Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple iexplorer.exe running and search engines not working


  • This topic is locked This topic is locked
129 replies to this topic

#1 pigfoot

pigfoot

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:10:41 PM

Posted 08 August 2012 - 11:53 PM

Not sure what I picked up but I am having as many as 7 IE explorer.exe running at once and when try to do a google search it is very very hescitent and then redirect to wrong site I tried to search. I also heard advertisements voices through my speakers when all my browsers was shut down by me. Also this popup comes up every few minutes which I include below. Please help. thanks.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.1
Run by Ken at 23:13:20 on 2012-08-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.533 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\devldr32.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ken\Local Settings\Application Data\Yandex\Updater\praetorian.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yandex.ru/?clid=48577
uSearch Page = hxxp://my.juno.com/s/search?r=minisearch
uSearch Bar = hxxp://my.juno.com/s/search?r=minisearch
uInternet Settings,ProxyServer = 218.7.13.186:80
uSearchAssistant =
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\juno\qsacc\X1IEBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Visual bookmarks: {c93f72a2-2162-4bba-a07a-f13663c297a6} - c:\program files\yandex\yandexbarie\fastdial.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: NetZero Toolbar Helper: {fe3098b0-04a3-41fd-8ca9-bea39cb14c87} - c:\program files\netzero\ucreg.dll
BHO: Juno Toolbar Helper: {fe3098b1-04a3-41fd-8ca9-bea39cb14c87} - c:\program files\juno\ucreg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: JunoBar: {5854fac4-5bf0-47dd-b5a9-a5ea8cff3cf4} - c:\program files\juno\Toolbar.dll
TB: Yandex.Bar: {91397d20-1446-11d4-8af4-0040ca1127b6} - c:\program files\yandex\yandexbarie\yndbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Praetorian] c:\documents and settings\ken\local settings\application data\yandex\updater\praetorian.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activex
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe
uPolicies-explorer: <NO NAME> =
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\HMIPCore.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230087268602
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ken\application data\mozilla\firefox\profiles\j7s5h6jz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=12234
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_03.dll
FF - plugin: c:\program files\java\jre7\bin\npoji610.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2009-9-28 24645]
R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [2009-2-7 220055]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 AVRedirector;AVRedirector;c:\program files\hide the ip\avredirector.exe --> c:\program files\hide the ip\AVRedirector.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-5-31 34248]
S3 SecureSrv;SecureSrv;c:\program files\hide my ip 2009\securesrv.exe --> c:\program files\hide my ip 2009\SecureSrv.exe [?]
S4 gupdate1ca13184601dd2;Google Update Service (gupdate1ca13184601dd2);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 133104]
.
=============== Created Last 30 ================
.
2012-08-08 09:47:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-21 08:13:47 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-21 08:13:47 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-07-25 22:44:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-25 22:44:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2001-08-18 12:00:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33:55 978944 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll
2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 23:13:48.35 ===============


I was trying to add the .zip attach txt as asked but when I try upload it here..I get this message..even though my file is 4.3kb only.
Error This file was too big to upload
Used 511.28K of your 512K global upload quota (Max. single file size: 742bytes)



Posted Image



Posted Image

Attached Files


Edited by pigfoot, 09 August 2012 - 12:33 AM.


BC AdBot (Login to Remove)

 


#2 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:10:41 PM

Posted 09 August 2012 - 02:26 AM

I deleted some attachments on one old topic of mine and finally got the attachment .txt to upload..hope this was ok.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 PM

Posted 10 August 2012 - 02:27 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:10:41 PM

Posted 10 August 2012 - 05:20 AM

The only thing I could get was the Security check. I tried running combo fix but it will not run properly. I see a popup box when I run combo..and in it it says extracting files but hangs up on output folder....then this popup box goes off and another pops up saying backing up some registry to Hiv backup in windows. No log file anywhere popping up. What should I do...I tried renaming combo fix but that not helped.


Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Online Scanner v3
`````````Anti-malware/Other Utilities Check:`````````
AdsGone Spyware Blocker Popup Killer 2009 8.0.0 build 1!
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
JavaFX 2.0.3
Java™ 7 Update 3
Java version out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader X (10.1.3)
Mozilla Firefox (3.5.19) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 20% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 PM

Posted 10 August 2012 - 06:45 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:10:41 PM

Posted 10 August 2012 - 07:16 PM

The 2 scans seemed to work ok...but on the aswMBR...was I suppose to click FIX or FIXMBR at the end....as I did not do it..I just saved the logs.

I notice also there is a few popups of IE errors while these scans were running.


17:29:14.0781 0172 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:29:16.0781 0172 ============================================================
17:29:16.0781 0172 Current date / time: 2012/08/10 17:29:16.0781
17:29:16.0781 0172 SystemInfo:
17:29:16.0781 0172
17:29:16.0781 0172 OS Version: 5.1.2600 ServicePack: 3.0
17:29:16.0781 0172 Product type: Workstation
17:29:16.0781 0172 ComputerName: KEN-RW9IJ6PKV6S
17:29:16.0781 0172 UserName: Ken
17:29:16.0781 0172 Windows directory: C:\WINDOWS
17:29:16.0781 0172 System windows directory: C:\WINDOWS
17:29:16.0781 0172 Processor architecture: Intel x86
17:29:16.0781 0172 Number of processors: 1
17:29:16.0781 0172 Page size: 0x1000
17:29:16.0781 0172 Boot type: Normal boot
17:29:16.0781 0172 ============================================================
17:29:18.0734 0172 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:29:18.0734 0172 ============================================================
17:29:18.0734 0172 \Device\Harddisk0\DR0:
17:29:18.0734 0172 MBR partitions:
17:29:18.0734 0172 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
17:29:18.0734 0172 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0xD1C993D
17:29:18.0734 0172 ============================================================
17:29:18.0765 0172 C: <-> \Device\Harddisk0\DR0\Partition0
17:29:18.0812 0172 F: <-> \Device\Harddisk0\DR0\Partition1
17:29:18.0812 0172 ============================================================
17:29:18.0812 0172 Initialize success
17:29:18.0812 0172 ============================================================
17:31:38.0031 3244 ============================================================
17:31:38.0031 3244 Scan started
17:31:38.0031 3244 Mode: Manual;
17:31:38.0031 3244 ============================================================
17:31:41.0203 3244 Abiosdsk - ok
17:31:41.0203 3244 abp480n5 - ok
17:31:41.0250 3244 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:31:41.0265 3244 ACPI - ok
17:31:41.0296 3244 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:31:41.0296 3244 ACPIEC - ok
17:31:41.0312 3244 adpu160m - ok
17:31:41.0359 3244 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:31:41.0375 3244 AFD - ok
17:31:41.0421 3244 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:31:41.0421 3244 agp440 - ok
17:31:41.0437 3244 Aha154x - ok
17:31:41.0453 3244 aic78u2 - ok
17:31:41.0453 3244 aic78xx - ok
17:31:41.0484 3244 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:31:41.0484 3244 Alerter - ok
17:31:41.0500 3244 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:31:41.0515 3244 ALG - ok
17:31:41.0515 3244 AliIde - ok
17:31:41.0531 3244 amsint - ok
17:31:41.0640 3244 Apache2.2 (8750b3454af73568be6203047a08f560) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
17:31:41.0640 3244 Apache2.2 - ok
17:31:41.0656 3244 AppMgmt - ok
17:31:41.0671 3244 asc - ok
17:31:41.0671 3244 asc3350p - ok
17:31:41.0687 3244 asc3550 - ok
17:31:41.0765 3244 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:31:41.0812 3244 aspnet_state - ok
17:31:41.0843 3244 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:31:41.0843 3244 AsyncMac - ok
17:31:41.0875 3244 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:31:41.0875 3244 atapi - ok
17:31:41.0890 3244 Atdisk - ok
17:31:41.0906 3244 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:31:41.0906 3244 Atmarpc - ok
17:31:41.0937 3244 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:31:41.0937 3244 AudioSrv - ok
17:31:41.0984 3244 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:31:41.0984 3244 audstub - ok
17:31:41.0984 3244 AVRedirector - ok
17:31:42.0031 3244 basic2 (9372cc48814a17e67c28945eb4acc189) C:\WINDOWS\system32\DRIVERS\basic2.sys
17:31:42.0031 3244 basic2 - ok
