Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My start by incredibar


  • This topic is locked This topic is locked
34 replies to this topic

#1 cheryl g

cheryl g

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 07 August 2012 - 07:56 AM

I have an unwanted search engine of sorts. I had another post in the am i infected forum, but have been directed to post here now.
This is what I did on my own: I tried to ininstall using add and remove programs. I ran a malware bytes scan and removed several items recomended. I used Revo uninstaller. I reset my IE home page back to normal. (It had changed my homepage.) It no longer comes up on IE when I search for something. It does still come up on Google Chrome when I do a search.

I am running Windows XP professional with service pack 3.


This is what I did with help: ran Spybot Search and Destroy, ran Superantispyware Free, ran MBAM (renamed), tried System Restore, did steps 6- 9 of preparation guide. Here are the 3 files as requested.

Thanks for your help. I appreciate it.
Cheryl

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 21:31:26 on 2012-08-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.436 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\FirstClass\fcc32.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://uhaul.net/login_main.aspx?ReturnUrl=/Default.aspx
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [RunNarrator] Narrator.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1332533296265
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{83D03997-9E51-4027-AFF9-AFD297F16B76} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-2-22 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-11 250056]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-13 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-30 03:01:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-30 03:01:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-23 20:42:55 315392 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp6en.dll
2012-07-23 20:42:55 126976 ----a-w- c:\windows\system32\hpfll6en.dll
2012-07-23 20:42:15 -------- d-----w- c:\program files\common files\Hewlett-Packard
2012-07-23 20:41:54 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2012-07-23 20:41:54 309760 ----a-w- c:\windows\system32\difxapi.dll
2012-07-23 20:41:54 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2012-07-23 20:41:53 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2012-07-23 20:41:49 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2012-07-23 20:41:43 271704 ----a-w- c:\windows\system32\hpzids01.dll
2012-07-23 20:40:40 -------- d-----w- c:\program files\HP
2012-07-17 03:03:36 -------- d-----w- c:\documents and settings\administrator\application data\SUPERAntiSpyware.com
2012-07-17 03:03:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-17 03:03:07 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-07-16 21:26:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-16 21:26:18 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-07-16 12:56:36 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-07-16 12:56:01 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-15 18:41:09 -------- d-----w- c:\documents and settings\all users\application data\Premium
2012-07-15 18:31:02 -------- d-----w- c:\documents and settings\all users\application data\CodecUpdate
2012-07-15 18:26:44 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
.
==================== Find3M ====================
.
2012-08-03 13:30:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-03 13:30:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 21:32:37.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 PM

Posted 08 August 2012 - 11:34 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cheryl g

cheryl g
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 09 August 2012 - 10:24 AM

Hi Gringo. Thanks for your help!

The Security check went as instructed. I saved the checkup file. I am not posting it yet (because I can't get to it). When I followed the instructions to disable tea timer I did uncheck it in the first spot it directed me to , but I did not find it in the startup list at all.

I proceeded with the Combofix. It completed thru stage 50, deleted several files and 2 folders, and now appears to be stuck. The blue window is open showing what it has done. I have a blinking cursor at the bottom. I am posting from another computer.

thanks, Cheryl

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 PM

Posted 09 August 2012 - 10:25 AM

give it 15 min and if nothing has changed restart the computer



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cheryl g

cheryl g
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 09 August 2012 - 02:57 PM

Restarted computer. Here is the checkup log. Still have the search engine.


Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

thanks, cheryl

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 PM

Posted 09 August 2012 - 03:06 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cheryl g

cheryl g
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 09 August 2012 - 04:07 PM

I am still in safe mode and online

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 PM

Posted 09 August 2012 - 04:16 PM

run combofix and send me the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cheryl g

cheryl g
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 09 August 2012 - 05:17 PM

