.0312 0552 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
09:32:22.0328 0552 i8042prt - ok
09:32:22.0421 0552 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:32:22.0453 0552 idsvc - ok
09:32:22.0453 0552 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:32:22.0468 0552 Imapi - ok
09:32:22.0500 0552 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:32:22.0500 0552 ImapiService - ok
09:32:22.0500 0552 ini910u - ok
09:32:22.0750 0552 IntcAzAudAddService (dbc702fbc70dc58d9122ce56eadbd659) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:32:22.0765 0552 IntcAzAudAddService - ok
09:32:22.0843 0552 IntelIde - ok
09:32:22.0875 0552 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:32:22.0875 0552 intelppm - ok
09:32:22.0890 0552 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:32:22.0890 0552 Ip6Fw - ok
09:32:22.0921 0552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:32:22.0921 0552 IpFilterDriver - ok
09:32:22.0921 0552 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:32:22.0937 0552 IpInIp - ok
09:32:22.0968 0552 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:32:22.0968 0552 IpNat - ok
09:32:22.0968 0552 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:32:22.0968 0552 IPSec - ok
09:32:23.0000 0552 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:32:23.0000 0552 IRENUM - ok
09:32:23.0031 0552 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:32:23.0031 0552 isapnp - ok
09:32:23.0187 0552 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
09:32:23.0187 0552 JavaQuickStarterService - ok
09:32:23.0281 0552 jswpsapi (396c4dbcf101bed7487219025ffdbf75) C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
09:32:23.0296 0552 jswpsapi - ok
09:32:23.0328 0552 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
09:32:23.0328 0552 JSWSCIMD - ok
09:32:23.0359 0552 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:32:23.0375 0552 Kbdclass - ok
09:32:23.0375 0552 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:32:23.0375 0552 kbdhid - ok
09:32:23.0406 0552 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:32:23.0406 0552 kmixer - ok
09:32:23.0437 0552 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:32:23.0437 0552 KSecDD - ok
09:32:23.0484 0552 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:32:23.0484 0552 lanmanserver - ok
09:32:23.0531 0552 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:32:23.0546 0552 lanmanworkstation - ok
09:32:23.0546 0552 lbrtfdc - ok
09:32:23.0562 0552 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:32:23.0562 0552 LmHosts - ok
09:32:23.0562 0552 LVUSBSta - ok
09:32:23.0609 0552 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:32:23.0625 0552 mdmxsdk - ok
09:32:23.0640 0552 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:32:23.0640 0552 Messenger - ok
09:32:23.0656 0552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:32:23.0671 0552 mnmdd - ok
09:32:23.0671 0552 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:32:23.0687 0552 mnmsrvc - ok
09:32:23.0687 0552 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:32:23.0687 0552 Modem - ok
09:32:23.0687 0552 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:32:23.0687 0552 Mouclass - ok
09:32:23.0718 0552 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:32:23.0718 0552 mouhid - ok
09:32:23.0734 0552 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:32:23.0734 0552 MountMgr - ok
09:32:23.0781 0552 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:32:23.0781 0552 MozillaMaintenance - ok
09:32:23.0781 0552 mraid35x - ok
09:32:23.0796 0552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:32:23.0812 0552 MRxDAV - ok
09:32:23.0859 0552 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:32:23.0875 0552 MRxSmb - ok
09:32:23.0921 0552 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:32:23.0921 0552 MSDTC - ok
09:32:23.0921 0552 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:32:23.0937 0552 Msfs - ok
09:32:23.0937 0552 MSIServer - ok
09:32:23.0953 0552 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:32:23.0953 0552 MSKSSRV - ok
09:32:23.0968 0552 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:32:23.0968 0552 MSPCLOCK - ok
09:32:23.0968 0552 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:32:23.0968 0552 MSPQM - ok
09:32:23.0968 0552 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:32:23.0968 0552 mssmbios - ok
09:32:24.0000 0552 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:32:24.0015 0552 Mup - ok
09:32:24.0031 0552 NAL (d20f1a578bf5334348e9cac730829a22) C:\WINDOWS\system32\Drivers\iqvw32.sys
09:32:24.0031 0552 NAL - ok
09:32:24.0125 0552 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:32:24.0125 0552 napagent - ok