17:31:42.0093 3244 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:31:42.0093 3244 Beep - ok
17:31:42.0171 3244 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:31:42.0203 3244 BITS - ok
17:31:42.0234 3244 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:31:42.0234 3244 Browser - ok
17:31:42.0281 3244 bvrp_pci (c043ca48f1f5c00ff8272180fbbd15e9) C:\WINDOWS\system32\drivers\bvrp_pci.sys
17:31:42.0281 3244 bvrp_pci - ok
17:31:42.0281 3244 catchme - ok
17:31:42.0328 3244 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:31:42.0328 3244 cbidf2k - ok
17:31:42.0390 3244 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:31:42.0390 3244 CCDECODE - ok
17:31:42.0406 3244 cd20xrnt - ok
17:31:42.0437 3244 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:31:42.0437 3244 Cdaudio - ok
17:31:42.0468 3244 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:31:42.0468 3244 Cdfs - ok
17:31:42.0531 3244 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:31:42.0531 3244 Cdrom - ok
17:31:42.0546 3244 Changer - ok
17:31:42.0578 3244 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:31:42.0578 3244 cisvc - ok
17:31:42.0593 3244 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:31:42.0593 3244 ClipSrv - ok
17:31:42.0625 3244 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:31:42.0671 3244 clr_optimization_v2.0.50727_32 - ok
17:31:42.0687 3244 CmdIde - ok
17:31:42.0687 3244 COMSysApp - ok
17:31:42.0718 3244 Cpqarray - ok
17:31:42.0734 3244 Creative Service for CDROM Access - ok
17:31:42.0765 3244 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:31:42.0765 3244 CryptSvc - ok
17:31:42.0812 3244 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
17:31:42.0812 3244 ctljystk - ok
17:31:42.0828 3244 dac2w2k - ok
17:31:42.0843 3244 dac960nt - ok
17:31:42.0906 3244 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:31:42.0921 3244 DcomLaunch - ok
17:31:42.0968 3244 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:31:42.0968 3244 Dhcp - ok
17:31:43.0000 3244 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:31:43.0000 3244 Disk - ok
17:31:43.0000 3244 dmadmin - ok
17:31:43.0078 3244 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:31:43.0125 3244 dmboot - ok
17:31:43.0156 3244 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:31:43.0171 3244 dmio - ok
17:31:43.0203 3244 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:31:43.0203 3244 dmload - ok
17:31:43.0234 3244 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:31:43.0250 3244 dmserver - ok
17:31:43.0265 3244 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:31:43.0296 3244 DMusic - ok
17:31:43.0406 3244 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:31:43.0421 3244 Dnscache - ok
17:31:43.0546 3244 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:31:43.0546 3244 Dot3svc - ok
17:31:43.0562 3244 dpti2o - ok
17:31:43.0593 3244 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:31:43.0593 3244 drmkaud - ok
17:31:43.0640 3244 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:31:43.0640 3244 EapHost - ok
17:31:43.0718 3244 emu10k (ae4e46d96e9d33790c8617e36791b576) C:\WINDOWS\system32\drivers\emu10k1f.sys
17:31:43.0750 3244 emu10k - ok
17:31:43.0765 3244 emu10k1 (aadc81e967c25dd7c90e150fec6eab74) C:\WINDOWS\system32\drivers\ctlface.sys
17:31:43.0765 3244 emu10k1 - ok
17:31:43.0812 3244 Eplpdx02 (f9472131367d39435d750f5fa3d23582) C:\WINDOWS\system32\Drivers\EPLPDX02.SYS
17:31:43.0812 3244 Eplpdx02 - ok
17:31:43.0828 3244 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:31:43.0843 3244 ERSvc - ok
17:31:43.0875 3244 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:31:43.0890 3244 Eventlog - ok
17:31:43.0953 3244 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\Es.dll
17:31:43.0953 3244 EventSystem - ok
17:31:44.0015 3244 Fallback (9ea76a7f28cd968f8adc709e479f23b2) C:\WINDOWS\system32\DRIVERS\fallback.sys
17:31:44.0015 3244 Fallback - ok
17:31:44.0062 3244 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:31:44.0078 3244 Fastfat - ok
17:31:44.0140 3244 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:31:44.0156 3244 FastUserSwitchingCompatibility - ok
17:31:44.0187 3244 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:31:44.0187 3244 Fdc - ok
17:31:44.0234 3244 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:31:44.0234 3244 Fips - ok
17:31:44.0265 3244 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:31:44.0265 3244 Flpydisk - ok
17:31:44.0312 3244 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:31:44.0312 3244 FltMgr - ok
