Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with trojan.gen.2 and trojan.zeroaccess


  • This topic is locked This topic is locked
24 replies to this topic

#1 chasingstillness

chasingstillness

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 07 August 2012 - 12:16 PM

Aug 6 my system was infected with Trojan.gen.2 and trojan.zeroaccess. I followed a variety of web solutions and thought my system was clean. However, today I see I have a new trojan that appeared overnight. The attached logs are from YESTERDAY and will need to redo them to reflect what the new situation is.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by dnewman at 14:45:23 on 2012-08-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.776 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\DAWN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.wslx.dealerconnection.com/login.cgi?WslIP=71.6.82.114&Back=hxxp://www.fmcdealer.dealerconnection.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\dawn\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Track4WinServer] "c:\program files\track4win server\STServer.exe"
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: google.com\GROUPS
Trusted Zone: microsoft.com\*.update
Trusted Zone: oeaccessories.com\www.gm
Trusted Zone: oeconnection.com
Trusted Zone: opentable.com
Trusted Zone: PAPCO-ADI.COM
Trusted Zone: PAPCO-ADI.COM\www
Trusted Zone: windowsupdate.com\download
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {10F594A3-DB58-4B48-87F2-D168B5C2B0E6} - hxxps://www.fedex.com/ship/ocx/ScaleActiveX.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} - hxxp://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxps://papco1/connectcomputer/nshelp.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158772668546
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241546698629
DPF: {73A8D51E-578B-4E4E-8FF8-112E51DBFBE3} - hxxp://caf.oeconnection.com/ActiveX/DMSISM.CAB
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxps://chat1.j2.com/Media/Visitorchat/TLIEFlash.CAB
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxps://inforeach.infopartners.com/inc/kaxRemote.dll
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://attwm.webex.com/client/v_mywebex-pso-attwm/webex/ieatgpc.cab
DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - hxxp://na.ntrsupport.com/nv/inquiero/mod/setup/ntractivex118_28.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=722
DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://networksolutionsemailpopwizard.com/TrueSwitchEC.exe
TCP: Interfaces\{169E910A-8551-4F2E-ADCC-7D281B022834} : NameServer = 172.16.128.2,206.13.31.12
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dawn\application data\mozilla\firefox\profiles\uome2vkc.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2010-5-21 902432]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-5-21 2326920]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-10-22 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-10-22 108392]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-4-28 47640]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2008-10-22 2436536]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-5-21 159168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-6 106656]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120806.002\NAVENG.SYS [2012-8-6 87928]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120806.002\NAVEX15.SYS [2012-8-6 1589752]
S0 71458447;71458447;c:\windows\system32\drivers\55413013.sys --> c:\windows\system32\drivers\55413013.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-11 136176]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-10-22 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-11 136176]
S3 IMNPF;Packet Filter;c:\windows\system32\drivers\imnpf.sys --> c:\windows\system32\drivers\imnpf.sys [?]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\ptdmbus.sys --> c:\windows\system32\drivers\PTDMBus.sys [?]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\ptdmmdm.sys --> c:\windows\system32\drivers\PTDMMdm.sys [?]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\ptdmvsp.sys --> c:\windows\system32\drivers\PTDMVsp.sys [?]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\ptdmwwan.sys --> c:\windows\system32\drivers\PTDMWWAN.sys [?]
S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [2011-10-11 75264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
SUnknown ASFIPmon;ASFIPmon; [x]
SUnknown AutoExNT;AutoExNT; [x]
.
=============== Created Last 30 ================
.
2012-08-06 19:46:25 -------- d-sha-r- C:\cmdcons
2012-08-06 19:43:05 98816 ----a-w- c:\windows\sed.exe
2012-08-06 19:43:05 518144 ----a-w- c:\windows\SWREG.exe
2012-08-06 19:43:05 256000 ----a-w- c:\windows\PEV.exe
2012-08-06 19:43:05 208896 ----a-w- c:\windows\MBR.exe
2012-08-06 19:33:12 -------- d-----w- C:\_OTL
2012-08-06 19:17:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-06 18:09:33 57344 ---ha-w- c:\windows\system32\caclrsh.dll
2012-07-24 20:25:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-24 20:25:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-07-13 15:03:16 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-13 15:03:16 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-07-13 15:03:15 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-13 15:03:15 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-19 15:03:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2012-05-19 15:03:01 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 14:46:26.33 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 chasingstillness

chasingstillness
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 07 August 2012 - 05:09 PM

I've run several scans of various makes and cannot locate any remnant of any trojan or virus. Please check the above scans and let me know if they look clean...

Thanks for your help!!!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:56 PM

Posted 09 August 2012 - 07:51 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 chasingstillness

chasingstillness
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 09 August 2012 - 12:23 PM

checkup.txt info:


Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
S
y
m
a
n
t
e
c
ECHO is off.
E
n
d
p
o
i
n
t
ECHO is off.
P
r
o
t
e
c
t
i
o
n
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Adobe Reader X (10.1.0)
Mozilla Firefox (3.6.15) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Symantec AntiVirus Smc.exe
Symantec AntiVirus Rtvscan.exe
Symantec AntiVirus SmcGui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:56 PM

Posted 09 August 2012 - 12:44 PM

let me have the combofix report when it is complete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 chasingstillness

chasingstillness
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 09 August 2012 - 12:50 PM