ComboFix 12-08-09.01 - Administrator 08/09/2012 17:04:28.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.833 [GMT -6:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-07-30 03:01 . 2012-08-01 00:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-30 03:01 . 2012-07-03 19:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 20:42 . 2008-12-17 00:17 126976 ----a-w- c:\windows\system32\hpfll6en.dll
2012-07-23 20:42 . 2008-12-17 00:17 315392 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp6en.dll
2012-07-23 20:42 . 2012-07-23 20:42 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2012-07-23 20:41 . 2008-10-29 00:31 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2012-07-23 20:41 . 2008-10-29 00:31 309760 ----a-w- c:\windows\system32\difxapi.dll
2012-07-23 20:41 . 2008-10-29 00:31 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2012-07-23 20:41 . 2008-10-29 00:31 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2012-07-23 20:41 . 2008-10-29 00:31 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2012-07-23 20:41 . 2008-10-30 08:46 271704 ----a-w- c:\windows\system32\hpzids01.dll
2012-07-23 20:40 . 2012-08-01 00:03 -------- d-----w- c:\program files\HP
2012-07-17 03:03 . 2012-07-17 03:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-07-17 03:03 . 2012-07-18 02:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-17 03:03 . 2012-07-17 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-07-16 21:26 . 2012-07-18 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-16 21:26 . 2012-07-18 02:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-16 12:56 . 2012-07-16 12:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-07-16 12:56 . 2012-07-16 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-15 18:41 . 2012-07-15 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium
2012-07-15 18:31 . 2012-08-01 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\CodecUpdate
2012-07-15 18:27 . 2012-07-15 18:27 454 ----a-w- C:\user.js
2012-07-15 18:26 . 2012-07-15 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 13:30 . 2012-05-11 22:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 13:30 . 2012-03-26 14:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2008-04-13 23:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-13 23:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-13 23:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-13 23:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2012-03-23 20:08 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2012-03-23 20:08 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2012-03-23 19:30 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2012-03-23 19:30 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2012-03-23 19:30 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2012-03-23 20:08 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-03-23 20:08 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2012-03-23 19:30 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-03-23 19:30 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2008-04-13 23:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2012-03-23 20:08 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2012-03-23 19:30 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-03-23 19:30 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-13 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 5:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 5:46 AM 31952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/22/2012 6:25 AM 301248]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
S0 cerc6;cerc6; [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 6:25 AM 235216]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 5:53 AM 193288]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/11/2012 4:45 PM 250056]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 2:32 PM 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 2:32 PM 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 2:32 PM 17232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 13:30]
.
2012-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1004336348-1644491937-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-11 18:37]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1004336348-1644491937-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-11 18:37]
.
.
------- Supplementary Scan -------
.
uStart Page = https://uhaul.net/login_main.aspx?ReturnUrl=/Default.aspx
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 17:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1202660629-1004336348-1644491937-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,dc,9f,eb,b8,41,c5,4d,b8,24,eb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,62,fd,7b,a6,7f,7d,4e,9a,75,56,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,62,fd,7b,a6,7f,7d,4e,9a,75,56,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(776)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-08-09 17:15:37
ComboFix-quarantined-files.txt 2012-08-09 23:15
.
Pre-Run: 22,573,477,888 bytes free
Post-Run: 22,529,302,528 bytes free
.
- - End Of File - - 8F5D630FBFF958897A58117A6878B7BB

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 PM

Posted 10 August 2012 - 12:24 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 cheryl g

cheryl g
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 13 August 2012 - 03:36 PM

Sorry for the delayed response. Here are 2 scan logs.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-13 15:02:22
-----------------------------
15:02:22.218 OS Version: Windows 5.1.2600 Service Pack 3
15:02:22.218 Number of processors: 1 586 0x401
15:02:22.218 ComputerName: 170L UserName:
15:02:23.921 Initialize success
15:05:43.531 AVAST engine defs: 12081301
15:10:23.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:10:23.484 Disk 0 Vendor: WDC_WD400BB-75JHC0 06.01C06 Size: 38146MB BusType: 3
15:10:23.500 Disk 0 MBR read successfully
15:10:23.500 Disk 0 MBR scan
15:10:23.578 Disk 0 Windows XP default MBR code
15:10:23.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38138 MB offset 63
15:10:23.625 Disk 0 scanning sectors +78108030
15:10:23.781 Disk 0 scanning C:\WINDOWS\system32\drivers
15:10:46.859 Service scanning
15:11:35.000 Modules scanning
15:11:57.234 Disk 0 trace - called modules:
15:11:57.250 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys
15:11:57.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8637aab8]
15:11:57.750 3 CLASSPNP.SYS[f74d6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8637bb00]
15:11:58.421 AVAST engine scan C:\WINDOWS
15:12:05.546 AVAST engine scan C:\WINDOWS\system32
15:21:25.921 AVAST engine scan C:\WINDOWS\system32\drivers
15:21:51.968 AVAST engine scan C:\Documents and Settings\Administrator
15:28:56.890 AVAST engine scan C:\Documents and Settings\All Users
15:30:08.890 Scan finished successfully
15:35:05.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
15:35:05.937 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


