Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 firsttaff

firsttaff

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 05 August 2012 - 03:24 AM

Hello
sorry to bother you but i have been invected with the rdirect virus ,
my system is
windows XP SP3

I have tried to follow the steps in this topic , but so far no luck

http://www.bleepingcomputer.com/forums/topic458943.html/page__p__2750616__hl__google+redirect+virus__fromsearch__1#entry2750616

The TDSSKILLER found nothing.

the aswMBR found some locked files the log is below , i did not run any other part of the programe , just saved the log as instructed .

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 07:28:44
-----------------------------
07:28:44.453 OS Version: Windows 5.1.2600 Service Pack 3
07:28:44.453 Number of processors: 2 586 0x2302
07:28:44.453 ComputerName: BRYANWORK UserName: bryan
07:29:04.062 Initialize success
07:30:22.281 AVAST engine defs: 12080401
07:30:33.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
07:30:33.875 Disk 0 Vendor: Maxtor_6L300R0 BAH41G10 Size: 286188MB BusType: 3
07:30:33.875 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006e
07:30:33.875 Disk 1 Vendor: ST3320620A 3.AAE Size: 305245MB BusType: 3
07:30:33.984 Disk 0 MBR read successfully
07:30:33.984 Disk 0 MBR scan
07:30:34.140 Disk 0 Windows XP default MBR code
07:30:34.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286173 MB offset 63
07:30:34.265 Disk 0 scanning sectors +586083330
07:30:34.484 Disk 0 scanning C:\WINDOWS\system32\drivers
07:30:53.281 Service scanning
07:30:58.937 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
07:30:58.968 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
07:30:59.093 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
07:30:59.125 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
07:31:10.656 Modules scanning
07:31:15.812 Disk 0 trace - called modules:
07:31:15.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys
07:31:15.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad2aab8]
07:31:15.828 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8ad47ac0]
07:31:15.828 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\0000006d[0x8adbc030]
07:31:17.296 AVAST engine scan C:\WINDOWS
07:31:29.750 AVAST engine scan C:\WINDOWS\system32
07:33:36.031 File: C:\WINDOWS\system32\rdsaddinc.dll **INFECTED** Win32:Diller-DK [Trj]
07:35:23.046 AVAST engine scan C:\WINDOWS\system32\drivers
07:35:43.296 AVAST engine scan C:\Documents and Settings\bryan
07:51:46.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bryan\Desktop\MBR.dat"
07:51:46.531 The log file has been saved successfully to "C:\Documents and Settings\bryan\Desktop\aswMBR.txt"





I then ran the ESET online scanner and it found nothing


I therfore ask for your help please .
regards
Bryan

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 07 August 2012 - 02:46 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 firsttaff

firsttaff
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 07 August 2012 - 10:49 AM

Hello Gringo
Thank you for your reply and your kind help
I have carried out the instructions and I post the logs etc below.

checkup.txt


Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Kaspersky Anti-Virus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 6 Update 33
Java™ 7 Update 5
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Anti-Virus 2012 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````



logs from DDS

DDS.TXT
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.0
Run by bryan at 16:36:22 on 2012-08-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2785 [GMT 1:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\bryan\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Jeppesen\JWC\JWC.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=;ftp=;https=;
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
uRun: [Spotify Web Helper] "c:\documents and settings\bryan\application data\spotify\data\SpotifyWebHelper.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [EPSON Stylus Photo RX520 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1330079611937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D76604D3-A174-4381-93C0-63D9101E1059} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2012-2-24 16640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-3 232512]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-3-29 565552]
R2 JWC;Jeppesen Weather Controller Service;c:\program files\jeppesen\jwc\jwc.exe -service --> c:\program files\jeppesen\jwc\JWC.exe -service [?]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe [2011-4-24 202296]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-6 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 cpuz135;cpuz135;\??\c:\docume~1\bryan\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\bryan\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-3-26 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-6 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-3-22 155320]
S3 speccy;speccy;\??\c:\docume~1\bryan\locals~1\temp\1b4e970f-c7c7-41c1-92ec-3ecf94e4d380 --> c:\docume~1\bryan\locals~1\temp\1b4e970f-c7c7-41c1-92ec-3ecf94e4d380 [?]
.
=============== Created Last 30 ================
.
2012-07-25 12:27:50 -------- d-----w- c:\documents and settings\bryan\application data\PlatinumHideIP
2012-07-25 12:27:50 -------- d-----w- c:\documents and settings\all users\application data\PlatinumHideIP
2012-07-25 12:25:42 -------- d-----w- c:\program files\PlatinumHideIP
.
==================== Find3M ====================
.
2012-08-04 21:18:39 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-04 21:18:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 21:53:23 772592 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-03 21:53:23 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-03 21:53:22 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 08:26:24 102400 --sha-r- c:\windows\system32\rdsaddinc.dll
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 14:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 14:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 16:36:32.76 ===============

THE "ATTACH .TXT" FILE IS BELOW , i tried to attach as instructed by Zip , but i got a warning stating i was not allowed to upload this type of file ?

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24/02/2012 09:29:06
System Uptime: 08/08/2012 16:06:18 (0 hours ago)
.
Motherboard: | | KN1 SLI Lite
Processor: AMD Athlon™ 64 FX-60 Dual Core Processor | Socket 939 | 2613/201mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 279 GiB total, 83.005 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 298 GiB total, 204.419 GiB free.
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&75FDAEA&0&01
Manufacturer: Nvidia
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&75FDAEA&0&01
Service: NVENETFD
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Adobe Acrobat 5.0
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
ATI Display Driver
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
CCleaner
DAEMON Tools Pro
dBpoweramp DSP Effects
dBpoweramp Music Converter
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD Shrink 3.2
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Image Clip Palette
EPSON Printer Software
EPSON Scan Assistant
ESPRX520 User's Guide
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java™ 6 Update 33
Java™ 7 Update 5
Jeppesen Format Print Driver
Jeppesen Program and Data Installation
Jeppesen Services
Jeppesen Weather Service
Kaspersky Anti-Virus 2012
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 4.0
MiPony 1.6.4
MSN
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
novaPDF for SDK v7 (novaPDF 7.2 printer)
NVIDIA Drivers
Platinum Hide IP
QuickPlan 5
QuickTime
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Sony Ericsson Update Engine
Sony PC Companion 2.10.030
Spotify
Ultra Video Converter 5.1.0108
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 2.0.0
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.11 (32-bit)
.
==== End Of File ===========================


I had no problems running the programes .
thank you again
Bryan

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 07 August 2012 - 03:05 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 firsttaff

firsttaff
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 08 August 2012 - 07:35 AM

Hi
I carried out your instructions
here is the combo fix log


omboFix 12-08-07.05 - bryan 09/08/2012 13:14:19.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2519 [GMT 1:00]
Running from: c:\documents and settings\bryan\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-06 07:31 . 2012-08-06 07:31 -------- d-----w- c:\documents and settings\bryan\Application Data\dvdcss
2012-07-25 12:27 . 2012-07-25 12:27 -------- d-----w- c:\documents and settings\bryan\Application Data\PlatinumHideIP
2012-07-25 12:27 . 2012-07-25 12:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PlatinumHideIP
2012-07-25 12:25 . 2012-07-25 12:27 -------- d-----w- c:\program files\PlatinumHideIP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 21:18 . 2012-04-04 13:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-04 21:18 . 2012-02-24 12:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 21:53 . 2012-06-26 16:08 772592 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-03 21:53 . 2012-06-26 16:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-03 21:53 . 2012-03-26 10:20 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19 . 2004-08-03 22:17 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-03 23:56 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-03 23:56 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 14:19 . 2009-08-06 19:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2012-02-24 09:25 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2012-02-24 09:25 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2012-02-24 09:25 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2009-08-06 19:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2012-02-24 09:25 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2012-02-24 09:25 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2009-08-06 19:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2009-08-06 19:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2004-08-03 23:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2009-08-06 19:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2012-02-24 09:25 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2012-02-24 09:25 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 14:18 . 2012-02-26 15:10 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18 . 2012-02-26 15:10 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 14:18 . 2012-02-26 15:10 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-03 23:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-03 23:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-03 23:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2004-08-03 23:56 43520 ------w- c:\windows\system32\licmgr10.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\documents and settings\bryan\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-07-31 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX520 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE" [2005-04-07 98304]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-01-03 13:10 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-01-03 13:10 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2011-08-17 07:29 4527424 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\bryan\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"39285:TCP"= 39285:TCP:Windows Core Service
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [24/02/2012 01:42 16640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [03/03/2012 16:31 232512]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352]
R2 JWC;Jeppesen Weather Controller Service;c:\program files\Jeppesen\JWC\JWC.exe -service --> c:\program files\Jeppesen\JWC\JWC.exe -service [?]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [04/05/2010 13:07 503080]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/05/2012 15:20 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04/04/2012 14:52 250056]
S3 cpuz135;cpuz135;\??\c:\docume~1\bryan\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\bryan\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [26/03/2012 11:21 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/05/2012 15:20 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 12:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22:37 4640000]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [22/03/2012 23:23 155320]
S3 speccy;speccy;\??\c:\docume~1\bryan\LOCALS~1\Temp\1b4e970f-c7c7-41c1-92ec-3ecf94e4d380 --> c:\docume~1\bryan\LOCALS~1\Temp\1b4e970f-c7c7-41c1-92ec-3ecf94e4d380 [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:18]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-06 14:20]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-06 14:20]
.
2012-08-08 c:\windows\Tasks\lktxme.job
- c:\windows\system32\rdsaddinc.dll [2012-06-08 08:26]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-97219080.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 13:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\speccy]
"ImagePath"="\??\c:\docume~1\bryan\LOCALS~1\Temp\1b4e970f-c7c7-41c1-92ec-3ecf94e4d380"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3992)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-08-09 13:22:55
ComboFix-quarantined-files.txt 2012-08-09 12:22
.
Pre-Run: 89,061,785,600 bytes free
Post-Run: 90,160,533,504 bytes free
.
- - End Of File - - 73949175D4D1CB9ED45A4AA549306D0B