09:32:24.0140 0552 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:32:24.0156 0552 NDIS - ok
09:32:24.0156 0552 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:32:24.0156 0552 NdisTapi - ok
09:32:24.0187 0552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:32:24.0187 0552 Ndisuio - ok
09:32:24.0187 0552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:32:24.0203 0552 NdisWan - ok
09:32:24.0218 0552 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:32:24.0234 0552 NDProxy - ok
09:32:24.0343 0552 Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
09:32:24.0359 0552 Nero BackItUp Scheduler 3 - ok
09:32:24.0359 0552 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:32:24.0375 0552 NetBIOS - ok
09:32:24.0406 0552 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:32:24.0421 0552 NetBT - ok
09:32:24.0453 0552 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:32:24.0468 0552 NetDDE - ok
09:32:24.0468 0552 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:32:24.0468 0552 NetDDEdsdm - ok
09:32:24.0500 0552 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:32:24.0500 0552 Netlogon - ok
09:32:24.0562 0552 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:32:24.0578 0552 Netman - ok
09:32:24.0656 0552 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:32:24.0671 0552 NetTcpPortSharing - ok
09:32:24.0718 0552 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:32:24.0718 0552 Nla - ok
09:32:24.0843 0552 NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
09:32:24.0859 0552 NMIndexingService - ok
09:32:24.0906 0552 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:32:24.0906 0552 Npfs - ok
09:32:24.0921 0552 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:32:24.0937 0552 Ntfs - ok
09:32:24.0937 0552 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:32:24.0937 0552 NtLmSsp - ok
09:32:25.0000 0552 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:32:25.0015 0552 NtmsSvc - ok
09:32:25.0046 0552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:32:25.0046 0552 Null - ok
09:32:25.0609 0552 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:32:25.0781 0552 nv - ok
09:32:25.0906 0552 nvsvc (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe
09:32:25.0921 0552 nvsvc - ok
09:32:26.0078 0552 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
09:32:26.0125 0552 nvUpdatusService - ok
09:32:26.0187 0552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:32:26.0187 0552 NwlnkFlt - ok
09:32:26.0203 0552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:32:26.0218 0552 NwlnkFwd - ok
09:32:26.0250 0552 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:32:26.0265 0552 Parport - ok
09:32:26.0265 0552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:32:26.0265 0552 PartMgr - ok
09:32:26.0296 0552 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:32:26.0296 0552 ParVdm - ok
09:32:26.0296 0552 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:32:26.0312 0552 PCI - ok
09:32:26.0328 0552 PCIDump - ok
09:32:26.0359 0552 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:32:26.0359 0552 PCIIde - ok
09:32:26.0375 0552 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:32:26.0390 0552 Pcmcia - ok
09:32:26.0390 0552 PDCOMP - ok
09:32:26.0390 0552 PDFRAME - ok
09:32:26.0390 0552 PDRELI - ok
09:32:26.0390 0552 PDRFRAME - ok
09:32:26.0406 0552 perc2 - ok
09:32:26.0406 0552 perc2hib - ok
09:32:26.0406 0552 PID_0928 - ok
09:32:26.0453 0552 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
09:32:26.0453 0552 PLFlash DeviceIoControl Service - ok
09:32:26.0500 0552 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:32:26.0500 0552 PlugPlay - ok
09:32:26.0546 0552 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:32:26.0546 0552 PolicyAgent - ok
09:32:26.0562 0552 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:32:26.0562 0552 PptpMiniport - ok
09:32:26.0609 0552 PRISM_A02 (cc6d9f85df0f35c8fe8508a8172fb41e) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
09:32:26.0609 0552 PRISM_A02 - ok
09:32:26.0625 0552 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:32:26.0625 0552 ProtectedStorage - ok
09:32:26.0625 0552 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:32:26.0625 0552 PSched - ok
09:32:26.0656 0552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:32:26.0656 0552 Ptilink - ok
09:32:26.0656 0552 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:32:26.0671 0552 PxHelp20 - ok
09:32:26.0671 0552 ql1080 - ok
09:32:26.0671 0552 Ql10wnt - ok
09:32:26.0671 0552 ql12160 - ok
09:32:26.0671 0552 ql1240 - ok
09:32:26.0671 0552 ql1280 - ok
09:32:26.0703 0552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:32:26.0703 0552 RasAcd - ok