ComboFix 12-08-09.01 - dnewman 08/09/2012 10:28:54.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.921 [GMT -7:00]
Running from: c:\documents and settings\DAWN\My Documents\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\DAWN\Local Settings\Application Data\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-07 17:54 . 2012-08-07 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-08-06 19:33 . 2012-08-06 19:33 -------- d-----w- C:\_OTL
2012-08-06 19:17 . 2012-08-06 19:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-06 19:00 . 2012-08-06 19:00 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2012-08-06 19:00 . 2012-08-06 19:00 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-08-06 18:36 . 2012-08-06 18:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-08-06 18:36 . 2012-08-06 18:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LogMeIn
2012-07-24 20:25 . 2012-07-24 20:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-24 20:25 . 2012-07-24 20:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 15:03 . 2008-04-28 23:42 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-07-13 15:03 . 2008-04-28 23:42 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-13 15:03 . 2008-04-28 23:42 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-07-13 15:03 . 2008-04-28 23:42 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-03 20:46 . 2010-05-21 20:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2004-08-11 22:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 23:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-11 22:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-11 22:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2007-06-07 01:30 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-06-07 01:30 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2004-08-11 22:12 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2004-08-11 22:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2004-08-11 22:12 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2007-06-07 01:30 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2006-09-20 17:18 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2004-08-11 22:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2004-08-11 22:12 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2004-08-11 22:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2007-06-07 01:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2004-08-11 22:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2004-08-11 22:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-11 22:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-19 15:03 . 2008-04-28 23:42 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2012-05-19 15:03 . 2008-04-28 23:42 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2012-05-16 15:08 . 2004-08-11 22:00 916992 ----a-w- c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-06_19.55.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-09 01:33 . 2012-08-09 01:33 16384 c:\windows\temp\Perflib_Perfdata_8fc.dat
+ 2006-09-20 17:08 . 2012-08-09 12:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-09-20 17:08 . 2012-08-06 19:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-08-07 11:01 . 2012-08-09 12:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-09-20 17:08 . 2012-08-06 19:10 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-01 344064]
"Track4WinServer"="c:\program files\Track4Win Server\STServer.exe" [2007-07-25 690176]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-21 86016]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-17 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-07-13 15:03 87456 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OfficeCalendar Server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeCalendar Server.lnk
backup=c:\windows\pss\OfficeCalendar Server.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-10-22 21:55 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-04 02:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-04 02:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DefWatch"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AllAlertsDisabled"=dword:00000001
"TermService"=dword:00000001
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [5/21/2010 11:06 AM 902432]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [5/21/2010 11:06 AM 2326920]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/7/2011 7:21 PM 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 3:10 PM 12856]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [5/21/2010 11:06 AM 159168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/6/2012 1:05 AM 106656]
S0 71458447;71458447;c:\windows\system32\drivers\55413013.sys --> c:\windows\system32\drivers\55413013.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/11/2011 12:54 PM 136176]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [10/22/2008 2:55 PM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/11/2011 12:54 PM 136176]
S3 IMNPF;Packet Filter;c:\windows\system32\drivers\imnpf.sys --> c:\windows\system32\drivers\imnpf.sys [?]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys --> c:\windows\system32\DRIVERS\PTDMBus.sys [?]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys --> c:\windows\system32\DRIVERS\PTDMMdm.sys [?]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys --> c:\windows\system32\DRIVERS\PTDMVsp.sys [?]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys --> c:\windows\system32\DRIVERS\PTDMWWAN.sys [?]
S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [10/11/2011 12:50 PM 75264]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ERASERUTILDRV11220
*Deregistered* - EraserUtilDrv11220
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 19:54]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 19:54]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-817491530-2211192106-510644849-1138Core.job
- c:\documents and settings\DAWN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 21:30]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-817491530-2211192106-510644849-1138UA.job
- c:\documents and settings\DAWN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 21:30]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.wslx.dealerconnection.com/login.cgi?WslIP=71.6.82.114&Back=hxxp://www.fmcdealer.dealerconnection.com/
IE: E&xport to Microsoft Excel
Trusted Zone: google.com\GROUPS
Trusted Zone: microsoft.com\*.update
Trusted Zone: opentable.com
Trusted Zone: windowsupdate.com\download
TCP: Interfaces\{169E910A-8551-4F2E-ADCC-7D281B022834}: NameServer = 172.16.128.2,206.13.31.12
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {10F594A3-DB58-4B48-87F2-D168B5C2B0E6} - hxxps://www.fedex.com/ship/ocx/ScaleActiveX.cab
DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://networksolutionsemailpopwizard.com/TrueSwitchEC.exe
FF - ProfilePath - c:\documents and settings\DAWN\Application Data\Mozilla\Firefox\Profiles\uome2vkc.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 10:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-817491530-2211192106-510644849-1138\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1156)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(732)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2012-08-09 10:42:14
ComboFix-quarantined-files.txt 2012-08-09 17:42
ComboFix2.txt 2012-08-06 19:57
.
Pre-Run: 24,566,923,264 bytes free
Post-Run: 24,550,735,872 bytes free
.
- - End Of File - - C4B61DD9AACE2F31DB25536936356E5C

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:56 PM

Posted 09 August 2012 - 12:53 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 chasingstillness

chasingstillness
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 09 August 2012 - 12:57 PM

The computer's current status:
After I did the first cleanup, the system seemed to be working fine. However, went to use it last night and it was boggy, wouldn't completely come back up on restart, and was generally a pain in the *ss. I was able to get it back running and ran Malwarebytes (deep scan). It didn't find any trojans (found the PUM security disabled) but after that my Symantec recorded five instances of Trojan Horse and Trojan.Zeroaccess. Status: infected. Different file names that the original infection.

#9 chasingstillness

chasingstillness
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 09 August 2012 - 01:09 PM