I had Combofix tell me that Kaspersky was still running ,this was despite me carrying out the instructions in the link you sent .

Regretably when i use goggle /bing etc I still have it redirecting to other sites ,

thank you
Bryan

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 08 August 2012 - 09:17 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 firsttaff

firsttaff
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 08 August 2012 - 11:06 AM

Hi TDSSKiller log , it did not find anything

15:45:52.0531 3016 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:45:52.0718 3016 ============================================================
15:45:52.0718 3016 Current date / time: 2012/08/08 15:45:52.0718
15:45:52.0718 3016 SystemInfo:
15:45:52.0718 3016
15:45:52.0718 3016 OS Version: 5.1.2600 ServicePack: 3.0
15:45:52.0718 3016 Product type: Workstation
15:45:52.0718 3016 ComputerName: BRYANWORK
15:45:52.0718 3016 UserName: bryan
15:45:52.0718 3016 Windows directory: C:\WINDOWS
15:45:52.0718 3016 System windows directory: C:\WINDOWS
15:45:52.0718 3016 Processor architecture: Intel x86
15:45:52.0718 3016 Number of processors: 2
15:45:52.0718 3016 Page size: 0x1000
15:45:52.0718 3016 Boot type: Normal boot
15:45:52.0718 3016 ============================================================
15:45:54.0906 3016 Drive \Device\Harddisk0\DR0 - Size: 0x45DECD2000 (279.48 Gb), SectorSize: 0x200, Cylinders: 0x8E83, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:45:54.0921 3016 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:45:54.0984 3016 ============================================================
15:45:54.0984 3016 \Device\Harddisk0\DR0:
15:45:54.0984 3016 MBR partitions:
15:45:54.0984 3016 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEEBC3
15:45:54.0984 3016 \Device\Harddisk1\DR1:
15:45:55.0000 3016 MBR partitions:
15:45:55.0000 3016 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
15:45:55.0000 3016 ============================================================
15:45:55.0250 3016 C: <-> \Device\Harddisk0\DR0\Partition0
15:45:55.0265 3016 F: <-> \Device\Harddisk1\DR1\Partition0
15:45:55.0265 3016 ============================================================
15:45:55.0265 3016 Initialize success
15:45:55.0265 3016 ============================================================
15:46:00.0671 2480 ============================================================
15:46:00.0671 2480 Scan started
15:46:00.0671 2480 Mode: Manual;
15:46:00.0671 2480 ============================================================
15:46:00.0937 2480 Abiosdsk - ok
15:46:00.0937 2480 abp480n5 - ok
15:46:00.0984 2480 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:46:00.0984 2480 ACPI - ok
15:46:01.0031 2480 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:46:01.0062 2480 ACPIEC - ok
15:46:01.0140 2480 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:46:01.0328 2480 AdobeFlashPlayerUpdateSvc - ok
15:46:01.0328 2480 adpu160m - ok
15:46:01.0375 2480 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:46:01.0437 2480 aec - ok
15:46:01.0484 2480 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:46:01.0484 2480 AFD - ok
15:46:01.0500 2480 Aha154x - ok
15:46:01.0500 2480 aic78u2 - ok
15:46:01.0515 2480 aic78xx - ok
15:46:01.0703 2480 ALCXWDM (00696c0ab6aaba7fd4e64ab61be95f6a) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
15:46:01.0734 2480 ALCXWDM - ok
15:46:01.0875 2480 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:46:01.0890 2480 Alerter - ok
15:46:01.0906 2480 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:46:01.0906 2480 ALG - ok
15:46:01.0921 2480 AliIde - ok
15:46:01.0921 2480 amsint - ok
15:46:01.0984 2480 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:46:02.0062 2480 AppMgmt - ok
15:46:02.0062 2480 asc - ok
15:46:02.0078 2480 asc3350p - ok
15:46:02.0093 2480 asc3550 - ok
15:46:02.0171 2480 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:46:02.0234 2480 aspnet_state - ok
15:46:02.0281 2480 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:46:02.0312 2480 AsyncMac - ok
15:46:02.0343 2480 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:46:02.0421 2480 atapi - ok
15:46:02.0437 2480 Atdisk - ok
15:46:02.0500 2480 Ati HotKey Poller (bba22521d24625c7a7b8d57fb20a812e) C:\WINDOWS\system32\Ati2evxx.exe
15:46:02.0671 2480 Ati HotKey Poller - ok
15:46:02.0750 2480 ati2mtag (07ac9a98ea70b5a6655a5797174bd282) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:46:02.0953 2480 ati2mtag - ok
15:46:03.0046 2480 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:46:03.0093 2480 Atmarpc - ok
15:46:03.0156 2480 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:46:03.0234 2480 AudioSrv - ok
15:46:03.0250 2480 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:46:03.0265 2480 audstub - ok
15:46:03.0359 2480 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
15:46:03.0453 2480 AVP - ok
15:46:03.0500 2480 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:46:03.0515 2480 Beep - ok
15:46:03.0578 2480 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:46:03.0656 2480 BITS - ok
15:46:03.0703 2480 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:46:03.0750 2480 Browser - ok
15:46:03.0859 2480 catchme - ok
15:46:03.0890 2480 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:46:03.0921 2480 cbidf2k - ok
15:46:03.0937 2480 cd20xrnt - ok
15:46:03.0937 2480 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:46:03.0968 2480 Cdaudio - ok
15:46:04.0000 2480 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:46:04.0031 2480 Cdfs - ok
15:46:04.0062 2480 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:46:04.0140 2480 Cdrom - ok
15:46:04.0140 2480 Changer - ok
15:46:04.0171 2480 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:46:04.0187 2480 CiSvc - ok
15:46:04.0218 2480 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:46:04.0250 2480 ClipSrv - ok
15:46:04.0328 2480 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:46:04.0437 2480 clr_optimization_v2.0.50727_32 - ok
15:46:04.0453 2480 CmdIde - ok
15:46:04.0468 2480 COMSysApp - ok
15:46:04.0484 2480 Cpqarray - ok
15:46:04.0484 2480 cpuz135 - ok
15:46:04.0546 2480 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:46:04.0578 2480 CryptSvc - ok
15:46:04.0593 2480 dac2w2k - ok
15:46:04.0593 2480 dac960nt - ok
15:46:04.0671 2480 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:46:04.0703 2480 DcomLaunch - ok
15:46:04.0750 2480 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:46:04.0765 2480 Dhcp - ok
15:46:04.0796 2480 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:46:04.0843 2480 Disk - ok
15:46:04.0859 2480 dmadmin - ok
15:46:04.0937 2480 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:46:05.0203 2480 dmboot - ok
15:46:05.0218 2480 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:46:05.0343 2480 dmio - ok
15:46:05.0359 2480 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:46:05.0375 2480 dmload - ok
15:46:05.0406 2480 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:46:05.0437 2480 dmserver - ok
15:46:05.0484 2480 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:46:05.0531 2480 DMusic - ok
15:46:05.0593 2480 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:46:05.0593 2480 Dnscache - ok
15:46:05.0656 2480 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:46:05.0734 2480 Dot3svc - ok
15:46:05.0750 2480 dpti2o - ok
15:46:05.0765 2480 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:46:05.0796 2480 drmkaud - ok
15:46:05.0859 2480 dtsoftbus01 (c8eb60a182bee9afd6b394c0145a1732) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
15:46:05.0875 2480 dtsoftbus01 - ok
15:46:05.0906 2480 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:46:05.0953 2480 EapHost - ok
15:46:05.0984 2480 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:46:06.0015 2480 ERSvc - ok
15:46:06.0078 2480 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:46:06.0078 2480 Eventlog - ok
15:46:06.0140 2480 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:46:06.0140 2480 EventSystem - ok
15:46:06.0218 2480 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:46:06.0296 2480 Fastfat - ok
15:46:06.0343 2480 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:46:06.0359 2480 FastUserSwitchingCompatibility - ok
15:46:06.0375 2480 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:46:06.0421 2480 Fdc - ok
15:46:06.0453 2480 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:46:06.0500 2480 Fips - ok
15:46:06.0515 2480 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:46:06.0562 2480 Flpydisk - ok
15:46:06.0578 2480 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:46:06.0625 2480 FltMgr - ok
15:46:06.0750 2480 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:46:06.0765 2480 FontCache3.0.0.0 - ok
15:46:06.0812 2480 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:46:06.0828 2480 Fs_Rec - ok
15:46:06.0828 2480 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:46:06.0921 2480 Ftdisk - ok
15:46:06.0968 2480 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
15:46:06.0984 2480 ggflt - ok
15:46:07.0000 2480 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
15:46:07.0015 2480 ggsemc - ok
15:46:07.0031 2480 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:46:07.0062 2480 Gpc - ok
15:46:07.0218 2480 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
15:46:07.0328 2480 gupdate - ok
15:46:07.0343 2480 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
15:46:07.0343 2480 gupdatem - ok
15:46:07.0406 2480 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:46:07.0437 2480 helpsvc - ok
15:46:07.0437 2480 HidServ - ok
15:46:07.0500 2480 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:46:07.0531 2480 HidUsb - ok
15:46:07.0578 2480 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:46:07.0625 2480 hkmsvc - ok
15:46:07.0625 2480 hpn - ok
15:46:07.0687 2480 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:46:07.0687 2480 HTTP - ok
15:46:07.0687 2480 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:46:07.0718 2480 HTTPFilter - ok
15:46:07.0718 2480 i2omgmt - ok
15:46:07.0718 2480 i2omp - ok
15:46:07.0750 2480 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:46:07.0781 2480 i8042prt - ok
15:46:07.0859 2480 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:46:07.0921 2480 idsvc - ok
15:46:07.0953 2480 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:46:08.0015 2480 Imapi - ok
15:46:08.0062 2480 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:46:08.0062 2480 ImapiService - ok
15:46:08.0062 2480 ini910u - ok
15:46:08.0078 2480 IntelIde - ok
15:46:08.0125 2480 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:46:08.0171 2480 Ip6Fw - ok
15:46:08.0187 2480 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:46:08.0250 2480 IpFilterDriver - ok
15:46:08.0281 2480 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:46:08.0328 2480 IpInIp - ok
15:46:08.0359 2480 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:46:08.0359 2480 IpNat - ok
15:46:08.0375 2480 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:46:08.0421 2480 IPSec - ok
15:46:08.0421 2480 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:46:08.0453 2480 IRENUM - ok
15:46:08.0484 2480 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:46:08.0515 2480 isapnp - ok