14:48:55.0000 4040 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:48:55.0890 4040 ============================================================
14:48:55.0890 4040 Current date / time: 2012/08/13 14:48:55.0890
14:48:55.0890 4040 SystemInfo:
14:48:55.0890 4040
14:48:55.0890 4040 OS Version: 5.1.2600 ServicePack: 3.0
14:48:55.0890 4040 Product type: Workstation
14:48:55.0890 4040 ComputerName: 170L
14:48:55.0890 4040 UserName: Administrator
14:48:55.0890 4040 Windows directory: C:\WINDOWS
14:48:55.0890 4040 System windows directory: C:\WINDOWS
14:48:55.0890 4040 Processor architecture: Intel x86
14:48:55.0890 4040 Number of processors: 1
14:48:55.0890 4040 Page size: 0x1000
14:48:55.0890 4040 Boot type: Normal boot
14:48:55.0890 4040 ============================================================
14:49:03.0031 4040 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:49:03.0062 4040 Drive \Device\Harddisk3\DR12 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:49:03.0062 4040 ============================================================
14:49:03.0062 4040 \Device\Harddisk0\DR0:
14:49:03.0078 4040 MBR partitions:
14:49:03.0078 4040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
14:49:03.0078 4040 \Device\Harddisk3\DR12:
14:49:03.0078 4040 MBR partitions:
14:49:03.0078 4040 \Device\Harddisk3\DR12\Partition0: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3AE039
14:49:03.0078 4040 ============================================================
14:49:03.0281 4040 C: <-> \Device\Harddisk0\DR0\Partition0
14:49:03.0281 4040 ============================================================
14:49:03.0281 4040 Initialize success
14:49:03.0281 4040 ============================================================
14:49:27.0375 3800 ============================================================
14:49:27.0375 3800 Scan started
14:49:27.0375 3800 Mode: Manual;
14:49:27.0375 3800 ============================================================
14:49:27.0937 3800 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:49:27.0968 3800 !SASCORE - ok
14:49:28.0234 3800 Abiosdsk - ok
14:49:28.0250 3800 abp480n5 - ok
14:49:28.0390 3800 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:49:28.0453 3800 ACPI - ok
14:49:28.0515 3800 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:49:28.0515 3800 ACPIEC - ok
14:49:28.0718 3800 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:49:28.0828 3800 AdobeFlashPlayerUpdateSvc - ok
14:49:28.0843 3800 adpu160m - ok
14:49:28.0906 3800 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
14:49:28.0906 3800 aeaudio - ok
14:49:28.0984 3800 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:49:29.0031 3800 aec - ok
14:49:29.0140 3800 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:49:29.0187 3800 AFD - ok
14:49:29.0203 3800 Aha154x - ok
14:49:29.0218 3800 aic78u2 - ok
14:49:29.0218 3800 aic78xx - ok
14:49:29.0281 3800 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:49:29.0281 3800 Alerter - ok
14:49:29.0328 3800 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:49:29.0343 3800 ALG - ok
14:49:29.0359 3800 AliIde - ok
14:49:29.0359 3800 amsint - ok
14:49:29.0484 3800 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:49:29.0515 3800 Apple Mobile Device - ok
14:49:29.0640 3800 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:49:29.0703 3800 AppMgmt - ok
14:49:29.0718 3800 asc - ok
14:49:29.0718 3800 asc3350p - ok
14:49:29.0734 3800 asc3550 - ok
14:49:29.0921 3800 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:49:29.0937 3800 aspnet_state - ok
14:49:30.0000 3800 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:49:30.0000 3800 AsyncMac - ok
14:49:30.0093 3800 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:49:30.0093 3800 atapi - ok
14:49:30.0109 3800 Atdisk - ok
14:49:30.0156 3800 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:49:30.0187 3800 Atmarpc - ok
14:49:30.0234 3800 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:49:30.0265 3800 AudioSrv - ok
14:49:30.0328 3800 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:49:30.0328 3800 audstub - ok
14:49:32.0406 3800 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe
14:49:34.0343 3800 AVGIDSAgent - ok
14:49:34.0703 3800 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
14:49:34.0765 3800 AVGIDSDriver - ok
14:49:34.0875 3800 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
14:49:34.0875 3800 AVGIDSFilter - ok
14:49:34.0953 3800 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
14:49:34.0968 3800 AVGIDSHX - ok
14:49:35.0031 3800 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
14:49:35.0046 3800 AVGIDSShim - ok
14:49:35.0203 3800 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:49:35.0296 3800 Avgldx86 - ok
14:49:35.0328 3800 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:49:35.0343 3800 Avgmfx86 - ok
14:49:35.0421 3800 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:49:35.0437 3800 Avgrkx86 - ok
14:49:35.0609 3800 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:49:35.0750 3800 Avgtdix - ok
14:49:35.0968 3800 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
14:49:36.0046 3800 avgwd - ok
14:49:36.0125 3800 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:49:36.0125 3800 Beep - ok
14:49:36.0343 3800 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:49:36.0531 3800 BITS - ok
14:49:36.0796 3800 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:49:36.0921 3800 Bonjour Service - ok
14:49:37.0015 3800 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:49:37.0046 3800 Browser - ok
14:49:37.0187 3800 catchme - ok
14:49:37.0234 3800 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:49:37.0250 3800 cbidf2k - ok
14:49:37.0250 3800 cd20xrnt - ok