17:31:44.0390 3244 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:31:44.0406 3244 FontCache3.0.0.0 - ok
17:31:44.0453 3244 Fsks (b7b262d0431374f3afd1349e35b368d9) C:\WINDOWS\system32\DRIVERS\fsksnt.sys
17:31:44.0453 3244 Fsks - ok
17:31:44.0515 3244 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:31:44.0515 3244 Fs_Rec - ok
17:31:44.0562 3244 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:31:44.0562 3244 Ftdisk - ok
17:31:44.0578 3244 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:31:44.0578 3244 gameenum - ok
17:31:44.0609 3244 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:31:44.0609 3244 Gpc - ok
17:31:44.0687 3244 gupdate1ca13184601dd2 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
17:31:44.0703 3244 gupdate1ca13184601dd2 - ok
17:31:44.0703 3244 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
17:31:44.0703 3244 gupdatem - ok
17:31:44.0781 3244 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:31:44.0796 3244 helpsvc - ok
17:31:44.0796 3244 HidServ - ok
17:31:44.0843 3244 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:31:44.0843 3244 hkmsvc - ok
17:31:44.0859 3244 hpn - ok
17:31:44.0953 3244 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:31:44.0968 3244 hpqcxs08 - ok
17:31:44.0984 3244 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:31:45.0000 3244 hpqddsvc - ok
17:31:45.0015 3244 hpt3xx - ok
17:31:45.0078 3244 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:31:45.0078 3244 HPZid412 - ok
17:31:45.0140 3244 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:31:45.0140 3244 HPZipr12 - ok
17:31:45.0187 3244 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:31:45.0187 3244 HPZius12 - ok
17:31:45.0234 3244 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
17:31:45.0250 3244 HSFHWBS2 - ok
17:31:45.0328 3244 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
17:31:45.0390 3244 HSF_DP - ok
17:31:45.0437 3244 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
17:31:45.0468 3244 hsf_msft - ok
17:31:45.0515 3244 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
17:31:45.0546 3244 HTTP - ok
17:31:45.0578 3244 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:31:45.0578 3244 HTTPFilter - ok
17:31:45.0593 3244 i2omgmt - ok
17:31:45.0609 3244 i2omp - ok
17:31:45.0640 3244 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:31:45.0640 3244 i8042prt - ok
17:31:45.0843 3244 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:31:45.0890 3244 idsvc - ok
17:31:45.0921 3244 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:31:45.0921 3244 Imapi - ok
17:31:45.0953 3244 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:31:45.0968 3244 ImapiService - ok
17:31:46.0000 3244 ini910u - ok
17:31:46.0031 3244 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:31:46.0031 3244 IntelIde - ok
17:31:46.0062 3244 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:31:46.0062 3244 intelppm - ok
17:31:46.0093 3244 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:31:46.0093 3244 ip6fw - ok
17:31:46.0140 3244 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:31:46.0140 3244 IpFilterDriver - ok
17:31:46.0171 3244 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:31:46.0187 3244 IpInIp - ok
17:31:46.0218 3244 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:31:46.0234 3244 IpNat - ok
17:31:46.0265 3244 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:31:46.0265 3244 IPSec - ok
17:31:46.0296 3244 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:31:46.0296 3244 IRENUM - ok
17:31:46.0328 3244 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:31:46.0328 3244 isapnp - ok
17:31:46.0531 3244 JavaQuickStarterService (d9b1e929f2464d4c23fa9cb47df4a1d4) C:\Program Files\Java\jre7\bin\jqs.exe
17:31:46.0562 3244 JavaQuickStarterService - ok
17:31:46.0656 3244 K56 (a4e3277398c8aba999483d4c658c9696) C:\WINDOWS\system32\DRIVERS\k56nt.sys
17:31:46.0671 3244 K56 - ok
17:31:46.0718 3244 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:31:46.0718 3244 Kbdclass - ok
17:31:46.0765 3244 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:31:46.0781 3244 kmixer - ok
17:31:46.0796 3244 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
17:31:46.0796 3244 KSecDD - ok
17:31:46.0828 3244 lanmanserver (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
17:31:46.0843 3244 lanmanserver - ok
17:31:46.0875 3244 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:31:46.0890 3244 lanmanworkstation - ok
17:31:46.0906 3244 lbrtfdc - ok
17:31:46.0937 3244 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:31:46.0937 3244 LmHosts - ok