15:46:08.0656 2480 JavaQuickStarterService (a456937acc87bb40d7e2331f1e3a2ac5) C:\Program Files\Java\jre7\bin\jqs.exe
15:46:08.0718 2480 JavaQuickStarterService - ok
15:46:08.0750 2480 JWC - ok
15:46:08.0781 2480 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:46:08.0812 2480 Kbdclass - ok
15:46:08.0859 2480 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\kl1.sys
15:46:08.0937 2480 KL1 - ok
15:46:08.0953 2480 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\WINDOWS\system32\DRIVERS\kl2.sys
15:46:08.0968 2480 kl2 - ok
15:46:09.0000 2480 KLIF (5d92a03045a6a98708975b3d77b39a36) C:\WINDOWS\system32\DRIVERS\klif.sys
15:46:09.0140 2480 KLIF - ok
15:46:09.0156 2480 klim5 (96a7ec308a93da26dfe481308baac2a2) C:\WINDOWS\system32\DRIVERS\klim5.sys
15:46:09.0187 2480 klim5 - ok
15:46:09.0187 2480 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
15:46:09.0203 2480 klmouflt - ok
15:46:09.0250 2480 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:46:09.0375 2480 kmixer - ok
15:46:09.0406 2480 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:46:09.0406 2480 KSecDD - ok
15:46:09.0453 2480 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:46:09.0453 2480 lanmanserver - ok
15:46:09.0484 2480 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:46:09.0484 2480 lanmanworkstation - ok
15:46:09.0484 2480 lbrtfdc - ok
15:46:09.0531 2480 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:46:09.0546 2480 LmHosts - ok
15:46:09.0578 2480 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:46:09.0609 2480 Messenger - ok
15:46:09.0640 2480 Microsoft SharePoint Workspace Audit Service - ok
15:46:09.0671 2480 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:46:09.0687 2480 mnmdd - ok
15:46:09.0734 2480 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:46:09.0750 2480 mnmsrvc - ok
15:46:09.0781 2480 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:46:09.0828 2480 Modem - ok
15:46:09.0843 2480 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:46:09.0875 2480 Mouclass - ok
15:46:09.0921 2480 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:46:09.0937 2480 mouhid - ok
15:46:09.0953 2480 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:46:09.0984 2480 MountMgr - ok
15:46:09.0984 2480 mraid35x - ok
15:46:10.0000 2480 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:46:10.0265 2480 MRxDAV - ok
15:46:10.0312 2480 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:46:10.0312 2480 MRxSmb - ok
15:46:10.0328 2480 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:46:10.0343 2480 MSDTC - ok
15:46:10.0343 2480 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:46:10.0375 2480 Msfs - ok
15:46:10.0390 2480 MSIServer - ok
15:46:10.0390 2480 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:46:10.0421 2480 MSKSSRV - ok
15:46:10.0437 2480 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:46:10.0468 2480 MSPCLOCK - ok
15:46:10.0484 2480 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:46:10.0515 2480 MSPQM - ok
15:46:10.0562 2480 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:46:10.0562 2480 mssmbios - ok
15:46:10.0562 2480 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:46:10.0562 2480 Mup - ok
15:46:10.0625 2480 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:46:10.0765 2480 napagent - ok
15:46:10.0828 2480 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files\Nero\Update\NASvc.exe
15:46:10.0843 2480 NAUpdate - ok
15:46:10.0890 2480 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:46:10.0921 2480 NDIS - ok
15:46:10.0968 2480 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:46:10.0968 2480 NdisTapi - ok
15:46:10.0984 2480 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:46:11.0000 2480 Ndisuio - ok
15:46:11.0015 2480 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:46:11.0062 2480 NdisWan - ok
15:46:11.0093 2480 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:46:11.0093 2480 NDProxy - ok
15:46:11.0093 2480 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:46:11.0140 2480 NetBIOS - ok
15:46:11.0203 2480 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:46:11.0343 2480 NetBT - ok
15:46:11.0390 2480 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:46:11.0453 2480 NetDDE - ok
15:46:11.0453 2480 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:46:11.0453 2480 NetDDEdsdm - ok
15:46:11.0484 2480 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:46:11.0484 2480 Netlogon - ok
15:46:11.0500 2480 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:46:11.0515 2480 Netman - ok
15:46:11.0625 2480 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:46:11.0656 2480 NetTcpPortSharing - ok
15:46:11.0687 2480 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:46:11.0718 2480 Nla - ok
15:46:11.0750 2480 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:46:11.0781 2480 Npfs - ok
15:46:11.0812 2480 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:46:11.0984 2480 Ntfs - ok
15:46:11.0984 2480 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:46:12.0000 2480 NtLmSsp - ok
15:46:12.0046 2480 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:46:12.0203 2480 NtmsSvc - ok
15:46:12.0234 2480 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:46:12.0250 2480 Null - ok
15:46:12.0296 2480 nvatabus (83f0275a21d9772b51cef57e35afae61) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
15:46:12.0296 2480 nvatabus - ok
15:46:12.0296 2480 nvcchflt (fb7213bc5279c1af5e4e9ca05d944f2c) C:\WINDOWS\system32\DRIVERS\nvcchflt.sys
15:46:12.0312 2480 nvcchflt - ok
15:46:12.0328 2480 NVENETFD (468e839f0f7aff5c9baa4717b82cdd11) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:46:12.0359 2480 NVENETFD - ok
15:46:12.0375 2480 nvnetbus (7a6444c5f0d53c7e6e7f500bc4c930f7) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:46:12.0390 2480 nvnetbus - ok
15:46:12.0406 2480 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:46:12.0437 2480 NwlnkFlt - ok
15:46:12.0437 2480 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:46:12.0468 2480 NwlnkFwd - ok
15:46:12.0531 2480 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:46:12.0593 2480 ose - ok
15:46:12.0843 2480 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:46:13.0484 2480 osppsvc - ok
15:46:13.0593 2480 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:46:13.0656 2480 Parport - ok
15:46:13.0671 2480 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:46:13.0703 2480 PartMgr - ok
15:46:13.0750 2480 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:46:13.0765 2480 ParVdm - ok
15:46:13.0781 2480 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:46:13.0843 2480 PCI - ok
15:46:13.0843 2480 PCIDump - ok
15:46:13.0875 2480 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:46:13.0890 2480 PCIIde - ok
15:46:13.0921 2480 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:46:13.0984 2480 Pcmcia - ok
15:46:14.0000 2480 PDCOMP - ok
15:46:14.0000 2480 PDFRAME - ok
15:46:14.0000 2480 PDRELI - ok
15:46:14.0015 2480 PDRFRAME - ok
15:46:14.0015 2480 perc2 - ok
15:46:14.0031 2480 perc2hib - ok
15:46:14.0078 2480 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:46:14.0078 2480 PlugPlay - ok
15:46:14.0125 2480 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:46:14.0125 2480 PolicyAgent - ok
15:46:14.0125 2480 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:46:14.0156 2480 PptpMiniport - ok
15:46:14.0375 2480 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:46:14.0453 2480 Processor - ok
15:46:14.0453 2480 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:46:14.0453 2480 ProtectedStorage - ok
15:46:14.0453 2480 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:46:14.0531 2480 PSched - ok
15:46:14.0546 2480 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:46:14.0578 2480 Ptilink - ok
15:46:14.0578 2480 ql1080 - ok
15:46:14.0578 2480 Ql10wnt - ok
15:46:14.0593 2480 ql12160 - ok
15:46:14.0593 2480 ql1240 - ok
15:46:14.0609 2480 ql1280 - ok
15:46:14.0609 2480 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:46:14.0625 2480 RasAcd - ok
15:46:14.0656 2480 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:46:14.0718 2480 RasAuto - ok
15:46:14.0718 2480 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:46:14.0750 2480 Rasl2tp - ok
15:46:14.0796 2480 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:46:14.0843 2480 RasMan - ok
15:46:14.0859 2480 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:46:14.0906 2480 RasPppoe - ok
15:46:14.0906 2480 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:46:14.0937 2480 Raspti - ok
15:46:14.0968 2480 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:46:15.0015 2480 Rdbss - ok
15:46:15.0015 2480 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:46:15.0031 2480 RDPCDD - ok
15:46:15.0046 2480 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:46:15.0359 2480 rdpdr - ok
15:46:15.0406 2480 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
15:46:15.0406 2480 RDPWD - ok
15:46:15.0437 2480 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:46:15.0515 2480 RDSessMgr - ok
15:46:15.0546 2480 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:46:15.0593 2480 redbook - ok
15:46:15.0656 2480 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:46:15.0687 2480 RemoteAccess - ok
15:46:15.0718 2480 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:46:15.0750 2480 RemoteRegistry - ok
15:46:15.0781 2480 RimUsb (4f4a4c09cc5be58a76cac1c337e004e6) C:\WINDOWS\system32\Drivers\RimUsb.sys
15:46:15.0796 2480 RimUsb - ok
15:46:15.0812 2480 RimVSerPort (3a5633ad615e2b15291bd0b1b97ccd8a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
15:46:15.0859 2480 RimVSerPort - ok
15:46:15.0906 2480 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
15:46:15.0921 2480 ROOTMODEM - ok
15:46:15.0937 2480 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:46:15.0984 2480 RpcLocator - ok
15:46:16.0031 2480 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
15:46:16.0031 2480 RpcSs - ok
15:46:16.0062 2480 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:46:16.0156 2480 RSVP - ok
15:46:16.0203 2480 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:46:16.0234 2480 rtl8139 - ok
15:46:16.0281 2480 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:46:16.0281 2480 SamSs - ok
15:46:16.0312 2480 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:46:16.0359 2480 SCardSvr - ok
15:46:16.0390 2480 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:46:16.0484 2480 Schedule - ok
15:46:16.0531 2480 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:46:16.0562 2480 Secdrv - ok
15:46:16.0562 2480 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:46:16.0593 2480 seclogon - ok
15:46:16.0593 2480 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:46:16.0593 2480 SENS - ok
15:46:16.0609 2480 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:46:16.0640 2480 serenum - ok
15:46:16.0656 2480 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:46:16.0703 2480 Serial - ok
15:46:16.0703 2480 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:46:16.0734 2480 Sfloppy - ok
15:46:16.0765 2480 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:46:16.0765 2480 SharedAccess - ok
15:46:16.0812 2480 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:46:16.0828 2480 ShellHWDetection - ok