14:49:37.0296 3800 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:49:37.0312 3800 Cdaudio - ok
14:49:37.0390 3800 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:49:37.0421 3800 Cdfs - ok
14:49:37.0500 3800 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:49:37.0531 3800 Cdrom - ok
14:49:37.0531 3800 cerc6 - ok
14:49:37.0546 3800 Changer - ok
14:49:37.0578 3800 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:49:37.0578 3800 CiSvc - ok
14:49:37.0609 3800 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:49:37.0625 3800 ClipSrv - ok
14:49:37.0828 3800 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:49:37.0875 3800 clr_optimization_v2.0.50727_32 - ok
14:49:38.0062 3800 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:49:38.0156 3800 clr_optimization_v4.0.30319_32 - ok
14:49:38.0171 3800 CmdIde - ok
14:49:38.0187 3800 COMSysApp - ok
14:49:38.0203 3800 Cpqarray - ok
14:49:38.0281 3800 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:49:38.0296 3800 CryptSvc - ok
14:49:38.0312 3800 dac2w2k - ok
14:49:38.0328 3800 dac960nt - ok
14:49:38.0531 3800 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:49:38.0671 3800 DcomLaunch - ok
14:49:38.0781 3800 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:49:38.0828 3800 Dhcp - ok
14:49:38.0906 3800 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:49:38.0921 3800 Disk - ok
14:49:38.0921 3800 dmadmin - ok
14:49:39.0296 3800 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:49:39.0578 3800 dmboot - ok
14:49:39.0671 3800 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:49:39.0750 3800 dmio - ok
14:49:39.0796 3800 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:49:39.0796 3800 dmload - ok
14:49:39.0843 3800 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:49:39.0859 3800 dmserver - ok
14:49:39.0937 3800 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:49:39.0968 3800 DMusic - ok
14:49:40.0046 3800 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:49:40.0062 3800 Dnscache - ok
14:49:40.0171 3800 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:49:40.0218 3800 Dot3svc - ok
14:49:40.0218 3800 dpti2o - ok
14:49:40.0281 3800 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:49:40.0281 3800 drmkaud - ok
14:49:40.0406 3800 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:49:40.0468 3800 E100B - ok
14:49:40.0515 3800 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:49:40.0531 3800 EapHost - ok
14:49:40.0593 3800 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:49:40.0609 3800 ERSvc - ok
14:49:40.0703 3800 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:49:40.0781 3800 Eventlog - ok
14:49:40.0937 3800 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:49:41.0031 3800 EventSystem - ok
14:49:41.0140 3800 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:49:41.0187 3800 Fastfat - ok
14:49:41.0312 3800 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:49:41.0359 3800 FastUserSwitchingCompatibility - ok
14:49:41.0437 3800 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:49:41.0453 3800 Fdc - ok
14:49:41.0484 3800 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:49:41.0500 3800 Fips - ok
14:49:41.0531 3800 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:49:41.0546 3800 Flpydisk - ok
14:49:41.0656 3800 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:49:41.0703 3800 FltMgr - ok
14:49:41.0859 3800 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:49:41.0875 3800 FontCache3.0.0.0 - ok
14:49:41.0937 3800 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:49:41.0937 3800 Fs_Rec - ok
14:49:42.0015 3800 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:49:42.0062 3800 Ftdisk - ok
14:49:42.0125 3800 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:49:42.0140 3800 GEARAspiWDM - ok
14:49:42.0203 3800 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:49:42.0218 3800 Gpc - ok
14:49:42.0359 3800 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:49:42.0390 3800 helpsvc - ok
14:49:42.0390 3800 HidServ - ok
14:49:42.0453 3800 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:49:42.0468 3800 HidUsb - ok
14:49:42.0531 3800 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:49:42.0562 3800 hkmsvc - ok
14:49:42.0562 3800 hpn - ok
14:49:42.0640 3800 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:49:42.0656 3800 HPZid412 - ok
14:49:42.0687 3800 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:49:42.0703 3800 HPZipr12 - ok
14:49:42.0765 3800 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:49:42.0781 3800 HPZius12 - ok
14:49:42.0937 3800 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:49:43.0031 3800 HTTP - ok
14:49:43.0109 3800 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:49:43.0125 3800 HTTPFilter - ok
14:49:43.0125 3800 i2omgmt - ok
14:49:43.0140 3800 i2omp - ok
14:49:43.0218 3800 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:49:43.0234 3800 i8042prt - ok
14:49:43.0781 3800 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:49:44.0265 3800 ialm - ok
14:49:44.0796 3800 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:49:45.0156 3800 idsvc - ok
14:49:45.0421 3800 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:49:45.0437 3800 Imapi - ok
14:49:45.0562 3800 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:49:45.0625 3800 ImapiService - ok
14:49:45.0640 3800 ini910u - ok
14:49:45.0734 3800 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:49:45.0734 3800 IntelIde - ok
14:49:45.0812 3800 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:49:45.0828 3800 intelppm - ok
14:49:45.0875 3800 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:49:45.0890 3800 Ip6Fw - ok
14:49:45.0937 3800 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:49:45.0953 3800 IpFilterDriver - ok