17:31:46.0953 3244 LVBulk (41be2475bf3ce38b44ecc98c6d3aed8b) C:\WINDOWS\system32\DRIVERS\LVBulk.sys
17:31:46.0953 3244 LVBulk - ok
17:31:46.0968 3244 ManyCam - ok
17:31:47.0031 3244 MDM (d1904a1fb31629eb9621d5ed2f2c3555) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
17:31:47.0046 3244 MDM - ok
17:31:47.0093 3244 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:31:47.0093 3244 mdmxsdk - ok
17:31:47.0156 3244 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:31:47.0156 3244 Messenger - ok
17:31:47.0203 3244 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
17:31:47.0203 3244 mferkdk - ok
17:31:47.0234 3244 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:31:47.0250 3244 mnmdd - ok
17:31:47.0296 3244 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
17:31:47.0296 3244 mnmsrvc - ok
17:31:47.0328 3244 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:31:47.0328 3244 Modem - ok
17:31:47.0375 3244 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:31:47.0375 3244 MODEMCSA - ok
17:31:47.0406 3244 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:31:47.0406 3244 Mouclass - ok
17:31:47.0437 3244 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:31:47.0437 3244 MountMgr - ok
17:31:47.0453 3244 mraid35x - ok
17:31:47.0484 3244 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:31:47.0500 3244 MRxDAV - ok
17:31:47.0562 3244 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:31:47.0578 3244 MRxSmb - ok
17:31:47.0625 3244 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
17:31:47.0625 3244 MSDTC - ok
17:31:47.0671 3244 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:31:47.0671 3244 Msfs - ok
17:31:47.0687 3244 MSIServer - ok
17:31:47.0703 3244 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:31:47.0718 3244 MSKSSRV - ok
17:31:47.0734 3244 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:31:47.0734 3244 MSPCLOCK - ok
17:31:47.0750 3244 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:31:47.0750 3244 MSPQM - ok
17:31:47.0765 3244 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:31:47.0765 3244 mssmbios - ok
17:31:47.0781 3244 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:31:47.0781 3244 MSTEE - ok
17:31:47.0812 3244 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:31:47.0828 3244 Mup - ok
17:31:47.0843 3244 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:31:47.0859 3244 NABTSFEC - ok
17:31:47.0906 3244 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:31:47.0921 3244 napagent - ok
17:31:47.0953 3244 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:31:47.0968 3244 NDIS - ok
17:31:47.0984 3244 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:31:47.0984 3244 NdisIP - ok
17:31:48.0015 3244 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:31:48.0015 3244 NdisTapi - ok
17:31:48.0062 3244 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:31:48.0062 3244 Ndisuio - ok
17:31:48.0109 3244 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:31:48.0109 3244 NdisWan - ok
17:31:48.0140 3244 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:31:48.0140 3244 NDProxy - ok
17:31:48.0234 3244 Nero BackItUp Scheduler 3 - ok
17:31:48.0281 3244 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
17:31:48.0281 3244 Net Driver HPZ12 - ok
17:31:48.0328 3244 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:31:48.0343 3244 NetBIOS - ok
17:31:48.0375 3244 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:31:48.0390 3244 NetBT - ok
17:31:48.0437 3244 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:31:48.0437 3244 NetDDE - ok
17:31:48.0453 3244 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:31:48.0453 3244 NetDDEdsdm - ok
17:31:48.0484 3244 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:31:48.0484 3244 Netlogon - ok
17:31:48.0500 3244 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:31:48.0515 3244 Netman - ok
17:31:48.0609 3244 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:31:48.0609 3244 NetTcpPortSharing - ok
17:31:48.0656 3244 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:31:48.0671 3244 Nla - ok
17:31:48.0718 3244 NMIndexingService (9b664c0186ec16ea8812831cecc80bc8) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:31:48.0734 3244 NMIndexingService - ok
17:31:48.0765 3244 NMSAccess - ok
17:31:48.0812 3244 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:31:48.0828 3244 Npfs - ok
17:31:48.0859 3244 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:31:48.0890 3244 Ntfs - ok
17:31:48.0921 3244 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
17:31:48.0921 3244 NtLmSsp - ok