15:46:16.0828 2480 Simbad - ok
15:46:16.0953 2480 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
15:46:17.0031 2480 Sony PC Companion - ok
15:46:17.0046 2480 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
15:46:17.0062 2480 SONYPVU1 - ok
15:46:17.0078 2480 Sparrow - ok
15:46:17.0171 2480 speccy - ok
15:46:17.0234 2480 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:46:17.0296 2480 splitter - ok
15:46:17.0375 2480 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:46:17.0375 2480 Spooler - ok
15:46:17.0406 2480 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:46:17.0468 2480 sr - ok
15:46:17.0515 2480 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:46:17.0609 2480 srservice - ok
15:46:17.0671 2480 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:46:17.0671 2480 Srv - ok
15:46:17.0703 2480 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:46:17.0703 2480 SSDPSRV - ok
15:46:17.0734 2480 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:46:17.0812 2480 stisvc - ok
15:46:17.0828 2480 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:46:17.0859 2480 swenum - ok
15:46:17.0875 2480 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:46:17.0921 2480 swmidi - ok
15:46:17.0921 2480 SwPrv - ok
15:46:17.0937 2480 symc810 - ok
15:46:17.0937 2480 symc8xx - ok
15:46:17.0953 2480 sym_hi - ok
15:46:17.0953 2480 sym_u3 - ok
15:46:18.0000 2480 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:46:18.0046 2480 sysaudio - ok
15:46:18.0078 2480 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:46:18.0125 2480 SysmonLog - ok
15:46:18.0171 2480 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:46:18.0218 2480 TapiSrv - ok
15:46:18.0265 2480 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:46:18.0281 2480 Tcpip - ok
15:46:18.0312 2480 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:46:18.0343 2480 TDPIPE - ok
15:46:18.0359 2480 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:46:18.0359 2480 TDTCP - ok
15:46:18.0359 2480 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:46:18.0390 2480 TermDD - ok
15:46:18.0453 2480 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:46:18.0468 2480 TermService - ok
15:46:18.0515 2480 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:46:18.0515 2480 Themes - ok
15:46:18.0562 2480 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:46:18.0593 2480 TlntSvr - ok
15:46:18.0609 2480 TosIde - ok
15:46:18.0640 2480 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:46:18.0687 2480 TrkWks - ok
15:46:18.0718 2480 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:46:18.0765 2480 Udfs - ok
15:46:18.0781 2480 ultra - ok
15:46:18.0812 2480 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:46:18.0890 2480 Update - ok
15:46:18.0921 2480 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:46:18.0984 2480 upnphost - ok
15:46:18.0984 2480 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:46:19.0015 2480 UPS - ok
15:46:19.0031 2480 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:46:19.0078 2480 usbccgp - ok
15:46:19.0093 2480 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:46:19.0125 2480 usbehci - ok
15:46:19.0140 2480 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:46:19.0187 2480 usbhub - ok
15:46:19.0234 2480 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:46:19.0265 2480 usbohci - ok
15:46:19.0296 2480 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:46:19.0328 2480 usbprint - ok
15:46:19.0328 2480 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:46:19.0359 2480 usbscan - ok
15:46:19.0390 2480 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:46:19.0437 2480 usbstor - ok
15:46:19.0468 2480 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:46:19.0515 2480 VgaSave - ok
15:46:19.0515 2480 ViaIde - ok
15:46:19.0546 2480 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:46:19.0609 2480 VolSnap - ok
15:46:19.0640 2480 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:46:19.0765 2480 VSS - ok
15:46:19.0796 2480 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:46:19.0812 2480 W32Time - ok
15:46:19.0828 2480 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:46:19.0859 2480 Wanarp - ok
15:46:20.0031 2480 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:46:20.0250 2480 Wdf01000 - ok
15:46:20.0250 2480 WDICA - ok
15:46:20.0375 2480 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:46:20.0437 2480 wdmaud - ok
15:46:20.0484 2480 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:46:20.0531 2480 WebClient - ok
15:46:20.0609 2480 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:46:20.0656 2480 winmgmt - ok
15:46:20.0703 2480 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:46:20.0734 2480 WmdmPmSN - ok
15:46:20.0796 2480 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:46:20.0796 2480 Wmi - ok
15:46:20.0828 2480 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:46:20.0859 2480 WmiApSrv - ok
15:46:21.0015 2480 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:46:21.0203 2480 WMPNetworkSvc - ok
15:46:21.0265 2480 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:46:21.0359 2480 WpdUsb - ok
15:46:21.0406 2480 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:46:21.0453 2480 WS2IFSL - ok
15:46:21.0484 2480 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:46:21.0546 2480 wscsvc - ok
15:46:21.0562 2480 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:46:21.0562 2480 wuauserv - ok
15:46:21.0609 2480 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:46:21.0656 2480 WudfPf - ok
15:46:21.0671 2480 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:46:21.0750 2480 WudfRd - ok
15:46:21.0765 2480 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:46:21.0796 2480 WudfSvc - ok
15:46:21.0859 2480 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:46:21.0875 2480 WZCSVC - ok
15:46:21.0906 2480 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:46:22.0000 2480 xmlprov - ok
15:46:22.0031 2480 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:46:22.0281 2480 \Device\Harddisk0\DR0 - ok
15:46:22.0296 2480 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
15:46:22.0531 2480 \Device\Harddisk1\DR1 - ok
15:46:22.0546 2480 Boot (0x1200) (5ae4193415d5ef04f7f2a5bce99345f6) \Device\Harddisk0\DR0\Partition0
15:46:22.0546 2480 \Device\Harddisk0\DR0\Partition0 - ok
15:46:22.0546 2480 Boot (0x1200) (80b1a0036a9c55ff28818e70db11f101) \Device\Harddisk1\DR1\Partition0
15:46:22.0546 2480 \Device\Harddisk1\DR1\Partition0 - ok
15:46:22.0546 2480 ============================================================
15:46:22.0546 2480 Scan finished
15:46:22.0546 2480 ============================================================
15:46:22.0562 3420 Detected object count: 0
15:46:22.0562 3420 Actual detected object count: 0
15:46:33.0015 3712 ============================================================
15:46:33.0015 3712 Scan started
15:46:33.0015 3712 Mode: Manual;
15:46:33.0015 3712 ============================================================
15:46:33.0218 3712 Abiosdsk - ok
15:46:33.0234 3712 abp480n5 - ok
15:46:33.0343 3712 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:46:33.0343 3712 ACPI - ok
15:46:33.0437 3712 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:46:33.0437 3712 ACPIEC - ok
15:46:33.0531 3712 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:46:33.0531 3712 AdobeFlashPlayerUpdateSvc - ok
15:46:33.0531 3712 adpu160m - ok
15:46:33.0578 3712 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:46:33.0578 3712 aec - ok
15:46:33.0625 3712 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:46:33.0625 3712 AFD - ok
15:46:33.0625 3712 Aha154x - ok
15:46:33.0640 3712 aic78u2 - ok
15:46:33.0640 3712 aic78xx - ok
15:46:33.0859 3712 ALCXWDM (00696c0ab6aaba7fd4e64ab61be95f6a) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
15:46:33.0890 3712 ALCXWDM - ok
15:46:34.0000 3712 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:46:34.0000 3712 Alerter - ok
15:46:34.0031 3712 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:46:34.0031 3712 ALG - ok
15:46:34.0031 3712 AliIde - ok
15:46:34.0046 3712 amsint - ok
15:46:34.0093 3712 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:46:34.0093 3712 AppMgmt - ok
15:46:34.0109 3712 asc - ok
15:46:34.0109 3712 asc3350p - ok
15:46:34.0125 3712 asc3550 - ok
15:46:34.0218 3712 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:46:34.0218 3712 aspnet_state - ok
15:46:34.0250 3712 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:46:34.0250 3712 AsyncMac - ok
15:46:34.0265 3712 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:46:34.0265 3712 atapi - ok
15:46:34.0281 3712 Atdisk - ok
15:46:34.0343 3712 Ati HotKey Poller (bba22521d24625c7a7b8d57fb20a812e) C:\WINDOWS\system32\Ati2evxx.exe
15:46:34.0343 3712 Ati HotKey Poller - ok
15:46:34.0406 3712 ati2mtag (07ac9a98ea70b5a6655a5797174bd282) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:46:34.0421 3712 ati2mtag - ok
15:46:34.0468 3712 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:46:34.0468 3712 Atmarpc - ok
15:46:34.0484 3712 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:46:34.0484 3712 AudioSrv - ok
15:46:34.0500 3712 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:46:34.0500 3712 audstub - ok
15:46:34.0593 3712 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
15:46:34.0593 3712 AVP - ok
15:46:34.0625 3712 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:46:34.0625 3712 Beep - ok
15:46:34.0671 3712 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:46:34.0671 3712 BITS - ok
15:46:34.0718 3712 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:46:34.0718 3712 Browser - ok
15:46:34.0828 3712 catchme - ok
15:46:34.0859 3712 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:46:34.0859 3712 cbidf2k - ok
15:46:34.0859 3712 cd20xrnt - ok
15:46:34.0875 3712 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:46:34.0875 3712 Cdaudio - ok
15:46:34.0890 3712 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:46:34.0890 3712 Cdfs - ok
15:46:34.0937 3712 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:46:34.0937 3712 Cdrom - ok
15:46:34.0953 3712 Changer - ok
15:46:34.0968 3712 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:46:34.0968 3712 CiSvc - ok
15:46:35.0000 3712 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:46:35.0000 3712 ClipSrv - ok
15:46:35.0062 3712 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:46:35.0078 3712 clr_optimization_v2.0.50727_32 - ok
15:46:35.0078 3712 CmdIde - ok
15:46:35.0078 3712 COMSysApp - ok
15:46:35.0093 3712 Cpqarray - ok
15:46:35.0109 3712 cpuz135 - ok
15:46:35.0125 3712 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:46:35.0125 3712 CryptSvc - ok
15:46:35.0125 3712 dac2w2k - ok
15:46:35.0140 3712 dac960nt - ok
15:46:35.0296 3712 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:46:35.0296 3712 DcomLaunch - ok
15:46:35.0343 3712 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:46:35.0343 3712 Dhcp - ok
15:46:35.0390 3712 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:46:35.0390 3712 Disk - ok
15:46:35.0406 3712 dmadmin - ok
15:46:35.0453 3712 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:46:35.0453 3712 dmboot - ok
15:46:35.0468 3712 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:46:35.0468 3712 dmio - ok