11:01:52.0517 3324 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:01:53.0658 3324 ============================================================
11:01:53.0736 3324 Current date / time: 2012/08/09 11:01:53.0658
11:01:53.0736 3324 SystemInfo:
11:01:53.0736 3324
11:01:53.0736 3324 OS Version: 5.1.2600 ServicePack: 3.0
11:01:53.0736 3324 Product type: Workstation
11:01:53.0736 3324 ComputerName: PAPCO27
11:01:53.0736 3324 UserName: dnewman
11:01:53.0783 3324 Windows directory: C:\WINDOWS
11:01:53.0783 3324 System windows directory: C:\WINDOWS
11:01:53.0783 3324 Processor architecture: Intel x86
11:01:53.0783 3324 Number of processors: 2
11:01:53.0783 3324 Page size: 0x1000
11:01:53.0783 3324 Boot type: Normal boot
11:01:53.0783 3324 ============================================================
11:02:20.0548 3324 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:02:20.0657 3324 Drive \Device\Harddisk1\DR3 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:02:20.0657 3324 ============================================================
11:02:20.0657 3324 \Device\Harddisk0\DR0:
11:02:20.0689 3324 MBR partitions:
11:02:20.0689 3324 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x94E7137
11:02:20.0689 3324 \Device\Harddisk1\DR3:
11:02:20.0689 3324 MBR partitions:
11:02:20.0689 3324 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
11:02:20.0689 3324 ============================================================
11:02:21.0017 3324 C: <-> \Device\Harddisk0\DR0\Partition0
11:02:21.0064 3324 F: <-> \Device\Harddisk1\DR3\Partition0
11:02:21.0064 3324 ============================================================
11:02:21.0064 3324 Initialize success
11:02:21.0064 3324 ============================================================
11:02:30.0204 2988 ============================================================
11:02:30.0204 2988 Scan started
11:02:30.0204 2988 Mode: Manual;
11:02:30.0204 2988 ============================================================
11:03:44.0251 2988 71458447 - ok
11:03:44.0266 2988 Abiosdsk - ok
11:03:45.0266 2988 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:03:45.0313 2988 abp480n5 - ok
11:03:55.0454 2988 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:03:55.0735 2988 ACPI - ok
11:03:57.0141 2988 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:03:57.0188 2988 ACPIEC - ok
11:04:34.0985 2988 AcrSch2Svc (fbc4bdbd3d00e7a83075db95dcd658d4) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
11:04:35.0750 2988 AcrSch2Svc - ok
11:04:41.0578 2988 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:04:41.0735 2988 adpu160m - ok
11:04:48.0422 2988 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:04:48.0610 2988 aec - ok
11:04:52.0500 2988 afcdp (f132d0bfde7c5ea1ab42325c5694a969) C:\WINDOWS\system32\DRIVERS\afcdp.sys
11:04:52.0625 2988 afcdp - ok
11:05:05.0734 2988 afcdpsrv (986a134b1a1770599b7af9354cbb066f) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
11:05:07.0219 2988 afcdpsrv - ok
11:05:12.0328 2988 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:05:12.0422 2988 AFD - ok
11:05:12.0906 2988 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:05:12.0938 2988 agp440 - ok
11:05:13.0313 2988 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:05:13.0406 2988 agpCPQ - ok
11:05:13.0672 2988 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:05:13.0703 2988 Aha154x - ok
11:05:14.0078 2988 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:05:14.0125 2988 aic78u2 - ok
11:05:14.0578 2988 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:05:14.0687 2988 aic78xx - ok
11:05:14.0984 2988 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:05:15.0047 2988 Alerter - ok
11:05:15.0406 2988 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:05:15.0453 2988 ALG - ok
11:05:15.0687 2988 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:05:15.0734 2988 AliIde - ok
11:05:16.0062 2988 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:05:16.0094 2988 alim1541 - ok
11:05:16.0578 2988 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:05:16.0609 2988 amdagp - ok
11:05:16.0859 2988 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:05:16.0875 2988 amsint - ok
11:05:17.0953 2988 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:05:18.0062 2988 AppMgmt - ok
11:05:18.0453 2988 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:05:18.0500 2988 Arp1394 - ok
11:05:18.0797 2988 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:05:18.0828 2988 asc - ok
11:05:19.0078 2988 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:05:19.0094 2988 asc3350p - ok
11:05:19.0281 2988 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:05:19.0312 2988 asc3550 - ok
11:05:20.0234 2988 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:05:20.0969 2988 aspnet_state - ok
11:05:21.0187 2988 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:05:21.0219 2988 AsyncMac - ok
11:05:21.0891 2988 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:05:21.0891 2988 atapi - ok
11:05:21.0906 2988 Atdisk - ok
11:05:24.0094 2988 Ati HotKey Poller (c03be4819ef9052ae7bfd667617b9351) C:\WINDOWS\system32\Ati2evxx.exe
11:05:24.0359 2988 Ati HotKey Poller - ok
11:05:31.0000 2988 ati2mtag (afb591955258dec2deb6de0137876800) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:05:31.0797 2988 ati2mtag - ok
11:05:32.0156 2988 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:05:32.0203 2988 Atmarpc - ok
11:05:32.0672 2988 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:05:32.0703 2988 AudioSrv - ok
11:05:32.0828 2988 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:05:32.0969 2988 audstub - ok
11:05:33.0922 2988 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:05:34.0062 2988 b57w2k - ok
11:05:34.0359 2988 BASFND - ok
11:05:35.0281 2988 Basics Service (55fed228fe147ecb9c47a1c55388896e) C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
11:05:35.0359 2988 Basics Service - ok
11:05:35.0500 2988 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:05:35.0515 2988 Beep - ok
11:05:39.0937 2988 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:05:40.0297 2988 BITS - ok
11:05:40.0437 2988 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:05:40.0469 2988 Browser - ok
11:05:41.0390 2988 catchme - ok
11:05:41.0781 2988 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:05:41.0828 2988 cbidf - ok
11:05:41.0828 2988 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:05:41.0828 2988 cbidf2k - ok
11:05:42.0312 2988 ccEvtMgr (93a45b3f2403670a6d14a0b466d97698) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
11:05:42.0359 2988 ccEvtMgr - ok
11:05:42.0359 2988 ccSetMgr (93a45b3f2403670a6d14a0b466d97698) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
11:05:42.0359 2988 ccSetMgr - ok
11:05:42.0453 2988 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:05:42.0453 2988 cd20xrnt - ok
11:05:42.0859 2988 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:05:42.0890 2988 Cdaudio - ok
11:05:43.0094 2988 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:05:43.0125 2988 Cdfs - ok
11:05:43.0250 2988 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:05:43.0265 2988 Cdrom - ok
11:05:43.0281 2988 Changer - ok