17:31:48.0968 3244 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:31:48.0984 3244 NtmsSvc - ok
17:31:49.0031 3244 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:31:49.0031 3244 Null - ok
17:31:49.0140 3244 nv (71dbdc08df86b80511e72953fa1ad6b0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:31:49.0156 3244 nv - ok
17:31:49.0234 3244 NVSvc (f3fe060fae8d4a4b5d0fbec4659f798a) C:\WINDOWS\system32\nvsvc32.exe
17:31:49.0234 3244 NVSvc - ok
17:31:49.0281 3244 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:31:49.0281 3244 NwlnkFlt - ok
17:31:49.0296 3244 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:31:49.0296 3244 NwlnkFwd - ok
17:31:49.0359 3244 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
17:31:49.0359 3244 OMCI - ok
17:31:49.0406 3244 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:31:49.0406 3244 Parport - ok
17:31:49.0437 3244 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:31:49.0437 3244 PartMgr - ok
17:31:49.0468 3244 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:31:49.0468 3244 ParVdm - ok
17:31:49.0515 3244 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:31:49.0515 3244 PCI - ok
17:31:49.0531 3244 PCIDump - ok
17:31:49.0531 3244 PCIIde - ok
17:31:49.0593 3244 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:31:49.0593 3244 Pcmcia - ok
17:31:49.0609 3244 PDCOMP - ok
17:31:49.0625 3244 PDFRAME - ok
17:31:49.0625 3244 PDRELI - ok
17:31:49.0640 3244 PDRFRAME - ok
17:31:49.0656 3244 perc2 - ok
17:31:49.0671 3244 perc2hib - ok
17:31:49.0937 3244 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\system32\PfModNT.sys
17:31:49.0937 3244 PfModNT - ok
17:31:49.0984 3244 PID_0900_V (ed287ebcd8f736db55d221b8e6a684a1) C:\WINDOWS\system32\DRIVERS\LV551AV.sys
17:31:50.0000 3244 PID_0900_V - ok
17:31:50.0046 3244 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:31:50.0046 3244 PlugPlay - ok
17:31:50.0078 3244 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
17:31:50.0078 3244 Pml Driver HPZ12 - ok
17:31:50.0125 3244 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:31:50.0125 3244 PolicyAgent - ok
17:31:50.0171 3244 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:31:50.0171 3244 PptpMiniport - ok
17:31:50.0218 3244 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:31:50.0234 3244 Processor - ok
17:31:50.0234 3244 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:31:50.0250 3244 ProtectedStorage - ok
17:31:50.0265 3244 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:31:50.0265 3244 PSched - ok
17:31:50.0312 3244 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:31:50.0312 3244 Ptilink - ok
17:31:50.0343 3244 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:31:50.0343 3244 PxHelp20 - ok
17:31:50.0359 3244 ql1080 - ok
17:31:50.0375 3244 Ql10wnt - ok
17:31:50.0375 3244 ql12160 - ok
17:31:50.0390 3244 ql1240 - ok
17:31:50.0406 3244 ql1280 - ok
17:31:50.0421 3244 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:31:50.0421 3244 RasAcd - ok
17:31:50.0453 3244 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:31:50.0468 3244 RasAuto - ok
17:31:50.0484 3244 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:31:50.0500 3244 Rasl2tp - ok
17:31:50.0531 3244 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:31:50.0546 3244 RasMan - ok
17:31:50.0562 3244 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:31:50.0562 3244 RasPppoe - ok
17:31:50.0593 3244 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:31:50.0593 3244 Raspti - ok
17:31:50.0640 3244 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:31:50.0656 3244 Rdbss - ok
17:31:50.0671 3244 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:31:50.0671 3244 RDPCDD - ok
17:31:50.0718 3244 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
17:31:50.0734 3244 RDPWD - ok
17:31:50.0781 3244 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:31:50.0796 3244 RDSessMgr - ok
17:31:50.0812 3244 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:31:50.0812 3244 redbook - ok
17:31:50.0843 3244 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:31:50.0843 3244 RemoteAccess - ok
17:31:50.0890 3244 Rksample (4c35e57300a2dc5932a8e29efa527c32) C:\WINDOWS\system32\DRIVERS\rksample.sys
17:31:50.0890 3244 Rksample - ok
17:31:50.0921 3244 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
17:31:50.0921 3244 RpcLocator - ok
17:31:50.0953 3244 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:31:50.0968 3244 RpcSs - ok
17:31:51.0000 3244 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
17:31:51.0015 3244 RSVP - ok
17:31:51.0046 3244 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:31:51.0046 3244 rtl8139 - ok