09:32:26.0750 0552 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:32:26.0750 0552 RasAuto - ok
09:32:26.0781 0552 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:32:26.0781 0552 Rasl2tp - ok
09:32:26.0843 0552 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:32:26.0843 0552 RasMan - ok
09:32:26.0843 0552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:32:26.0859 0552 RasPppoe - ok
09:32:26.0859 0552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:32:26.0859 0552 Raspti - ok
09:32:26.0859 0552 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:32:26.0875 0552 Rdbss - ok
09:32:26.0890 0552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:32:26.0890 0552 RDPCDD - ok
09:32:26.0890 0552 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:32:26.0906 0552 rdpdr - ok
09:32:26.0968 0552 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
09:32:26.0968 0552 RDPWD - ok
09:32:27.0015 0552 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:32:27.0015 0552 RDSessMgr - ok
09:32:27.0046 0552 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:32:27.0046 0552 redbook - ok
09:32:27.0093 0552 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:32:27.0093 0552 RemoteAccess - ok
09:32:27.0125 0552 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:32:27.0140 0552 RemoteRegistry - ok
09:32:27.0171 0552 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:32:27.0171 0552 RpcLocator - ok
09:32:27.0218 0552 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
09:32:27.0218 0552 RpcSs - ok
09:32:27.0265 0552 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:32:27.0265 0552 RSVP - ok
09:32:27.0265 0552 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:32:27.0265 0552 SamSs - ok
09:32:27.0281 0552 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:32:27.0296 0552 SCardSvr - ok
09:32:27.0328 0552 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:32:27.0343 0552 Schedule - ok
09:32:27.0375 0552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:32:27.0375 0552 Secdrv - ok
09:32:27.0406 0552 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:32:27.0421 0552 seclogon - ok
09:32:27.0421 0552 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:32:27.0437 0552 SENS - ok
09:32:27.0437 0552 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:32:27.0453 0552 Serial - ok
09:32:27.0453 0552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:32:27.0468 0552 Sfloppy - ok
09:32:27.0484 0552 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:32:27.0484 0552 SharedAccess - ok
09:32:27.0531 0552 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:32:27.0531 0552 ShellHWDetection - ok
09:32:27.0531 0552 Simbad - ok
09:32:27.0640 0552 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files\Skype\Updater\Updater.exe
09:32:27.0671 0552 SkypeUpdate - ok
09:32:27.0718 0552 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:32:27.0718 0552 SLIP - ok
09:32:27.0718 0552 Sparrow - ok
09:32:27.0718 0552 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:32:27.0718 0552 splitter - ok
09:32:27.0734 0552 Spooler - ok
09:32:27.0750 0552 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:32:27.0750 0552 sr - ok
09:32:27.0765 0552 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:32:27.0765 0552 srservice - ok
09:32:27.0812 0552 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:32:27.0812 0552 Srv - ok
09:32:27.0859 0552 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:32:27.0875 0552 SSDPSRV - ok
09:32:27.0921 0552 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:32:27.0921 0552 ssmdrv - ok
09:32:27.0953 0552 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:32:27.0968 0552 stisvc - ok
09:32:28.0000 0552 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:32:28.0000 0552 swenum - ok
09:32:28.0000 0552 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:32:28.0015 0552 swmidi - ok
09:32:28.0015 0552 SwPrv - ok
09:32:28.0015 0552 symc810 - ok
09:32:28.0015 0552 symc8xx - ok
09:32:28.0015 0552 sym_hi - ok
09:32:28.0031 0552 sym_u3 - ok
09:32:28.0031 0552 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:32:28.0046 0552 sysaudio - ok
09:32:28.0062 0552 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:32:28.0078 0552 SysmonLog - ok
09:32:28.0109 0552 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:32:28.0125 0552 TapiSrv - ok
09:32:28.0187 0552 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:32:28.0203 0552 Tcpip - ok
09:32:28.0234 0552 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:32:28.0234 0552 TDPIPE - ok
09:32:28.0234 0552 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:32:28.0250 0552 TDTCP - ok