11:05:43.0328 2988 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:05:43.0328 2988 CiSvc - ok
11:05:43.0469 2988 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:05:43.0484 2988 ClipSrv - ok
11:05:43.0812 2988 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:05:44.0109 2988 clr_optimization_v2.0.50727_32 - ok
11:05:44.0359 2988 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:05:44.0422 2988 clr_optimization_v4.0.30319_32 - ok
11:05:44.0453 2988 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:05:44.0469 2988 CmdIde - ok
11:05:44.0547 2988 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
11:05:44.0562 2988 COH_Mon - ok
11:05:44.0578 2988 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:05:44.0609 2988 Compbatt - ok
11:05:44.0609 2988 COMSysApp - ok
11:05:44.0719 2988 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:05:44.0734 2988 Cpqarray - ok
11:05:44.0828 2988 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:05:44.0859 2988 CryptSvc - ok
11:05:45.0000 2988 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:05:45.0094 2988 dac2w2k - ok
11:05:45.0140 2988 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:05:45.0140 2988 dac960nt - ok
11:05:45.0390 2988 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:05:45.0531 2988 DcomLaunch - ok
11:05:45.0640 2988 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:05:45.0719 2988 Dhcp - ok
11:05:45.0765 2988 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:05:45.0781 2988 Disk - ok
11:05:45.0781 2988 dmadmin - ok
11:05:46.0156 2988 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:05:46.0469 2988 dmboot - ok
11:05:46.0531 2988 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:05:46.0625 2988 dmio - ok
11:05:46.0672 2988 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:05:46.0672 2988 dmload - ok
11:05:46.0828 2988 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:05:46.0828 2988 dmserver - ok
11:05:46.0953 2988 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:05:47.0000 2988 DMusic - ok
11:05:47.0219 2988 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:05:47.0265 2988 Dnscache - ok
11:05:47.0656 2988 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:05:47.0765 2988 Dot3svc - ok
11:05:47.0890 2988 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:05:47.0906 2988 dpti2o - ok
11:05:47.0969 2988 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:05:48.0000 2988 drmkaud - ok
11:05:48.0219 2988 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:05:48.0281 2988 E100B - ok
11:05:48.0406 2988 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:05:48.0422 2988 EapHost - ok
11:05:54.0140 2988 eeCtrl (85b8b4032a895a746d46a288a9b30ded) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:05:54.0390 2988 eeCtrl - ok
11:05:54.0562 2988 EraserUtilDrv11220 (b5a8a04a6e5b4e86b95b1553aa918f5f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
11:05:54.0578 2988 EraserUtilDrv11220 - ok
11:05:54.0672 2988 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:05:54.0750 2988 EraserUtilRebootDrv - ok
11:05:54.0828 2988 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:05:54.0843 2988 ERSvc - ok
11:05:54.0984 2988 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:05:55.0031 2988 Eventlog - ok
11:05:55.0218 2988 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:05:55.0328 2988 EventSystem - ok
11:05:55.0406 2988 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:05:55.0468 2988 Fastfat - ok
11:05:55.0922 2988 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:05:56.0000 2988 FastUserSwitchingCompatibility - ok
11:05:56.0172 2988 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:05:56.0187 2988 Fdc - ok
11:05:56.0312 2988 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:05:56.0328 2988 Fips - ok
11:05:56.0406 2988 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:05:56.0437 2988 Flpydisk - ok
11:05:56.0797 2988 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:05:56.0859 2988 FltMgr - ok
11:05:57.0312 2988 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:05:57.0328 2988 FontCache3.0.0.0 - ok
11:05:57.0437 2988 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:05:57.0437 2988 Fs_Rec - ok
11:05:59.0890 2988 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:06:00.0000 2988 Ftdisk - ok
11:06:00.0109 2988 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:06:00.0172 2988 Gpc - ok
11:06:01.0047 2988 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:06:01.0140 2988 gupdate - ok
11:06:01.0156 2988 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:06:01.0156 2988 gupdatem - ok
11:06:01.0390 2988 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:06:01.0406 2988 helpsvc - ok
11:06:01.0437 2988 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
11:06:01.0437 2988 HidBatt - ok
11:06:01.0468 2988 HidServ - ok
11:06:01.0531 2988 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:06:01.0547 2988 HidUsb - ok
11:06:01.0656 2988 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:06:01.0672 2988 hkmsvc - ok
11:06:01.0797 2988 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:06:01.0797 2988 hpn - ok
11:06:02.0015 2988 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:06:02.0125 2988 HTTP - ok
11:06:03.0672 2988 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:06:04.0500 2988 HTTPFilter - ok
11:06:05.0484 2988 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:06:05.0500 2988 i2omgmt - ok
11:06:05.0765 2988 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:06:05.0781 2988 i2omp - ok
11:06:05.0859 2988 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:06:05.0906 2988 i8042prt - ok
11:06:42.0828 2988 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:06:43.0390 2988 idsvc - ok
11:06:43.0546 2988 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:06:43.0562 2988 Imapi - ok
11:06:44.0218 2988 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:06:44.0421 2988 ImapiService - ok
11:06:44.0421 2988 IMNPF - ok
11:06:47.0531 2988 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:06:47.0593 2988 ini910u - ok
11:06:52.0265 2988 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:06:52.0296 2988 IntelIde - ok
11:07:04.0374 2988 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:07:04.0421 2988 intelppm - ok
11:07:04.0874 2988 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:07:05.0718 2988 Ip6Fw - ok
11:07:08.0843 2988 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:07:08.0890 2988 IpFilterDriver - ok
11:07:09.0343 2988 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:07:09.0359 2988 IpInIp - ok
11:07:10.0202 2988 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:07:10.0281 2988 IpNat - ok
11:07:10.0468 2988 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:07:10.0515 2988 IPSec - ok
11:07:10.0577 2988 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:07:10.0577 2988 IRENUM - ok
11:07:10.0874 2988 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:07:10.0890 2988 isapnp - ok
11:07:11.0218 2988 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:07:11.0249 2988 Kbdclass - ok
11:07:11.0390 2988 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:07:11.0421 2988 kbdhid - ok