17:31:51.0093 3244 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:31:51.0093 3244 SamSs - ok
17:31:51.0187 3244 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:31:51.0187 3244 SASDIFSV - ok
17:31:51.0234 3244 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:31:51.0234 3244 SASKUTIL - ok
17:31:51.0265 3244 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:31:51.0265 3244 SCardSvr - ok
17:31:51.0312 3244 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:31:51.0328 3244 Schedule - ok
17:31:51.0375 3244 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:31:51.0390 3244 Secdrv - ok
17:31:51.0406 3244 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:31:51.0421 3244 seclogon - ok
17:31:51.0421 3244 SecureSrv - ok
17:31:51.0453 3244 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:31:51.0453 3244 SENS - ok
17:31:51.0484 3244 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:31:51.0484 3244 serenum - ok
17:31:51.0515 3244 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:31:51.0515 3244 Serial - ok
17:31:51.0562 3244 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:31:51.0562 3244 Sfloppy - ok
17:31:51.0609 3244 sfman (28b740a66cb88be3d0cd93d5664d7d88) C:\WINDOWS\system32\drivers\sfman.sys
17:31:51.0609 3244 sfman - ok
17:31:51.0656 3244 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:31:51.0671 3244 SharedAccess - ok
17:31:51.0718 3244 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:31:51.0718 3244 ShellHWDetection - ok
17:31:51.0734 3244 Simbad - ok
17:31:51.0781 3244 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
17:31:51.0796 3244 SkypeUpdate - ok
17:31:51.0828 3244 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:31:51.0828 3244 SLIP - ok
17:31:51.0875 3244 SoftFax (413cfa795cad19a010889df0ec060408) C:\WINDOWS\system32\DRIVERS\faxnt.sys
17:31:51.0875 3244 SoftFax - ok
17:31:51.0890 3244 Sparrow - ok
17:31:51.0906 3244 SpeakerPhone (c11082c80723771c1979eacf7fdde1c3) C:\WINDOWS\system32\DRIVERS\spkpnt.sys
17:31:51.0906 3244 SpeakerPhone - ok
17:31:52.0390 3244 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:31:52.0390 3244 splitter - ok
17:31:52.0437 3244 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:31:52.0437 3244 Spooler - ok
17:31:52.0468 3244 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:31:52.0468 3244 sr - ok
17:31:52.0500 3244 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:31:52.0515 3244 srservice - ok
17:31:52.0562 3244 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:31:52.0562 3244 Srv - ok
17:31:52.0593 3244 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:31:52.0593 3244 SSDPSRV - ok
17:31:52.0625 3244 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:31:52.0640 3244 stisvc - ok
17:31:52.0687 3244 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:31:52.0687 3244 streamip - ok
17:31:52.0703 3244 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:31:52.0703 3244 swenum - ok
17:31:52.0734 3244 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:31:52.0734 3244 swmidi - ok
17:31:52.0750 3244 SwPrv - ok
17:31:52.0765 3244 symc810 - ok
17:31:52.0781 3244 symc8xx - ok
17:31:52.0796 3244 sym_hi - ok
17:31:52.0812 3244 sym_u3 - ok
17:31:52.0828 3244 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:31:52.0828 3244 sysaudio - ok
17:31:52.0875 3244 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:31:52.0890 3244 SysmonLog - ok
17:31:52.0921 3244 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:31:52.0921 3244 TapiSrv - ok
17:31:52.0984 3244 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:31:53.0000 3244 Tcpip - ok
17:31:53.0046 3244 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:31:53.0062 3244 TDPIPE - ok
17:31:53.0078 3244 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:31:53.0078 3244 TDTCP - ok
17:31:53.0109 3244 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:31:53.0109 3244 TermDD - ok
17:31:53.0171 3244 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:31:53.0187 3244 TermService - ok
17:31:53.0234 3244 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:31:53.0234 3244 Themes - ok
17:31:53.0281 3244 Tones (e0f10a379239b4fab319c55a9cd6bc96) C:\WINDOWS\system32\DRIVERS\tonesnt.sys
17:31:53.0281 3244 Tones - ok
17:31:53.0296 3244 TosIde - ok
17:31:53.0328 3244 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:31:53.0343 3244 TrkWks - ok
17:31:53.0390 3244 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:31:53.0390 3244 Udfs - ok
17:31:53.0406 3244 ultra - ok