14:49:45.0968 3800 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:49:45.0968 3800 IpInIp - ok
14:49:46.0046 3800 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:49:46.0109 3800 IpNat - ok
14:49:46.0531 3800 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:49:46.0843 3800 iPod Service - ok
14:49:46.0906 3800 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:49:46.0921 3800 IPSec - ok
14:49:46.0984 3800 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:49:46.0984 3800 IRENUM - ok
14:49:47.0062 3800 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:49:47.0078 3800 isapnp - ok
14:49:47.0218 3800 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
14:49:47.0281 3800 JavaQuickStarterService - ok
14:49:47.0312 3800 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:49:47.0312 3800 Kbdclass - ok
14:49:47.0375 3800 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:49:47.0390 3800 kbdhid - ok
14:49:47.0500 3800 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:49:47.0562 3800 kmixer - ok
14:49:47.0687 3800 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:49:47.0734 3800 KSecDD - ok
14:49:47.0796 3800 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:49:47.0859 3800 LanmanServer - ok
14:49:47.0984 3800 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:49:48.0031 3800 lanmanworkstation - ok
14:49:48.0046 3800 lbrtfdc - ok
14:49:48.0140 3800 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:49:48.0140 3800 LmHosts - ok
14:49:48.0187 3800 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:49:48.0203 3800 Messenger - ok
14:49:48.0250 3800 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:49:48.0250 3800 mnmdd - ok
14:49:48.0312 3800 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:49:48.0328 3800 mnmsrvc - ok
14:49:48.0375 3800 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:49:48.0390 3800 Modem - ok
14:49:48.0421 3800 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:49:48.0437 3800 Mouclass - ok
14:49:48.0515 3800 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:49:48.0515 3800 mouhid - ok
14:49:48.0593 3800 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:49:48.0609 3800 MountMgr - ok
14:49:48.0609 3800 mraid35x - ok
14:49:48.0750 3800 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:49:48.0843 3800 MRxDAV - ok
14:49:49.0078 3800 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:49:49.0250 3800 MRxSmb - ok
14:49:49.0296 3800 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:49:49.0312 3800 MSDTC - ok
14:49:49.0375 3800 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:49:49.0375 3800 Msfs - ok
14:49:49.0390 3800 MSIServer - ok
14:49:49.0437 3800 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:49:49.0453 3800 MSKSSRV - ok
14:49:49.0484 3800 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:49:49.0500 3800 MSPCLOCK - ok
14:49:49.0515 3800 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:49:49.0515 3800 MSPQM - ok
14:49:49.0578 3800 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:49:49.0593 3800 mssmbios - ok
14:49:49.0703 3800 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:49:49.0765 3800 Mup - ok
14:49:49.0921 3800 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:49:50.0031 3800 napagent - ok
14:49:50.0140 3800 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:49:50.0203 3800 NDIS - ok
14:49:50.0265 3800 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:49:50.0281 3800 NdisTapi - ok
14:49:50.0343 3800 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:49:50.0343 3800 Ndisuio - ok
14:49:50.0421 3800 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:49:50.0453 3800 NdisWan - ok
14:49:50.0500 3800 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:49:50.0531 3800 NDProxy - ok
14:49:50.0609 3800 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
14:49:50.0625 3800 Net Driver HPZ12 - ok
14:49:50.0671 3800 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:49:50.0687 3800 NetBIOS - ok
14:49:50.0781 3800 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:49:50.0859 3800 NetBT - ok
14:49:50.0953 3800 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:49:50.0984 3800 NetDDE - ok
14:49:51.0000 3800 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:49:51.0000 3800 NetDDEdsdm - ok
14:49:51.0062 3800 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:49:51.0062 3800 Netlogon - ok
14:49:51.0156 3800 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:49:51.0234 3800 Netman - ok
14:49:51.0406 3800 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:49:51.0453 3800 NetTcpPortSharing - ok
14:49:51.0593 3800 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:49:51.0687 3800 Nla - ok
14:49:51.0765 3800 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:49:51.0781 3800 Npfs - ok
14:49:52.0046 3800 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:49:52.0234 3800 Ntfs - ok
14:49:52.0250 3800 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:49:52.0250 3800 NtLmSsp - ok
14:49:52.0453 3800 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:49:52.0609 3800 NtmsSvc - ok
14:49:52.0656 3800 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:49:52.0671 3800 Null - ok
14:49:52.0734 3800 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:49:52.0750 3800 NwlnkFlt - ok
14:49:52.0765 3800 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:49:52.0781 3800 NwlnkFwd - ok
14:49:52.0859 3800 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:49:52.0890 3800 Parport - ok
14:49:52.0921 3800 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:49:52.0921 3800 PartMgr - ok
14:49:53.0000 3800 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:49:53.0000 3800 ParVdm - ok