09:32:28.0265 0552 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:32:28.0265 0552 TermDD - ok
09:32:28.0296 0552 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:32:28.0296 0552 TermService - ok
09:32:28.0312 0552 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:32:28.0312 0552 Themes - ok
09:32:28.0343 0552 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:32:28.0343 0552 TlntSvr - ok
09:32:28.0343 0552 TosIde - ok
09:32:28.0359 0552 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:32:28.0359 0552 TrkWks - ok
09:32:28.0375 0552 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:32:28.0375 0552 Udfs - ok
09:32:28.0375 0552 ultra - ok
09:32:28.0406 0552 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:32:28.0421 0552 Update - ok
09:32:28.0453 0552 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:32:28.0468 0552 upnphost - ok
09:32:28.0500 0552 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:32:28.0500 0552 UPS - ok
09:32:28.0515 0552 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:32:28.0515 0552 usbccgp - ok
09:32:28.0531 0552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:32:28.0546 0552 usbehci - ok
09:32:28.0546 0552 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:32:28.0546 0552 usbhub - ok
09:32:28.0578 0552 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:32:28.0578 0552 usbprint - ok
09:32:28.0609 0552 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:32:28.0609 0552 usbstor - ok
09:32:28.0625 0552 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:32:28.0625 0552 usbuhci - ok
09:32:28.0640 0552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:32:28.0640 0552 VgaSave - ok
09:32:28.0640 0552 ViaIde - ok
09:32:28.0656 0552 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:32:28.0656 0552 VolSnap - ok
09:32:28.0687 0552 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:32:28.0703 0552 VSS - ok
09:32:28.0734 0552 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:32:28.0734 0552 W32Time - ok
09:32:28.0750 0552 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:32:28.0750 0552 Wanarp - ok
09:32:28.0750 0552 WDICA - ok
09:32:28.0765 0552 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:32:28.0765 0552 wdmaud - ok
09:32:28.0781 0552 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:32:28.0781 0552 WebClient - ok
09:32:28.0859 0552 winachsf (8adcd6078affc4c81f3c3ebb1e9e3a2b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:32:28.0875 0552 winachsf - ok
09:32:28.0984 0552 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:32:28.0984 0552 winmgmt - ok
09:32:29.0031 0552 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:32:29.0031 0552 WmdmPmSN - ok
09:32:29.0093 0552 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:32:29.0109 0552 Wmi - ok
09:32:29.0125 0552 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:32:29.0140 0552 WmiApSrv - ok
09:32:29.0265 0552 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:32:29.0296 0552 WMPNetworkSvc - ok
09:32:29.0390 0552 WN111v2 (93ea7d94959bef66d0e4adbc8ce4e073) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
09:32:29.0406 0552 WN111v2 - ok
09:32:29.0437 0552 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:32:29.0437 0552 WpdUsb - ok
09:32:29.0453 0552 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:32:29.0468 0552 WS2IFSL - ok
09:32:29.0500 0552 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:32:29.0515 0552 wscsvc - ok
09:32:29.0562 0552 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
09:32:29.0562 0552 WSIMD - ok
09:32:29.0562 0552 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:32:29.0593 0552 wuauserv - ok
09:32:29.0609 0552 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:32:29.0609 0552 WudfPf - ok
09:32:29.0625 0552 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:32:29.0625 0552 WudfRd - ok
09:32:29.0656 0552 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:32:29.0656 0552 WudfSvc - ok
09:32:29.0734 0552 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:32:29.0734 0552 WZCSVC - ok
09:32:29.0765 0552 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:32:29.0781 0552 xmlprov - ok
09:32:29.0796 0552 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:32:30.0062 0552 \Device\Harddisk0\DR0 - ok
09:32:30.0062 0552 Boot (0x1200) (a6544cca4e8351f66cd4dd7bfd67541c) \Device\Harddisk0\DR0\Partition0
09:32:30.0062 0552 \Device\Harddisk0\DR0\Partition0 - ok
09:32:30.0062 0552 ============================================================
09:32:30.0062 0552 Scan finished
09:32:30.0062 0552 ============================================================
09:32:30.0078 0172 Detected object count: 0
09:32:30.0078 0172 Actual detected object count: 0
09:33:27.0453 0976 Deinitialize success