15:46:35.0484 3712 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:46:35.0484 3712 dmload - ok
15:46:35.0515 3712 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:46:35.0515 3712 dmserver - ok
15:46:35.0546 3712 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:46:35.0546 3712 DMusic - ok
15:46:35.0593 3712 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:46:35.0593 3712 Dnscache - ok
15:46:35.0640 3712 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:46:35.0640 3712 Dot3svc - ok
15:46:35.0640 3712 dpti2o - ok
15:46:35.0656 3712 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:46:35.0656 3712 drmkaud - ok
15:46:35.0703 3712 dtsoftbus01 (c8eb60a182bee9afd6b394c0145a1732) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
15:46:35.0703 3712 dtsoftbus01 - ok
15:46:35.0718 3712 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:46:35.0718 3712 EapHost - ok
15:46:35.0750 3712 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:46:35.0750 3712 ERSvc - ok
15:46:35.0781 3712 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:46:35.0781 3712 Eventlog - ok
15:46:35.0828 3712 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:46:35.0828 3712 EventSystem - ok
15:46:35.0875 3712 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:46:35.0875 3712 Fastfat - ok
15:46:35.0921 3712 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:46:35.0937 3712 FastUserSwitchingCompatibility - ok
15:46:35.0953 3712 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:46:35.0953 3712 Fdc - ok
15:46:35.0968 3712 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:46:35.0968 3712 Fips - ok
15:46:35.0968 3712 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:46:35.0968 3712 Flpydisk - ok
15:46:36.0000 3712 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:46:36.0000 3712 FltMgr - ok
15:46:36.0109 3712 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:46:36.0109 3712 FontCache3.0.0.0 - ok
15:46:36.0140 3712 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:46:36.0156 3712 Fs_Rec - ok
15:46:36.0187 3712 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:46:36.0187 3712 Ftdisk - ok
15:46:36.0218 3712 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
15:46:36.0218 3712 ggflt - ok
15:46:36.0218 3712 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
15:46:36.0218 3712 ggsemc - ok
15:46:36.0250 3712 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:46:36.0250 3712 Gpc - ok
15:46:36.0375 3712 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
15:46:36.0375 3712 gupdate - ok
15:46:36.0390 3712 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
15:46:36.0390 3712 gupdatem - ok
15:46:36.0421 3712 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:46:36.0421 3712 helpsvc - ok
15:46:36.0437 3712 HidServ - ok
15:46:36.0453 3712 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:46:36.0453 3712 HidUsb - ok
15:46:36.0484 3712 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:46:36.0484 3712 hkmsvc - ok
15:46:36.0484 3712 hpn - ok
15:46:36.0531 3712 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:46:36.0531 3712 HTTP - ok
15:46:36.0546 3712 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:46:36.0546 3712 HTTPFilter - ok
15:46:36.0562 3712 i2omgmt - ok
15:46:36.0562 3712 i2omp - ok
15:46:36.0593 3712 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:46:36.0593 3712 i8042prt - ok
15:46:36.0656 3712 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:46:36.0671 3712 idsvc - ok
15:46:36.0687 3712 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:46:36.0687 3712 Imapi - ok
15:46:36.0734 3712 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:46:36.0734 3712 ImapiService - ok
15:46:36.0750 3712 ini910u - ok
15:46:36.0750 3712 IntelIde - ok
15:46:36.0765 3712 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:46:36.0765 3712 Ip6Fw - ok
15:46:36.0796 3712 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:46:36.0796 3712 IpFilterDriver - ok
15:46:36.0796 3712 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:46:36.0796 3712 IpInIp - ok
15:46:36.0828 3712 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:46:36.0843 3712 IpNat - ok
15:46:36.0859 3712 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:46:36.0859 3712 IPSec - ok
15:46:36.0859 3712 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:46:36.0859 3712 IRENUM - ok
15:46:36.0890 3712 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:46:36.0890 3712 isapnp - ok
15:46:36.0953 3712 JavaQuickStarterService (a456937acc87bb40d7e2331f1e3a2ac5) C:\Program Files\Java\jre7\bin\jqs.exe
15:46:36.0953 3712 JavaQuickStarterService - ok
15:46:37.0000 3712 JWC - ok
15:46:37.0000 3712 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:46:37.0015 3712 Kbdclass - ok
15:46:37.0062 3712 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\kl1.sys
15:46:37.0062 3712 KL1 - ok
15:46:37.0093 3712 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\WINDOWS\system32\DRIVERS\kl2.sys
15:46:37.0093 3712 kl2 - ok
15:46:37.0140 3712 KLIF (5d92a03045a6a98708975b3d77b39a36) C:\WINDOWS\system32\DRIVERS\klif.sys
15:46:37.0156 3712 KLIF - ok
15:46:37.0203 3712 klim5 (96a7ec308a93da26dfe481308baac2a2) C:\WINDOWS\system32\DRIVERS\klim5.sys
15:46:37.0203 3712 klim5 - ok
15:46:37.0218 3712 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
15:46:37.0218 3712 klmouflt - ok
15:46:37.0265 3712 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:46:37.0265 3712 kmixer - ok
15:46:37.0296 3712 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:46:37.0296 3712 KSecDD - ok
15:46:37.0343 3712 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:46:37.0343 3712 lanmanserver - ok
15:46:37.0359 3712 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:46:37.0359 3712 lanmanworkstation - ok
15:46:37.0375 3712 lbrtfdc - ok
15:46:37.0421 3712 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:46:37.0421 3712 LmHosts - ok
15:46:37.0453 3712 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:46:37.0453 3712 Messenger - ok
15:46:37.0468 3712 Microsoft SharePoint Workspace Audit Service - ok
15:46:37.0500 3712 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:46:37.0500 3712 mnmdd - ok
15:46:37.0531 3712 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:46:37.0531 3712 mnmsrvc - ok
15:46:37.0546 3712 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:46:37.0546 3712 Modem - ok
15:46:37.0562 3712 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:46:37.0562 3712 Mouclass - ok
15:46:37.0593 3712 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:46:37.0593 3712 mouhid - ok
15:46:37.0625 3712 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:46:37.0625 3712 MountMgr - ok
15:46:37.0625 3712 mraid35x - ok
15:46:37.0640 3712 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:46:37.0640 3712 MRxDAV - ok
15:46:37.0671 3712 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:46:37.0671 3712 MRxSmb - ok
15:46:37.0687 3712 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:46:37.0703 3712 MSDTC - ok
15:46:37.0703 3712 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:46:37.0703 3712 Msfs - ok
15:46:37.0718 3712 MSIServer - ok
15:46:37.0718 3712 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:46:37.0718 3712 MSKSSRV - ok
15:46:37.0734 3712 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:46:37.0734 3712 MSPCLOCK - ok
15:46:37.0734 3712 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:46:37.0734 3712 MSPQM - ok
15:46:37.0781 3712 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:46:37.0781 3712 mssmbios - ok
15:46:37.0796 3712 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:46:37.0796 3712 Mup - ok
15:46:37.0843 3712 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:46:37.0843 3712 napagent - ok
15:46:37.0906 3712 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files\Nero\Update\NASvc.exe
15:46:37.0906 3712 NAUpdate - ok
15:46:37.0953 3712 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:46:37.0953 3712 NDIS - ok
15:46:37.0984 3712 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:46:37.0984 3712 NdisTapi - ok
15:46:38.0000 3712 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:46:38.0000 3712 Ndisuio - ok
15:46:38.0015 3712 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:46:38.0015 3712 NdisWan - ok
15:46:38.0031 3712 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:46:38.0031 3712 NDProxy - ok
15:46:38.0046 3712 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:46:38.0046 3712 NetBIOS - ok
15:46:38.0078 3712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:46:38.0078 3712 NetBT - ok
15:46:38.0125 3712 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:46:38.0125 3712 NetDDE - ok
15:46:38.0125 3712 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:46:38.0140 3712 NetDDEdsdm - ok
15:46:38.0156 3712 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:46:38.0156 3712 Netlogon - ok
15:46:38.0234 3712 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:46:38.0234 3712 Netman - ok
15:46:38.0343 3712 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:46:38.0343 3712 NetTcpPortSharing - ok
15:46:38.0390 3712 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:46:38.0390 3712 Nla - ok
15:46:38.0406 3712 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:46:38.0406 3712 Npfs - ok
15:46:38.0437 3712 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:46:38.0453 3712 Ntfs - ok
15:46:38.0453 3712 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:46:38.0453 3712 NtLmSsp - ok
15:46:38.0500 3712 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:46:38.0500 3712 NtmsSvc - ok
15:46:38.0531 3712 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:46:38.0531 3712 Null - ok
15:46:38.0578 3712 nvatabus (83f0275a21d9772b51cef57e35afae61) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
15:46:38.0578 3712 nvatabus - ok
15:46:38.0593 3712 nvcchflt (fb7213bc5279c1af5e4e9ca05d944f2c) C:\WINDOWS\system32\DRIVERS\nvcchflt.sys
15:46:38.0593 3712 nvcchflt - ok
15:46:38.0609 3712 NVENETFD (468e839f0f7aff5c9baa4717b82cdd11) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:46:38.0609 3712 NVENETFD - ok
15:46:38.0625 3712 nvnetbus (7a6444c5f0d53c7e6e7f500bc4c930f7) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:46:38.0625 3712 nvnetbus - ok
15:46:38.0671 3712 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:46:38.0671 3712 NwlnkFlt - ok
15:46:38.0671 3712 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:46:38.0671 3712 NwlnkFwd - ok
15:46:38.0750 3712 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:46:38.0750 3712 ose - ok
15:46:39.0015 3712 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:46:39.0046 3712 osppsvc - ok
15:46:39.0156 3712 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:46:39.0156 3712 Parport - ok
15:46:39.0203 3712 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:46:39.0203 3712 PartMgr - ok
15:46:39.0250 3712 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:46:39.0250 3712 ParVdm - ok
15:46:39.0250 3712 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:46:39.0250 3712 PCI - ok
15:46:39.0265 3712 PCIDump - ok
15:46:39.0281 3712 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:46:39.0296 3712 PCIIde - ok