14:49:53.0062 3800 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:49:53.0093 3800 PCI - ok
14:49:53.0093 3800 PCIDump - ok
14:49:53.0140 3800 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
14:49:53.0140 3800 PCIIde - ok
14:49:53.0218 3800 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:49:53.0265 3800 Pcmcia - ok
14:49:53.0281 3800 PDCOMP - ok
14:49:53.0281 3800 PDFRAME - ok
14:49:53.0296 3800 PDRELI - ok
14:49:53.0296 3800 PDRFRAME - ok
14:49:53.0312 3800 perc2 - ok
14:49:53.0328 3800 perc2hib - ok
14:49:53.0437 3800 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:49:53.0437 3800 PlugPlay - ok
14:49:53.0531 3800 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
14:49:53.0546 3800 Pml Driver HPZ12 - ok
14:49:53.0562 3800 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:49:53.0562 3800 PolicyAgent - ok
14:49:53.0640 3800 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:49:53.0671 3800 PptpMiniport - ok
14:49:53.0703 3800 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:49:53.0703 3800 ProtectedStorage - ok
14:49:53.0734 3800 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:49:53.0750 3800 PSched - ok
14:49:53.0781 3800 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:49:53.0781 3800 Ptilink - ok
14:49:53.0796 3800 ql1080 - ok
14:49:53.0812 3800 Ql10wnt - ok
14:49:53.0812 3800 ql12160 - ok
14:49:53.0828 3800 ql1240 - ok
14:49:53.0828 3800 ql1280 - ok
14:49:53.0875 3800 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:49:53.0875 3800 RasAcd - ok
14:49:53.0953 3800 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:49:53.0984 3800 RasAuto - ok
14:49:54.0062 3800 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:49:54.0078 3800 Rasl2tp - ok
14:49:54.0187 3800 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:49:54.0250 3800 RasMan - ok
14:49:54.0312 3800 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:49:54.0328 3800 RasPppoe - ok
14:49:54.0343 3800 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:49:54.0359 3800 Raspti - ok
14:49:54.0484 3800 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:49:54.0546 3800 Rdbss - ok
14:49:54.0562 3800 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:49:54.0562 3800 RDPCDD - ok
14:49:54.0734 3800 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:49:54.0828 3800 rdpdr - ok
14:49:54.0921 3800 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
14:49:54.0968 3800 RDPWD - ok
14:49:55.0046 3800 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:49:55.0109 3800 RDSessMgr - ok
14:49:55.0171 3800 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:49:55.0187 3800 redbook - ok
14:49:55.0265 3800 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:49:55.0312 3800 RemoteAccess - ok
14:49:55.0375 3800 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:49:55.0406 3800 RemoteRegistry - ok
14:49:55.0484 3800 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:49:55.0515 3800 RpcLocator - ok
14:49:55.0734 3800 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:49:55.0734 3800 RpcSs - ok
14:49:55.0828 3800 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:49:55.0875 3800 RSVP - ok
14:49:55.0937 3800 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:49:55.0937 3800 SamSs - ok
14:49:56.0078 3800 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:49:56.0078 3800 SASDIFSV - ok
14:49:56.0125 3800 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:49:56.0156 3800 SASKUTIL - ok
14:49:56.0234 3800 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:49:56.0281 3800 SCardSvr - ok
14:49:56.0390 3800 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:49:56.0468 3800 Schedule - ok
14:49:56.0531 3800 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:49:56.0546 3800 Secdrv - ok
14:49:56.0593 3800 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:49:56.0609 3800 seclogon - ok
14:49:56.0640 3800 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:49:56.0656 3800 SENS - ok
14:49:56.0734 3800 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:49:56.0750 3800 serenum - ok
14:49:56.0843 3800 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:49:56.0875 3800 Serial - ok
14:49:56.0937 3800 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:49:56.0953 3800 Sfloppy - ok
14:49:57.0156 3800 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:49:57.0281 3800 SharedAccess - ok
14:49:57.0406 3800 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:49:57.0406 3800 ShellHWDetection - ok
14:49:57.0406 3800 Simbad - ok
14:49:57.0718 3800 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
14:49:57.0937 3800 smwdm - ok
14:49:57.0953 3800 Sparrow - ok
14:49:57.0968 3800 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:49:57.0984 3800 splitter - ok
14:49:58.0062 3800 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:49:58.0078 3800 Spooler - ok
14:49:58.0171 3800 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:49:58.0203 3800 sr - ok
14:49:58.0296 3800 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:49:58.0359 3800 srservice - ok
14:49:58.0546 3800 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:49:58.0687 3800 Srv - ok
14:49:58.0781 3800 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:49:58.0796 3800 SSDPSRV - ok
14:49:58.0953 3800 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:49:59.0093 3800 stisvc - ok
14:49:59.0156 3800 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:49:59.0156 3800 swenum - ok
14:49:59.0234 3800 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:49:59.0265 3800 swmidi - ok
14:49:59.0265 3800 SwPrv - ok
14:49:59.0281 3800 symc810 - ok
14:49:59.0296 3800 symc8xx - ok
14:49:59.0296 3800 sym_hi - ok