Edited by Jenny77, 02 August 2012 - 09:19 AM.


#4 Jenny77

Jenny77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 02 August 2012 - 09:11 AM

ComboFix 12-07-31.03 - Jenny 08/02/2012 9:43.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2741 [GMT -4:00]
Running from: c:\documents and settings\Jenny\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1267197353
c:\documents and settings\Jenny\Application Data\bngpys.dll
c:\documents and settings\Jenny\Application Data\dlsqos.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-07-28 16:49 . 2012-07-28 16:49 -------- d-----w- c:\documents and settings\Jenny\Local Settings\Application Data\{3A7B2C11-D8D4-11E1-8270-B8AC6F996F26}
2012-07-21 14:31 . 2012-07-21 14:31 -------- d-----w- c:\documents and settings\Jenny\Local Settings\Application Data\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-30 09:44 . 2012-04-09 11:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-30 09:44 . 2011-05-16 22:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-04 04:17 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2009-08-19 22:07 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 05:56 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 05:56 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-12-20 20:35 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2009-12-20 20:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-12-20 20:35 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2009-12-20 20:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2009-12-20 20:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-04 05:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2009-12-20 20:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2009-12-20 20:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-02-28 14:05 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-02-28 14:05 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2010-02-28 14:05 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 05:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 05:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2010-04-18 10:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2004-08-04 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-04 03:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-08 16:17 . 2012-04-23 07:42 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 16:17 . 2012-04-23 07:42 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-19 11:51 . 2012-04-05 07:55 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-28 13:46 . 2010-07-26 07:25 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jenny^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\documents and settings\Jenny\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-21 14:31 138096 ----atw- c:\documents and settings\Jenny\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 20:39 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Electronic Arts\\BioWare\\Star Wars - The Old Republic\\launcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Jenny\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Documents and Settings\\Jenny\\Local Settings\\Apps\\2.0\\MVVCC89N.DH7\\6AVCCHV1.5OO\\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [4/23/2012 3:42 AM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/23/2012 3:42 AM 86224]
R3 JSWSCIMD;JSWSCIMD;c:\windows\system32\drivers\jswscimd.sys [3/6/2010 5:43 PM 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 4:24 AM 453120]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2/26/2012 6:11 PM 2253120]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5/3/2012 8:31 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/9/2012 7:11 AM 250056]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 12:54 PM 360547]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 9:54 AM 113120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 61675431
*Deregistered* - 61675431
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 09:44]
.
2012-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-07-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1003Core.job
- c:\documents and settings\Jenny\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-07-21 14:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jenny\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Jenny\Application Data\Mozilla\Firefox\Profiles\3jrbzezj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://pmh.bingstart.com/s/?src=FF-Address&site=Bing&cfg=2-207-0-1FcBG&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-bngpys - c:\documents and settings\Jenny\Application Data\bngpys.dll
HKLM-Run-dlsqos - c:\documents and settings\Jenny\Application Data\dlsqos.dll
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-02 09:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-02 09:51:53
ComboFix-quarantined-files.txt 2012-08-02 13:51
.
Pre-Run: 674,879,655,936 bytes free
Post-Run: 674,905,382,912 bytes free
.
- - End Of File - - 70E7CB4AD36A935B6952B91522350275

Edited by Jenny77, 02 August 2012 - 09:16 AM.


#5 Jenny77

Jenny77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 02 August 2012 - 09:17 AM

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.60.1.1000
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.268
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````

#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:30 PM

Posted 02 August 2012 - 02:05 PM

We've got a few bits and pieces left to clean up. :thumbup2:


Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Folder::
c:\documents and settings\Jenny\Local Settings\Application Data\{3A7B2C11-D8D4-11E1-8270-B8AC6F996F26}
C:\Windows\Installer\{3A7B2C11-D8D4-11E1-8270-B8AC6F996F26}

File::
61675431

Driver::
C:\Windows\System32\Drivers\61675431.sys

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#7 Jenny77

Jenny77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 02 August 2012 - 03:55 PM