11:07:12.0812 2988 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:07:12.0937 2988 kmixer - ok
11:07:14.0405 2988 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:07:14.0546 2988 KSecDD - ok
11:07:15.0155 2988 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:07:15.0234 2988 lanmanserver - ok
11:07:15.0499 2988 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:07:15.0577 2988 lanmanworkstation - ok
11:07:15.0593 2988 lbrtfdc - ok
11:07:23.0874 2988 LiveUpdate (e553c4b4b7b4b86cd71a2dfee1b58131) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
11:07:25.0655 2988 LiveUpdate - ok
11:07:27.0515 2988 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:07:27.0546 2988 LmHosts - ok
11:07:29.0265 2988 LMIGuardianSvc (63daf163d1617dd611bd0ab8e41a43e8) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
11:07:29.0609 2988 LMIGuardianSvc - ok
11:07:29.0734 2988 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
11:07:29.0827 2988 LMIInfo - ok
11:07:30.0515 2988 LMIMaint (175f50f37eeaa1d4d744bcccbb7cf68c) C:\Program Files\LogMeIn\x86\RaMaint.exe
11:07:30.0655 2988 LMIMaint - ok
11:07:31.0124 2988 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
11:07:31.0140 2988 lmimirr - ok
11:07:31.0140 2988 LMIRfsClientNP - ok
11:07:31.0312 2988 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
11:07:31.0343 2988 LMIRfsDriver - ok
11:07:32.0155 2988 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
11:07:32.0452 2988 LogMeIn - ok
11:07:33.0374 2988 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:07:33.0655 2988 MDM - ok
11:07:34.0124 2988 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:07:34.0155 2988 Messenger - ok
11:07:34.0265 2988 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:07:34.0280 2988 mnmdd - ok
11:07:34.0405 2988 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:07:34.0421 2988 mnmsrvc - ok
11:07:34.0562 2988 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:07:34.0577 2988 Modem - ok
11:07:34.0702 2988 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:07:34.0733 2988 Mouclass - ok
11:07:34.0921 2988 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:07:34.0921 2988 mouhid - ok
11:07:35.0171 2988 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:07:35.0233 2988 MountMgr - ok
11:07:35.0327 2988 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:07:35.0358 2988 mraid35x - ok
11:07:35.0577 2988 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:07:35.0843 2988 MRxDAV - ok
11:07:37.0499 2988 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:07:37.0827 2988 MRxSmb - ok
11:07:38.0140 2988 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:07:38.0155 2988 MSDTC - ok
11:07:38.0218 2988 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:07:38.0249 2988 Msfs - ok
11:07:38.0249 2988 MSIServer - ok
11:07:38.0343 2988 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:07:38.0343 2988 MSKSSRV - ok
11:07:38.0405 2988 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:07:38.0421 2988 MSPCLOCK - ok
11:07:38.0468 2988 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:07:38.0483 2988 MSPQM - ok
11:07:38.0593 2988 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:07:38.0593 2988 mssmbios - ok
11:07:38.0827 2988 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:07:38.0905 2988 Mup - ok
11:07:39.0687 2988 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:07:39.0905 2988 napagent - ok
11:07:40.0608 2988 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120808.034\NAVENG.SYS
11:07:40.0608 2988 NAVENG - ok
11:07:43.0733 2988 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120808.034\NAVEX15.SYS
11:07:43.0749 2988 NAVEX15 - ok
11:07:45.0749 2988 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:07:45.0812 2988 NDIS - ok
11:07:45.0874 2988 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:07:45.0890 2988 NdisTapi - ok
11:07:46.0046 2988 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:07:46.0062 2988 Ndisuio - ok
11:07:46.0108 2988 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:07:46.0140 2988 NdisWan - ok
11:07:46.0187 2988 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:07:46.0202 2988 NDProxy - ok
11:07:46.0202 2988 Net Driver HPZ12 - ok
11:07:46.0249 2988 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:07:46.0265 2988 NetBIOS - ok
11:07:46.0374 2988 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:07:46.0421 2988 NetBT - ok
11:07:46.0515 2988 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:07:46.0546 2988 NetDDE - ok
11:07:46.0546 2988 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:07:46.0562 2988 NetDDEdsdm - ok
11:07:46.0608 2988 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:07:46.0624 2988 Netlogon - ok
11:07:46.0733 2988 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:07:46.0812 2988 Netman - ok
11:07:47.0187 2988 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:07:47.0249 2988 NetTcpPortSharing - ok
11:07:47.0327 2988 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:07:47.0358 2988 NIC1394 - ok
11:07:47.0483 2988 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:07:47.0546 2988 Nla - ok
11:07:47.0562 2988 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:07:47.0577 2988 Npfs - ok
11:07:47.0827 2988 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:07:48.0171 2988 Ntfs - ok
11:07:48.0171 2988 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:07:48.0171 2988 NtLmSsp - ok
11:07:48.0374 2988 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:07:48.0515 2988 NtmsSvc - ok
11:07:48.0577 2988 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:07:48.0577 2988 Null - ok
11:07:53.0280 2988 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:07:57.0296 2988 nv - ok
11:07:57.0686 2988 NVSvc (c0204c1a7a2d2433d48f49e4ecc09ab6) C:\WINDOWS\system32\nvsvc32.exe
11:07:57.0749 2988 NVSvc - ok
11:07:57.0858 2988 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:07:57.0874 2988 NwlnkFlt - ok
11:07:57.0905 2988 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:07:57.0952 2988 NwlnkFwd - ok
11:07:58.0390 2988 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:07:58.0530 2988 odserv - ok
11:07:58.0593 2988 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:07:58.0608 2988 ohci1394 - ok
11:07:58.0718 2988 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:07:58.0780 2988 ose - ok
11:07:58.0827 2988 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:07:58.0858 2988 Parport - ok
11:07:58.0874 2988 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:07:58.0874 2988 PartMgr - ok
11:07:58.0905 2988 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:07:58.0921 2988 ParVdm - ok
11:07:58.0936 2988 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:07:59.0077 2988 PCI - ok
11:07:59.0077 2988 PCIDump - ok
11:07:59.0093 2988 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:07:59.0093 2988 PCIIde - ok
11:07:59.0155 2988 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:07:59.0186 2988 Pcmcia - ok
11:07:59.0202 2988 PDCOMP - ok
11:07:59.0202 2988 PDFRAME - ok
11:07:59.0202 2988 PDRELI - ok
11:07:59.0202 2988 PDRFRAME - ok
11:07:59.0233 2988 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:07:59.0249 2988 perc2 - ok