14:49:59.0312 3800 sym_u3 - ok
14:49:59.0390 3800 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:49:59.0406 3800 sysaudio - ok
14:49:59.0500 3800 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:49:59.0531 3800 SysmonLog - ok
14:49:59.0656 3800 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:49:59.0765 3800 TapiSrv - ok
14:49:59.0968 3800 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:50:00.0093 3800 Tcpip - ok
14:50:00.0156 3800 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:50:00.0156 3800 TDPIPE - ok
14:50:00.0171 3800 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:50:00.0187 3800 TDTCP - ok
14:50:00.0250 3800 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:50:00.0265 3800 TermDD - ok
14:50:00.0453 3800 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:50:00.0562 3800 TermService - ok
14:50:00.0671 3800 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:50:00.0671 3800 Themes - ok
14:50:00.0750 3800 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
14:50:00.0781 3800 TlntSvr - ok
14:50:00.0781 3800 TosIde - ok
14:50:00.0875 3800 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:50:00.0906 3800 TrkWks - ok
14:50:00.0953 3800 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:50:00.0984 3800 Udfs - ok
14:50:00.0984 3800 ultra - ok
14:50:01.0203 3800 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:50:01.0343 3800 Update - ok
14:50:01.0453 3800 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:50:01.0515 3800 upnphost - ok
14:50:01.0562 3800 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:50:01.0578 3800 UPS - ok
14:50:01.0625 3800 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:50:01.0640 3800 USBAAPL - ok
14:50:01.0734 3800 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:50:01.0750 3800 usbccgp - ok
14:50:01.0828 3800 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:50:01.0828 3800 usbehci - ok
14:50:01.0921 3800 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:50:02.0000 3800 usbhub - ok
14:50:02.0046 3800 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:50:02.0046 3800 usbohci - ok
14:50:02.0109 3800 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:50:02.0125 3800 usbprint - ok
14:50:02.0156 3800 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:50:02.0171 3800 usbscan - ok
14:50:02.0218 3800 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:50:02.0234 3800 USBSTOR - ok
14:50:02.0312 3800 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:50:02.0328 3800 usbuhci - ok
14:50:02.0390 3800 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:50:02.0406 3800 VgaSave - ok
14:50:02.0406 3800 ViaIde - ok
14:50:02.0500 3800 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:50:02.0515 3800 VolSnap - ok
14:50:02.0718 3800 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:50:02.0828 3800 VSS - ok
14:50:02.0968 3800 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:50:03.0031 3800 W32Time - ok
14:50:03.0109 3800 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:50:03.0125 3800 Wanarp - ok
14:50:03.0140 3800 WDICA - ok
14:50:03.0250 3800 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:50:03.0312 3800 wdmaud - ok
14:50:03.0406 3800 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:50:03.0437 3800 WebClient - ok
14:50:03.0625 3800 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:50:03.0687 3800 winmgmt - ok
14:50:04.0234 3800 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
14:50:04.0687 3800 WinRM - ok
14:50:04.0750 3800 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:50:04.0765 3800 WmdmPmSN - ok
14:50:05.0046 3800 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:50:05.0265 3800 Wmi - ok
14:50:05.0437 3800 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:50:05.0468 3800 WmiApSrv - ok
14:50:06.0046 3800 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:50:06.0390 3800 WMPNetworkSvc - ok
14:50:06.0984 3800 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:50:07.0359 3800 WPFFontCache_v0400 - ok
14:50:07.0625 3800 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:50:07.0625 3800 WS2IFSL - ok
14:50:07.0718 3800 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:50:07.0750 3800 wscsvc - ok
14:50:07.0812 3800 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:50:07.0812 3800 wuauserv - ok
14:50:07.0890 3800 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:50:07.0906 3800 WudfPf - ok
14:50:07.0953 3800 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:50:07.0984 3800 WudfRd - ok
14:50:08.0031 3800 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:50:08.0062 3800 WudfSvc - ok
14:50:08.0296 3800 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:50:08.0484 3800 WZCSVC - ok
14:50:08.0562 3800 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:50:08.0609 3800 xmlprov - ok
14:50:08.0656 3800 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:50:09.0203 3800 \Device\Harddisk0\DR0 - ok
14:50:09.0218 3800 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR12
14:50:09.0218 3800 \Device\Harddisk3\DR12 - ok
14:50:09.0234 3800 Boot (0x1200) (ea6993f95e7c648a7386a528001daea7) \Device\Harddisk0\DR0\Partition0
14:50:09.0234 3800 \Device\Harddisk0\DR0\Partition0 - ok
14:50:09.0250 3800 Boot (0x1200) (e165056afd32cf249c9c9135bf62d37c) \Device\Harddisk3\DR12\Partition0
14:50:09.0250 3800 \Device\Harddisk3\DR12\Partition0 - ok
14:50:09.0250 3800 ============================================================
14:50:09.0250 3800 Scan finished
14:50:09.0250 3800 ============================================================
14:50:09.0265 2212 Detected object count: 0
14:50:09.0265 2212 Actual detected object count: 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 PM