ComboFix 12-07-31.03 - Jenny 08/02/2012 16:40:33.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2748 [GMT -4:00]
Running from: c:\documents and settings\Jenny\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jenny\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jenny\Local Settings\Application Data\{3A7B2C11-D8D4-11E1-8270-B8AC6F996F26}
c:\documents and settings\Jenny\Local Settings\Application Data\{3A7B2C11-D8D4-11E1-8270-B8AC6F996F26}\chrome.manifest
c:\documents and settings\Jenny\Local Settings\Application Data\{3A7B2C11-D8D4-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul
c:\documents and settings\Jenny\Local Settings\Application Data\{3A7B2C11-D8D4-11E1-8270-B8AC6F996F26}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-07-21 14:31 . 2012-07-21 14:31 -------- d-----w- c:\documents and settings\Jenny\Local Settings\Application Data\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-30 09:44 . 2012-04-09 11:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-30 09:44 . 2011-05-16 22:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-04 04:17 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2009-08-19 22:07 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 05:56 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 05:56 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-12-20 20:35 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2009-12-20 20:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-12-20 20:35 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2009-12-20 20:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2009-12-20 20:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-04 05:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2009-12-20 20:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2009-12-20 20:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-02-28 14:05 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-02-28 14:05 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2010-02-28 14:05 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 05:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 05:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2010-04-18 10:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2004-08-04 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-04 03:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-08 16:17 . 2012-04-23 07:42 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 16:17 . 2012-04-23 07:42 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-19 11:51 . 2012-04-05 07:55 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-28 13:46 . 2010-07-26 07:25 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_13.50.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-02 20:47 . 2012-08-02 20:47 16384 c:\windows\temp\Perflib_Perfdata_3f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jenny^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\documents and settings\Jenny\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-21 14:31 138096 ----atw- c:\documents and settings\Jenny\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 20:39 570664 -c--a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Electronic Arts\\BioWare\\Star Wars - The Old Republic\\launcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Jenny\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Documents and Settings\\Jenny\\Local Settings\\Apps\\2.0\\MVVCC89N.DH7\\6AVCCHV1.5OO\\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [4/23/2012 3:42 AM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/23/2012 3:42 AM 86224]
R3 JSWSCIMD;JSWSCIMD;c:\windows\system32\drivers\jswscimd.sys [3/6/2010 5:43 PM 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 4:24 AM 453120]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2/26/2012 6:11 PM 2253120]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5/3/2012 8:31 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/9/2012 7:11 AM 250056]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 12:54 PM 360547]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 9:54 AM 113120]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 09:44]
.
2012-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-448539723-861567501-725345543-1003Core.job
- c:\documents and settings\Jenny\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-07-21 14:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jenny\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Jenny\Application Data\Mozilla\Firefox\Profiles\3jrbzezj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://pmh.bingstart.com/s/?src=FF-Address&site=Bing&cfg=2-207-0-1FcBG&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-02 16:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(980)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-08-02 16:51:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 20:51
ComboFix2.txt 2012-08-02 13:51
.
Pre-Run: 674,910,736,384 bytes free
Post-Run: 674,885,042,176 bytes free
.
- - End Of File - - CE0162F4DF5F8C2628445FD2E483AD69

#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:30 PM

Posted 02 August 2012 - 04:01 PM

Has your Google Chrome browser stopped working? I had you delete a suspicious folder, but apparently that was related to Chrome.

I can give you a script to un-delete it, but it'd probably just be easier to reinstall it from their website.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#9 Jenny77

Jenny77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 02 August 2012 - 04:05 PM

I haven't used Google Chrome in well over a year. Left over files from when I removed it???

#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:30 PM

Posted 02 August 2012 - 04:09 PM

They're quite possibly leftovers, yeah. I guess it was good to remove those files after all :P.


Your logs are looking good. Are you still encountering any issues?

Let's run an online scan to verify we haven't missed anything:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#11 Jenny77

Jenny77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 02 August 2012 - 05:25 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=84d16069e406a44592f1459877a601ba
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-02 10:22:52
# local_time=2012-08-02 06:22:52 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 9417372 9417372 0 0
# compatibility_mode=1792 16777175 100 0 7854518 7854518 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=121820
# found=11
# cleaned=0
# scan_time=3098
C:\Qoobox\Quarantine\C\Documents and Settings\Jenny\Application Data\bngpys.dll.vir a variant of Win32/Medfos.BK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Jenny\Application Data\dlsqos.dll.vir a variant of Win32/Medfos.BL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Jenny\Local Settings\Application Data\{3A7B2C11-D8D4-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul.vir JS/Redirector.NIQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.04.2012_18.06.31\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.04.2012_18.06.31\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.04.2012_18.06.31\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.04.2012_18.06.31\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.04.2012_18.06.31\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KS trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.04.2012_18.06.31\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.04.2012_18.06.31\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.04.2012_18.06.31\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan (unable to clean) 00000000000000000000000000000000 I

#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:30 PM

Posted 02 August 2012 - 05:53 PM

Looks like it only picked up things the other tools had quarantined. I'd say you're clean. :thumbup2:

Before we do anything else, please take the time to install the following update. Using outdated applications leaves you vulnerable to getting infected again.


Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to Start > Control Panel and open Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).
They will have this icon next to them: Posted Image
Select each in turn and click Remove.

Once old versions are gone, please install the newest version.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#13 Jenny77

Jenny77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 03 August 2012 - 08:43 AM

Awesome!! I have the old Java gone and the new one downloaded.

#14 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:30 PM

Posted 03 August 2012 - 11:55 AM

Glad the updates went well. :)


I will now provide you with some suggestions for security software

First, let's remove ComboFix:
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.


It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.
AntiVir
AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available A tutorial on understanding and using firewalls may be found here.


If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#15 Jenny77

Jenny77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 03 August 2012 - 01:31 PM

Ok ComboFix is removed.

I already use Avira as my Anti-Virus and Mozilla as my browser. :-)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users