11:07:59.0280 2988 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:07:59.0280 2988 perc2hib - ok
11:07:59.0358 2988 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:07:59.0374 2988 PlugPlay - ok
11:07:59.0374 2988 Pml Driver HPZ12 - ok
11:07:59.0421 2988 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:07:59.0421 2988 PolicyAgent - ok
11:07:59.0452 2988 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:07:59.0468 2988 PptpMiniport - ok
11:07:59.0483 2988 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:07:59.0483 2988 ProtectedStorage - ok
11:07:59.0515 2988 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:07:59.0530 2988 PSched - ok
11:07:59.0546 2988 PTDMBus - ok
11:07:59.0546 2988 PTDMMdm - ok
11:07:59.0546 2988 PTDMVsp - ok
11:07:59.0546 2988 PTDMWWAN - ok
11:07:59.0624 2988 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:07:59.0624 2988 Ptilink - ok
11:07:59.0671 2988 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:07:59.0686 2988 ql1080 - ok
11:07:59.0702 2988 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:07:59.0718 2988 Ql10wnt - ok
11:07:59.0827 2988 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:07:59.0843 2988 ql12160 - ok
11:07:59.0874 2988 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:07:59.0890 2988 ql1240 - ok
11:07:59.0921 2988 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:07:59.0936 2988 ql1280 - ok
11:08:00.0093 2988 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:08:00.0093 2988 RasAcd - ok
11:08:00.0171 2988 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:08:00.0202 2988 RasAuto - ok
11:08:00.0233 2988 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:08:00.0249 2988 Rasl2tp - ok
11:08:00.0374 2988 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:08:00.0436 2988 RasMan - ok
11:08:00.0468 2988 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:08:00.0483 2988 RasPppoe - ok
11:08:00.0483 2988 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:08:00.0499 2988 Raspti - ok
11:08:00.0640 2988 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:08:00.0890 2988 Rdbss - ok
11:08:00.0921 2988 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:08:00.0921 2988 RDPCDD - ok
11:08:01.0202 2988 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:08:01.0265 2988 rdpdr - ok
11:08:01.0374 2988 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
11:08:01.0421 2988 RDPWD - ok
11:08:01.0515 2988 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:08:01.0561 2988 RDSessMgr - ok
11:08:01.0640 2988 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:08:01.0655 2988 redbook - ok
11:08:01.0733 2988 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:08:01.0796 2988 RemoteAccess - ok
11:08:02.0124 2988 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:08:02.0155 2988 RemoteRegistry - ok
11:08:02.0280 2988 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:08:02.0311 2988 RpcLocator - ok
11:08:02.0624 2988 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
11:08:02.0624 2988 RpcSs - ok
11:08:02.0733 2988 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:08:02.0811 2988 RSVP - ok
11:08:02.0874 2988 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:08:02.0874 2988 SamSs - ok
11:08:03.0233 2988 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:08:03.0265 2988 SCardSvr - ok
11:08:03.0624 2988 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:08:03.0686 2988 Schedule - ok
11:08:03.0733 2988 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:08:03.0749 2988 Secdrv - ok
11:08:03.0811 2988 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:08:03.0827 2988 seclogon - ok
11:08:04.0249 2988 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
11:08:04.0483 2988 senfilt - ok
11:08:04.0546 2988 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:08:04.0561 2988 SENS - ok
11:08:04.0624 2988 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:08:04.0624 2988 serenum - ok
11:08:04.0671 2988 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:08:04.0686 2988 Serial - ok
11:08:04.0765 2988 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:08:04.0765 2988 Sfloppy - ok
11:08:04.0921 2988 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:08:05.0171 2988 SharedAccess - ok
11:08:05.0249 2988 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:08:05.0265 2988 ShellHWDetection - ok
11:08:05.0265 2988 Simbad - ok
11:08:05.0327 2988 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:08:05.0343 2988 sisagp - ok
11:08:06.0296 2988 SmcService (4f5deefb11bdf0b905bcce60674fc2b4) C:\Program Files\Symantec AntiVirus\Smc.exe
11:08:06.0874 2988 SmcService - ok
11:08:07.0483 2988 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
11:08:07.0577 2988 smwdm - ok
11:08:07.0733 2988 SNAC (88b46aab883225b879bb17106d342181) C:\Program Files\Symantec AntiVirus\SNAC.EXE
11:08:07.0858 2988 SNAC - ok
11:08:08.0124 2988 snapman (ffd9b64db2cd7b74b766c3a8452a5816) C:\WINDOWS\system32\DRIVERS\snapman.sys
11:08:08.0171 2988 snapman - ok
11:08:08.0218 2988 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:08:08.0218 2988 Sparrow - ok
11:08:08.0483 2988 SPBBCDrv (77780509a16a1df7f2d8531d21ddb9b9) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
11:08:08.0702 2988 SPBBCDrv - ok
11:08:08.0765 2988 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:08:08.0905 2988 splitter - ok
11:08:09.0155 2988 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:08:09.0186 2988 Spooler - ok
11:08:09.0265 2988 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:08:09.0280 2988 sr - ok
11:08:09.0390 2988 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:08:09.0452 2988 srservice - ok
11:08:09.0577 2988 SRTSP (5e4985a84f13abf5727bed3c50bd7031) C:\WINDOWS\system32\Drivers\SRTSP.SYS
11:08:09.0655 2988 SRTSP - ok
11:08:09.0890 2988 SRTSPL (8117dca2cdf9d11c441c473dc9631655) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
11:08:10.0139 2988 SRTSPL - ok
11:08:10.0233 2988 SRTSPX (5e89104af0dc94b659ea8ec3e66c3eeb) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
11:08:10.0249 2988 SRTSPX - ok
11:08:10.0421 2988 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:08:10.0530 2988 Srv - ok
11:08:10.0608 2988 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:08:10.0639 2988 SSDPSRV - ok
11:08:10.0796 2988 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:08:10.0952 2988 stisvc - ok
11:08:11.0093 2988 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:08:11.0093 2988 swenum - ok
11:08:11.0139 2988 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:08:11.0155 2988 swmidi - ok
11:08:11.0171 2988 SwPrv - ok
11:08:12.0327 2988 Symantec AntiVirus (2bd0ff900b443cf8eb30844f47a2b4a4) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
11:08:12.0343 2988 Symantec AntiVirus - ok
11:08:12.0702 2988 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:08:12.0718 2988 symc810 - ok
11:08:12.0749 2988 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:08:12.0764 2988 symc8xx - ok
11:08:12.0843 2988 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
11:08:12.0921 2988 SymEvent - ok
11:08:13.0093 2988 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
11:08:13.0108 2988 SYMREDRV - ok
11:08:13.0186 2988 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