15:46:39.0312 3712 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:46:39.0312 3712 Pcmcia - ok
15:46:39.0328 3712 PDCOMP - ok
15:46:39.0328 3712 PDFRAME - ok
15:46:39.0343 3712 PDRELI - ok
15:46:39.0343 3712 PDRFRAME - ok
15:46:39.0343 3712 perc2 - ok
15:46:39.0359 3712 perc2hib - ok
15:46:39.0421 3712 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:46:39.0421 3712 PlugPlay - ok
15:46:39.0468 3712 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:46:39.0468 3712 PolicyAgent - ok
15:46:39.0484 3712 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:46:39.0484 3712 PptpMiniport - ok
15:46:39.0484 3712 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:46:39.0500 3712 Processor - ok
15:46:39.0500 3712 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:46:39.0500 3712 ProtectedStorage - ok
15:46:39.0515 3712 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:46:39.0515 3712 PSched - ok
15:46:39.0531 3712 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:46:39.0531 3712 Ptilink - ok
15:46:39.0531 3712 ql1080 - ok
15:46:39.0531 3712 Ql10wnt - ok
15:46:39.0546 3712 ql12160 - ok
15:46:39.0546 3712 ql1240 - ok
15:46:39.0562 3712 ql1280 - ok
15:46:39.0578 3712 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:46:39.0578 3712 RasAcd - ok
15:46:39.0593 3712 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:46:39.0593 3712 RasAuto - ok
15:46:39.0609 3712 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:46:39.0609 3712 Rasl2tp - ok
15:46:39.0640 3712 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:46:39.0656 3712 RasMan - ok
15:46:39.0656 3712 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:46:39.0656 3712 RasPppoe - ok
15:46:39.0671 3712 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:46:39.0671 3712 Raspti - ok
15:46:39.0718 3712 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:46:39.0718 3712 Rdbss - ok
15:46:39.0718 3712 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:46:39.0718 3712 RDPCDD - ok
15:46:39.0734 3712 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:46:39.0750 3712 rdpdr - ok
15:46:39.0781 3712 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
15:46:39.0781 3712 RDPWD - ok
15:46:39.0812 3712 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:46:39.0812 3712 RDSessMgr - ok
15:46:39.0843 3712 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:46:39.0843 3712 redbook - ok
15:46:39.0875 3712 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:46:39.0875 3712 RemoteAccess - ok
15:46:39.0906 3712 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:46:39.0906 3712 RemoteRegistry - ok
15:46:39.0937 3712 RimUsb (4f4a4c09cc5be58a76cac1c337e004e6) C:\WINDOWS\system32\Drivers\RimUsb.sys
15:46:39.0937 3712 RimUsb - ok
15:46:39.0953 3712 RimVSerPort (3a5633ad615e2b15291bd0b1b97ccd8a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
15:46:39.0953 3712 RimVSerPort - ok
15:46:39.0968 3712 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
15:46:39.0968 3712 ROOTMODEM - ok
15:46:39.0984 3712 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:46:39.0984 3712 RpcLocator - ok
15:46:40.0046 3712 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
15:46:40.0046 3712 RpcSs - ok
15:46:40.0078 3712 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:46:40.0078 3712 RSVP - ok
15:46:40.0109 3712 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:46:40.0125 3712 rtl8139 - ok
15:46:40.0125 3712 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:46:40.0140 3712 SamSs - ok
15:46:40.0171 3712 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:46:40.0171 3712 SCardSvr - ok
15:46:40.0218 3712 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:46:40.0218 3712 Schedule - ok
15:46:40.0265 3712 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:46:40.0265 3712 Secdrv - ok
15:46:40.0281 3712 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:46:40.0281 3712 seclogon - ok
15:46:40.0281 3712 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:46:40.0281 3712 SENS - ok
15:46:40.0343 3712 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:46:40.0343 3712 serenum - ok
15:46:40.0359 3712 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:46:40.0359 3712 Serial - ok
15:46:40.0375 3712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:46:40.0375 3712 Sfloppy - ok
15:46:40.0406 3712 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:46:40.0421 3712 SharedAccess - ok
15:46:40.0468 3712 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:46:40.0468 3712 ShellHWDetection - ok
15:46:40.0468 3712 Simbad - ok
15:46:40.0593 3712 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
15:46:40.0593 3712 Sony PC Companion - ok
15:46:40.0640 3712 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
15:46:40.0640 3712 SONYPVU1 - ok
15:46:40.0640 3712 Sparrow - ok
15:46:40.0765 3712 speccy - ok
15:46:40.0796 3712 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:46:40.0796 3712 splitter - ok
15:46:40.0843 3712 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:46:40.0843 3712 Spooler - ok
15:46:40.0875 3712 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:46:40.0875 3712 sr - ok
15:46:40.0890 3712 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:46:40.0890 3712 srservice - ok
15:46:40.0968 3712 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:46:40.0984 3712 Srv - ok
15:46:41.0000 3712 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:46:41.0000 3712 SSDPSRV - ok
15:46:41.0031 3712 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:46:41.0046 3712 stisvc - ok
15:46:41.0046 3712 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:46:41.0062 3712 swenum - ok
15:46:41.0078 3712 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:46:41.0078 3712 swmidi - ok
15:46:41.0078 3712 SwPrv - ok
15:46:41.0093 3712 symc810 - ok
15:46:41.0093 3712 symc8xx - ok
15:46:41.0109 3712 sym_hi - ok
15:46:41.0125 3712 sym_u3 - ok
15:46:41.0140 3712 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:46:41.0140 3712 sysaudio - ok
15:46:41.0171 3712 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:46:41.0171 3712 SysmonLog - ok
15:46:41.0218 3712 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:46:41.0218 3712 TapiSrv - ok
15:46:41.0281 3712 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:46:41.0281 3712 Tcpip - ok
15:46:41.0281 3712 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:46:41.0281 3712 TDPIPE - ok
15:46:41.0296 3712 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:46:41.0296 3712 TDTCP - ok
15:46:41.0312 3712 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:46:41.0312 3712 TermDD - ok
15:46:41.0343 3712 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:46:41.0343 3712 TermService - ok
15:46:41.0390 3712 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:46:41.0390 3712 Themes - ok
15:46:41.0437 3712 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:46:41.0437 3712 TlntSvr - ok
15:46:41.0437 3712 TosIde - ok
15:46:41.0453 3712 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:46:41.0453 3712 TrkWks - ok
15:46:41.0484 3712 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:46:41.0484 3712 Udfs - ok
15:46:41.0500 3712 ultra - ok
15:46:41.0546 3712 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:46:41.0562 3712 Update - ok
15:46:41.0593 3712 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:46:41.0593 3712 upnphost - ok
15:46:41.0609 3712 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:46:41.0609 3712 UPS - ok
15:46:41.0640 3712 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:46:41.0640 3712 usbccgp - ok
15:46:41.0656 3712 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:46:41.0656 3712 usbehci - ok
15:46:41.0656 3712 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:46:41.0656 3712 usbhub - ok
15:46:41.0671 3712 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:46:41.0671 3712 usbohci - ok
15:46:41.0703 3712 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:46:41.0703 3712 usbprint - ok
15:46:41.0703 3712 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:46:41.0703 3712 usbscan - ok
15:46:41.0734 3712 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:46:41.0734 3712 usbstor - ok
15:46:41.0781 3712 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:46:41.0781 3712 VgaSave - ok
15:46:41.0781 3712 ViaIde - ok
15:46:41.0812 3712 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:46:41.0812 3712 VolSnap - ok
15:46:41.0859 3712 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:46:41.0859 3712 VSS - ok
15:46:41.0890 3712 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:46:41.0890 3712 W32Time - ok
15:46:41.0890 3712 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:46:41.0906 3712 Wanarp - ok
15:46:41.0968 3712 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:46:41.0968 3712 Wdf01000 - ok
15:46:41.0984 3712 WDICA - ok
15:46:42.0031 3712 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:46:42.0031 3712 wdmaud - ok
15:46:42.0046 3712 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:46:42.0046 3712 WebClient - ok
15:46:42.0109 3712 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:46:42.0109 3712 winmgmt - ok
15:46:42.0171 3712 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:46:42.0171 3712 WmdmPmSN - ok
15:46:42.0234 3712 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:46:42.0250 3712 Wmi - ok
15:46:42.0281 3712 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:46:42.0281 3712 WmiApSrv - ok
15:46:42.0437 3712 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:46:42.0437 3712 WMPNetworkSvc - ok
15:46:42.0468 3712 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:46:42.0468 3712 WpdUsb - ok
15:46:42.0515 3712 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:46:42.0515 3712 WS2IFSL - ok
15:46:42.0562 3712 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:46:42.0562 3712 wscsvc - ok
15:46:42.0578 3712 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:46:42.0578 3712 wuauserv - ok
15:46:42.0625 3712 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:46:42.0625 3712 WudfPf - ok
15:46:42.0625 3712 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:46:42.0640 3712 WudfRd - ok
15:46:42.0656 3712 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:46:42.0656 3712 WudfSvc - ok
15:46:42.0718 3712 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:46:42.0734 3712 WZCSVC - ok
15:46:42.0765 3712 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:46:42.0765 3712 xmlprov - ok
15:46:42.0796 3712 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:46:43.0046 3712 \Device\Harddisk0\DR0 - ok
15:46:43.0078 3712 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
15:46:43.0250 3712 \Device\Harddisk1\DR1 - ok
15:46:43.0265 3712 Boot (0x1200) (5ae4193415d5ef04f7f2a5bce99345f6) \Device\Harddisk0\DR0\Partition0
15:46:43.0265 3712 \Device\Harddisk0\DR0\Partition0 - ok
15:46:43.0265 3712 Boot (0x1200) (80b1a0036a9c55ff28818e70db11f101) \Device\Harddisk1\DR1\Partition0
15:46:43.0265 3712 \Device\Harddisk1\DR1\Partition0 - ok
15:46:43.0265 3712 ============================================================
15:46:43.0265 3712 Scan finished
15:46:43.0265 3712 ============================================================
15:46:43.0281 2640 Detected object count: 0
15:46:43.0281 2640 Actual detected object count: 0


aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-08 15:53:56
-----------------------------
15:53:56.968 OS Version: Windows 5.1.2600 Service Pack 3
15:53:56.968 Number of processors: 2 586 0x2302
15:53:56.968 ComputerName: BRYANWORK UserName: bryan
15:54:06.328 Initialize success
15:56:28.218 AVAST engine defs: 12080800
15:56:50.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
15:56:50.718 Disk 0 Vendor: Maxtor_6L300R0 BAH41G10 Size: 286188MB BusType: 3
15:56:50.718 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006e
15:56:50.718 Disk 1 Vendor: ST3320620A 3.AAE Size: 305245MB BusType: 3
15:56:50.906 Disk 0 MBR read successfully
15:56:50.906 Disk 0 MBR scan
15:56:51.265 Disk 0 Windows XP default MBR code
15:56:51.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286173 MB offset 63
15:56:51.265 Disk 0 scanning sectors +586083330
15:56:51.656 Disk 0 scanning C:\WINDOWS\system32\drivers
15:57:59.000 Service scanning
15:58:28.031 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
15:58:28.078 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
15:58:29.500 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
15:58:29.984 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
15:59:25.468 Modules scanning
16:00:00.546 Disk 0 trace - called modules:
16:00:00.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys
16:00:00.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad14ab8]
16:00:00.765 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8ad942f0]
16:00:00.765 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\0000006d[0x8adcc030]
16:00:05.515 AVAST engine scan C:\WINDOWS
16:01:30.109 AVAST engine scan C:\WINDOWS\system32
16:06:44.593 File: C:\WINDOWS\system32\rdsaddinc.dll **INFECTED** Win32:Diller-DK [Trj]
16:09:13.296 AVAST engine scan C:\WINDOWS\system32\drivers
16:09:59.203 AVAST engine scan C:\Documents and Settings\bryan
16:54:21.859 AVAST engine scan C:\Documents and Settings\All Users
17:02:40.468 Scan finished successfully
17:05:42.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bryan\Desktop\MBR.dat"
17:05:42.343 The log file has been saved successfully to "C:\Documents and Settings\bryan\Desktop\aswMBR.txt"