Posted 13 August 2012 - 04:09 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 cheryl g

cheryl g
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 15 August 2012 - 09:06 AM

Gringo,

I am confused. Do I type ":Run CFScript:" or "ClearJavaCache::" into the notepad to save to drag into the combofix icon?



thanks, cheryl

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:28 PM

Posted 15 August 2012 - 09:54 AM

"ClearJavaCache::"
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 cheryl g

cheryl g
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 15 August 2012 - 02:59 PM

I did not have any problems. Computer is still very slow, and does not multitask well. For example: listening to the radio while opening other windows etc. Audio gets choppy. This has been this way since the incredibar came. It is still on the computer. Here's the log:


ComboFix 12-08-15.01 - Administrator 08/15/2012 14:22:09.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.706 [GMT -6:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-07-30 03:01 . 2012-08-01 00:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-30 03:01 . 2012-07-03 19:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 20:42 . 2008-12-17 00:17 126976 ----a-w- c:\windows\system32\hpfll6en.dll
2012-07-23 20:42 . 2008-12-17 00:17 315392 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp6en.dll
2012-07-23 20:42 . 2012-07-23 20:42 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2012-07-23 20:41 . 2008-10-29 00:31 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2012-07-23 20:41 . 2008-10-29 00:31 309760 ----a-w- c:\windows\system32\difxapi.dll
2012-07-23 20:41 . 2008-10-29 00:31 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2012-07-23 20:41 . 2008-10-29 00:31 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2012-07-23 20:41 . 2008-10-29 00:31 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2012-07-23 20:41 . 2008-10-30 08:46 271704 ----a-w- c:\windows\system32\hpzids01.dll
2012-07-23 20:40 . 2012-08-01 00:03 -------- d-----w- c:\program files\HP
2012-07-17 03:03 . 2012-07-17 03:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-07-17 03:03 . 2012-07-18 02:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-17 03:03 . 2012-07-17 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-07-16 21:26 . 2012-07-18 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-16 21:26 . 2012-07-18 02:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 02:32 . 2012-05-11 22:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 02:32 . 2012-03-26 14:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2008-04-13 23:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-13 23:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-13 23:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-13 23:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2012-03-23 20:08 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2012-03-23 20:08 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2012-03-23 19:30 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2012-03-23 19:30 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2012-03-23 19:30 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2012-03-23 20:08 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-03-23 20:08 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2012-03-23 19:30 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-03-23 19:30 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2008-04-13 23:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2012-03-23 20:08 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2012-03-23 19:30 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-03-23 19:30 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-09_23.12.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-10 15:26 . 2012-08-10 15:26 16384 c:\windows\temp\Perflib_Perfdata_418.dat
+ 2012-08-15 02:32 . 2012-08-15 02:32 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-15 02:32 . 2012-08-15 02:32 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
+ 2012-05-11 22:45 . 2012-08-15 02:32 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-05-11 22:45 . 2012-08-03 13:30 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 5:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 5:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 6:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/22/2012 6:25 AM 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 5:53 AM 193288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 2:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 2:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 2:32 PM 17232]
S0 cerc6;cerc6; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/11/2012 4:45 PM 250056]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 97212557
*NewlyCreated* - ASWMBR
*Deregistered* - 97212557
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 02:32]
.
2012-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1004336348-1644491937-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-11 18:37]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1004336348-1644491937-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-11 18:37]
.
.
------- Supplementary Scan -------
.
uStart Page = https://uhaul.net/login_main.aspx?ReturnUrl=/Default.aspx
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 14:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1202660629-1004336348-1644491937-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,dc,9f,eb,b8,41,c5,4d,b8,24,eb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,62,fd,7b,a6,7f,7d,4e,9a,75,56,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,62,fd,7b,a6,7f,7d,4e,9a,75,56,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(932)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-08-15 14:37:16
ComboFix-quarantined-files.txt 2012-08-15 20:37
ComboFix2.txt 2012-08-09 23:15
.
Pre-Run: 22,010,802,176 bytes free
Post-Run: 22,198,833,152 bytes free
.
- - End Of File - - 87B0C9A8284FEA15F5F3D8445797FAAE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users