11:08:13.0249 2988 SYMTDI - ok
11:08:13.0296 2988 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:08:13.0311 2988 sym_hi - ok
11:08:13.0343 2988 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:08:13.0358 2988 sym_u3 - ok
11:08:13.0436 2988 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:08:13.0452 2988 sysaudio - ok
11:08:13.0530 2988 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:08:13.0561 2988 SysmonLog - ok
11:08:13.0639 2988 SysPlant (f993e24ebbef8e9626fbea12a6b739f2) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
11:08:13.0671 2988 SysPlant - ok
11:08:13.0811 2988 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:08:13.0936 2988 TapiSrv - ok
11:08:14.0233 2988 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:08:14.0374 2988 Tcpip - ok
11:08:14.0421 2988 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:08:14.0436 2988 TDPIPE - ok
11:08:14.0780 2988 tdrpman251 (3630f5b8181554deecfe2e4252bc4c4c) C:\WINDOWS\system32\DRIVERS\tdrpm251.sys
11:08:15.0233 2988 tdrpman251 - ok
11:08:15.0249 2988 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:08:15.0264 2988 TDTCP - ok
11:08:15.0343 2988 Teefer2 (62f7d6e6f7f4ee9e300ed9a945534486) C:\WINDOWS\system32\DRIVERS\teefer2.sys
11:08:15.0358 2988 Teefer2 - ok
11:08:15.0421 2988 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:08:15.0436 2988 TermDD - ok
11:08:15.0577 2988 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:08:15.0671 2988 TermService - ok
11:08:15.0780 2988 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:08:15.0780 2988 Themes - ok
11:08:16.0311 2988 timounter (c820bfc70feb25ec877c49e81cd477c1) C:\WINDOWS\system32\DRIVERS\timntr.sys
11:08:16.0499 2988 timounter - ok
11:08:16.0561 2988 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
11:08:16.0608 2988 TlntSvr - ok
11:08:16.0655 2988 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:08:16.0655 2988 TosIde - ok
11:08:16.0733 2988 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:08:16.0780 2988 TrkWks - ok
11:08:16.0858 2988 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
11:08:16.0874 2988 tunmp - ok
11:08:16.0952 2988 ubloxusb (83b5f085421bd9d4df1026fe76962f35) C:\WINDOWS\system32\DRIVERS\ubloxusb.sys
11:08:17.0108 2988 ubloxusb - ok
11:08:17.0155 2988 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:08:17.0202 2988 Udfs - ok
11:08:17.0249 2988 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:08:17.0264 2988 ultra - ok
11:08:17.0468 2988 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:08:17.0593 2988 Update - ok
11:08:17.0702 2988 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:08:17.0764 2988 upnphost - ok
11:08:17.0780 2988 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:08:17.0796 2988 UPS - ok
11:08:17.0874 2988 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:08:17.0889 2988 usbehci - ok
11:08:17.0968 2988 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:08:18.0124 2988 usbhub - ok
11:08:18.0171 2988 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:08:18.0186 2988 usbohci - ok
11:08:18.0218 2988 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:08:18.0233 2988 usbprint - ok
11:08:18.0264 2988 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:08:18.0280 2988 usbscan - ok
11:08:18.0327 2988 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:08:18.0343 2988 USBSTOR - ok
11:08:18.0358 2988 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:08:18.0374 2988 usbuhci - ok
11:08:18.0405 2988 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
11:08:18.0405 2988 usb_rndisx - ok
11:08:18.0421 2988 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:08:18.0436 2988 VgaSave - ok
11:08:18.0499 2988 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:08:18.0514 2988 viaagp - ok
11:08:18.0530 2988 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:08:18.0530 2988 ViaIde - ok
11:08:18.0593 2988 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:08:18.0608 2988 VolSnap - ok
11:08:18.0764 2988 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:08:18.0858 2988 VSS - ok
11:08:19.0093 2988 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:08:19.0171 2988 w32time - ok
11:08:19.0249 2988 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:08:19.0264 2988 Wanarp - ok
11:08:19.0264 2988 WDICA - ok
11:08:19.0343 2988 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:08:19.0374 2988 wdmaud - ok
11:08:19.0452 2988 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:08:19.0483 2988 WebClient - ok
11:08:19.0624 2988 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:08:19.0671 2988 winmgmt - ok
11:08:19.0827 2988 WinVNC4 - ok
11:08:19.0889 2988 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:08:19.0905 2988 WmdmPmSN - ok
11:08:20.0436 2988 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
11:08:20.0624 2988 Wmi - ok
11:08:20.0686 2988 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:08:20.0733 2988 WmiApSrv - ok
11:08:21.0639 2988 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:08:21.0952 2988 WMPNetworkSvc - ok
11:08:22.0264 2988 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:08:22.0280 2988 WpdUsb - ok
11:08:22.0796 2988 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:08:23.0233 2988 WPFFontCache_v0400 - ok
11:08:23.0296 2988 WPS (e5788aeeb08055e006d5074adfa5e1e8) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
11:08:23.0311 2988 WPS - ok
11:08:23.0405 2988 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
11:08:23.0468 2988 WpsHelper - ok
11:08:23.0499 2988 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:08:23.0514 2988 WS2IFSL - ok
11:08:23.0577 2988 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:08:23.0624 2988 wscsvc - ok
11:08:23.0671 2988 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:08:23.0702 2988 wuauserv - ok
11:08:23.0780 2988 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:08:23.0827 2988 WudfPf - ok
11:08:23.0905 2988 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:08:23.0999 2988 WudfRd - ok
11:08:24.0171 2988 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:08:24.0186 2988 WudfSvc - ok
11:08:24.0405 2988 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:08:24.0561 2988 WZCSVC - ok
11:08:24.0655 2988 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:08:24.0702 2988 xmlprov - ok
11:08:24.0749 2988 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:08:25.0421 2988 \Device\Harddisk0\DR0 - ok
11:08:25.0436 2988 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR3
11:08:39.0124 2988 \Device\Harddisk1\DR3 - ok
11:08:39.0139 2988 Boot (0x1200) (ddcd615723aaceb164fb824a739e385e) \Device\Harddisk0\DR0\Partition0
11:08:39.0139 2988 \Device\Harddisk0\DR0\Partition0 - ok
11:08:39.0171 2988 Boot (0x1200) (a0727f5d294b21f607fbcf4e0428e5a4) \Device\Harddisk1\DR3\Partition0
11:08:39.0171 2988 \Device\Harddisk1\DR3\Partition0 - ok
11:08:39.0171 2988 ============================================================
11:08:39.0171 2988 Scan finished
11:08:39.0171 2988 ============================================================
11:08:39.0186 0320 Detected object count: 0
11:08:39.0186 0320 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:56 PM