the computer works fine apart from the redirect
thank you
Bryan

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 08 August 2012 - 12:10 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\WINDOWS\system32\rdsaddinc.dll 
c:\windows\Tasks\lktxme.job

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 firsttaff

firsttaff
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 09 August 2012 - 05:30 PM

Hi
here is the combo fix log


ComboFix 12-08-09.01 - bryan 09/08/2012 22:59:21.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2552 [GMT 1:00]
Running from: c:\documents and settings\bryan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\bryan\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
FILE ::
"c:\windows\system32\rdsaddinc.dll"
"c:\windows\Tasks\lktxme.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\rdsaddinc.dll
c:\windows\Tasks\lktxme.job
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-06 07:31 . 2012-08-06 07:31 -------- d-----w- c:\documents and settings\bryan\Application Data\dvdcss
2012-07-25 12:27 . 2012-07-25 12:27 -------- d-----w- c:\documents and settings\bryan\Application Data\PlatinumHideIP
2012-07-25 12:27 . 2012-07-25 12:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PlatinumHideIP
2012-07-25 12:25 . 2012-07-25 12:27 -------- d-----w- c:\program files\PlatinumHideIP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 21:18 . 2012-04-04 13:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-04 21:18 . 2012-02-24 12:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 21:53 . 2012-06-26 16:08 772592 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-03 21:53 . 2012-06-26 16:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-03 21:53 . 2012-03-26 10:20 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19 . 2004-08-03 22:17 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-03 23:56 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-03 23:56 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 14:19 . 2009-08-06 19:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2012-02-24 09:25 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2012-02-24 09:25 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2012-02-24 09:25 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2009-08-06 19:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2012-02-24 09:25 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2012-02-24 09:25 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2009-08-06 19:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2009-08-06 19:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2004-08-03 23:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2009-08-06 19:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2012-02-24 09:25 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2012-02-24 09:25 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 14:18 . 2012-02-26 15:10 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18 . 2012-02-26 15:10 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 14:18 . 2012-02-26 15:10 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-03 23:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-03 23:56 916992 ----a-w- c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\documents and settings\bryan\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-07-31 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX520 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE" [2005-04-07 98304]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-01-03 13:10 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-01-03 13:10 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2011-08-17 07:29 4527424 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\bryan\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"43095:TCP"= 43095:TCP:Windows Core Service
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [24/02/2012 01:42 16640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [03/03/2012 16:31 232512]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352]
R2 JWC;Jeppesen Weather Controller Service;c:\program files\Jeppesen\JWC\JWC.exe -service --> c:\program files\Jeppesen\JWC\JWC.exe -service [?]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [04/05/2010 13:07 503080]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/05/2012 15:20 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04/04/2012 14:52 250056]
S3 cpuz135;cpuz135;\??\c:\docume~1\bryan\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\bryan\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [26/03/2012 11:21 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/05/2012 15:20 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 12:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22:37 4640000]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [22/03/2012 23:23 155320]
S3 speccy;speccy;\??\c:\docume~1\bryan\LOCALS~1\Temp\1b4e970f-c7c7-41c1-92ec-3ecf94e4d380 --> c:\docume~1\bryan\LOCALS~1\Temp\1b4e970f-c7c7-41c1-92ec-3ecf94e4d380 [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:18]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-06 14:20]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-06 14:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 23:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\speccy]
"ImagePath"="\??\c:\docume~1\bryan\LOCALS~1\Temp\1b4e970f-c7c7-41c1-92ec-3ecf94e4d380"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-08-09 23:08:55
ComboFix-quarantined-files.txt 2012-08-09 22:08
.
Pre-Run: 88,737,746,944 bytes free
Post-Run: 89,077,485,568 bytes free
.
- - End Of File - - B4A3080CCC29619A068E0BA04D979717

I had no problems running the programe and it did not require a restart at any time


The computer is working fine , i have had no redirects this evening
thank you
Bryan

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 10 August 2012 - 12:23 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 33
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 firsttaff

firsttaff
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 13 August 2012 - 02:24 PM

Hello
I deleted programs as instructed

malawares log file

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
bryan :: BRYANWORK [administrator]

13/08/2012 19:49:10
mbam-log-2012-08-13 (19-49-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183538
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hijack this log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:22:27, on 13/08/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Jeppesen\JWC\JWC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Documents and Settings\bryan\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\bryan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\bryan\Application Data\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1330079611937
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Jeppesen Weather Controller Service (JWC) - Jeppesen - C:\Program Files\Jeppesen\JWC\JWC.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

--
End of file - 8833 bytes

I had no problems carrying out your instructions .
the computer works great , no problems , no redirect
thank you

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 13 August 2012 - 04:24 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\bryan\Application Data\Spotify\Data\SpotifyWebHelper.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 firsttaff

firsttaff
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 15 August 2012 - 07:40 AM

Hello
All instructions carried out , no threats , no problems , computer works fine .

Thank you so much for all your kind help it was very much appreciated
best wishes
Bryan

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 15 August 2012 - 09:42 AM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 17 August 2012 - 11:13 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users