Posted 09 August 2012 - 01:39 PM

did you get to run the aswMBR report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 chasingstillness

chasingstillness
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 09 August 2012 - 01:47 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-09 11:10:01
-----------------------------
11:10:01.389 OS Version: Windows 5.1.2600 Service Pack 3
11:10:01.389 Number of processors: 2 586 0x604
11:10:01.389 ComputerName: PAPCO27 UserName: dnewman
11:10:02.951 Initialize success
11:14:15.575 AVAST engine defs: 12080900
11:15:01.902 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
11:15:01.902 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
11:15:01.934 Disk 0 MBR read successfully
11:15:01.934 Disk 0 MBR scan
11:15:01.996 Disk 0 Windows XP default MBR code
11:15:02.012 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
11:15:02.027 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76238 MB offset 112455
11:15:02.043 Disk 0 scanning sectors +156248190
11:15:02.168 Disk 0 scanning C:\WINDOWS\system32\drivers
11:15:32.387 Service scanning
11:16:23.871 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
11:16:25.183 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
11:16:31.433 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
11:16:31.558 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
11:16:32.964 Modules scanning
11:16:49.605 Disk 0 trace - called modules:
11:16:49.636 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
11:16:49.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a477ab8]
11:16:49.636 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a494d98]
11:16:50.886 AVAST engine scan C:\WINDOWS
11:17:04.683 AVAST engine scan C:\WINDOWS\system32
11:26:28.070 AVAST engine scan C:\WINDOWS\system32\drivers
11:27:00.976 AVAST engine scan C:\Documents and Settings\DAWN
11:37:04.550 AVAST engine scan C:\Documents and Settings\All Users
11:40:21.643 Scan finished successfully
11:46:10.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DAWN\Desktop\MBR.dat"
11:46:10.047 The log file has been saved successfully to "C:\Documents and Settings\DAWN\Desktop\aswMBR.txt"

the aswMBR.txt took a while to run....

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:56 PM

Posted 09 August 2012 - 02:19 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Driver::
71458447

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 chasingstillness

chasingstillness
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 09 August 2012 - 02:26 PM

script is running now. i'm stepping out and will post the report in about 1.5 hours. thank you for your help!!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:56 PM

Posted 09 August 2012 - 02:55 PM

I will be around later



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 chasingstillness

chasingstillness
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 09 August 2012 - 03:37 PM

ComboFix 12-08-09.01 - dnewman 08/09/2012 12:25:08.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.816 [GMT -7:00]
Running from: c:\documents and settings\DAWN\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\DAWN\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_71458447
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-07 17:54 . 2012-08-07 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-08-06 19:33 . 2012-08-06 19:33 -------- d-----w- C:\_OTL
2012-08-06 19:17 . 2012-08-06 19:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-06 19:00 . 2012-08-06 19:00 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2012-08-06 19:00 . 2012-08-06 19:00 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-08-06 18:36 . 2012-08-06 18:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-08-06 18:36 . 2012-08-06 18:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LogMeIn
2012-07-24 20:25 . 2012-07-24 20:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-24 20:25 . 2012-07-24 20:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 15:03 . 2008-04-28 23:42 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-07-13 15:03 . 2008-04-28 23:42 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-13 15:03 . 2008-04-28 23:42 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-07-13 15:03 . 2008-04-28 23:42 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-03 20:46 . 2010-05-21 20:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2004-08-11 22:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 23:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-11 22:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-11 22:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2007-06-07 01:30 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-06-07 01:30 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2004-08-11 22:12 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2004-08-11 22:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2004-08-11 22:12 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2007-06-07 01:30 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2006-09-20 17:18 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2004-08-11 22:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2004-08-11 22:12 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2004-08-11 22:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2007-06-07 01:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2004-08-11 22:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2004-08-11 22:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-11 22:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-19 15:03 . 2008-04-28 23:42 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2012-05-19 15:03 . 2008-04-28 23:42 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2012-05-16 15:08 . 2004-08-11 22:00 916992 ----a-w- c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-06_19.55.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-09 01:33 . 2012-08-09 01:33 16384 c:\windows\temp\Perflib_Perfdata_8fc.dat
+ 2006-09-20 17:08 . 2012-08-09 12:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-09-20 17:08 . 2012-08-06 19:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-01 344064]
"Track4WinServer"="c:\program files\Track4Win Server\STServer.exe" [2007-07-25 690176]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-21 86016]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-17 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-07-13 15:03 87456 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OfficeCalendar Server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeCalendar Server.lnk
backup=c:\windows\pss\OfficeCalendar Server.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-10-22 21:55 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-04 02:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-04 02:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DefWatch"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AllAlertsDisabled"=dword:00000001
"TermService"=dword:00000001
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [5/21/2010 11:06 AM 902432]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [5/21/2010 11:06 AM 2326920]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/7/2011 7:21 PM 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 3:10 PM 12856]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [5/21/2010 11:06 AM 159168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 10:59 AM 106656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/11/2011 12:54 PM 136176]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [10/22/2008 2:55 PM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/11/2011 12:54 PM 136176]
S3 IMNPF;Packet Filter;c:\windows\system32\drivers\imnpf.sys --> c:\windows\system32\drivers\imnpf.sys [?]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys --> c:\windows\system32\DRIVERS\PTDMBus.sys [?]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys --> c:\windows\system32\DRIVERS\PTDMMdm.sys [?]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys --> c:\windows\system32\DRIVERS\PTDMVsp.sys [?]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys --> c:\windows\system32\DRIVERS\PTDMWWAN.sys [?]
S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [10/11/2011 12:50 PM 75264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 19:54]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 19:54]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-817491530-2211192106-510644849-1138Core.job
- c:\documents and settings\DAWN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 21:30]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-817491530-2211192106-510644849-1138UA.job
- c:\documents and settings\DAWN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 21:30]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.wslx.dealerconnection.com/login.cgi?WslIP=71.6.82.114&Back=hxxp://www.fmcdealer.dealerconnection.com/
IE: E&xport to Microsoft Excel
Trusted Zone: google.com\GROUPS
Trusted Zone: microsoft.com\*.update
Trusted Zone: opentable.com
Trusted Zone: windowsupdate.com\download
TCP: Interfaces\{169E910A-8551-4F2E-ADCC-7D281B022834}: NameServer = 172.16.128.2,206.13.31.12
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {10F594A3-DB58-4B48-87F2-D168B5C2B0E6} - hxxps://www.fedex.com/ship/ocx/ScaleActiveX.cab
DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://networksolutionsemailpopwizard.com/TrueSwitchEC.exe
FF - ProfilePath - c:\documents and settings\DAWN\Application Data\Mozilla\Firefox\Profiles\uome2vkc.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 13:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-817491530-2211192106-510644849-1138\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(752)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec AntiVirus\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Symantec AntiVirus\SmcGui.exe
c:\windows\StartupMonitor.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2012-08-09 13:35:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-09 20:35
ComboFix2.txt 2012-08-09 17:42
ComboFix3.txt 2012-08-06 19:57
.
Pre-Run: 24,423,981,056 bytes free
Post-Run: 24,439,603,200 bytes free
.
- - End Of File - - AAFD8F33481B8661FA0A48EC7121FF31




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users