17:31:53.0453 3244 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:31:53.0468 3244 Update - ok
17:31:53.0500 3244 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:31:53.0515 3244 upnphost - ok
17:31:53.0531 3244 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:31:53.0546 3244 UPS - ok
17:31:53.0578 3244 usbbus (b1503509d5e202c17dd78b3e1bf70049) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
17:31:53.0578 3244 usbbus - ok
17:31:53.0609 3244 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:31:53.0625 3244 usbccgp - ok
17:31:53.0656 3244 UsbDiag (456c04b39aa4066648c980e7042cd5f7) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
17:31:53.0656 3244 UsbDiag - ok
17:31:53.0671 3244 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:31:53.0687 3244 usbehci - ok
17:31:53.0734 3244 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:31:53.0734 3244 usbhub - ok
17:31:53.0750 3244 USBModem (5318918ffbcde39b1ab25ffab2561f99) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
17:31:53.0750 3244 USBModem - ok
17:31:53.0796 3244 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:31:53.0796 3244 usbprint - ok
17:31:53.0828 3244 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:31:53.0828 3244 usbscan - ok
17:31:53.0843 3244 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:31:53.0843 3244 USBSTOR - ok
17:31:53.0875 3244 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:31:53.0875 3244 usbuhci - ok
17:31:53.0921 3244 V124 (177b65899d418f8c8f037b20567a99d6) C:\WINDOWS\system32\DRIVERS\v124nt.sys
17:31:53.0937 3244 V124 - ok
17:31:53.0968 3244 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:31:53.0968 3244 VgaSave - ok
17:31:53.0984 3244 ViaIde - ok
17:31:54.0000 3244 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:31:54.0000 3244 VolSnap - ok
17:31:54.0078 3244 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:31:54.0093 3244 VSS - ok
17:31:54.0125 3244 vulfnths (c9a8ba443f809b70bccccd60cc73fa5c) C:\WINDOWS\System32\Drivers\vulfnth.sys
17:31:54.0125 3244 vulfnths - ok
17:31:54.0156 3244 vulfntrs (2d8c55889616f7767e9fb8adee37a02a) C:\WINDOWS\System32\Drivers\vulfntr.sys
17:31:54.0156 3244 vulfntrs - ok
17:31:54.0187 3244 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:31:54.0203 3244 W32Time - ok
17:31:54.0250 3244 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:31:54.0250 3244 Wanarp - ok
17:31:54.0265 3244 WDICA - ok
17:31:54.0281 3244 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:31:54.0281 3244 wdmaud - ok
17:31:54.0312 3244 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:31:54.0312 3244 WebClient - ok
17:31:54.0390 3244 winachsf (a941aa38e3951058e584c4bbddd56ed9) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:31:54.0390 3244 winachsf - ok
17:31:54.0453 3244 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:31:54.0453 3244 winmgmt - ok
17:31:54.0484 3244 WMDM PMSP Service - ok
17:31:54.0515 3244 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:31:54.0515 3244 WmdmPmSN - ok
17:31:54.0562 3244 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:31:54.0562 3244 WmiApSrv - ok
17:31:54.0703 3244 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:31:54.0718 3244 WMPNetworkSvc - ok
17:31:54.0781 3244 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:31:54.0781 3244 WpdUsb - ok
17:31:54.0812 3244 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:31:54.0812 3244 WS2IFSL - ok
17:31:54.0843 3244 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:31:54.0843 3244 wscsvc - ok
17:31:54.0875 3244 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:31:54.0875 3244 WSTCODEC - ok
17:31:54.0906 3244 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:31:54.0906 3244 wuauserv - ok
17:31:54.0953 3244 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:31:54.0953 3244 WudfPf - ok
17:31:54.0984 3244 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:31:54.0984 3244 WudfRd - ok
17:31:55.0031 3244 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:31:55.0031 3244 WudfSvc - ok
17:31:55.0093 3244 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:31:55.0140 3244 WZCSVC - ok
17:31:55.0171 3244 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:31:55.0187 3244 xmlprov - ok
17:31:55.0312 3244 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:31:55.0328 3244 YahooAUService - ok
17:31:55.0359 3244 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:31:55.0953 3244 \Device\Harddisk0\DR0 - ok
17:31:55.0968 3244 Boot (0x1200) (7f8a7c18912b99367140e6e5d0bc0a53) \Device\Harddisk0\DR0\Partition0
17:31:55.0968 3244 \Device\Harddisk0\DR0\Partition0 - ok
17:31:56.0000 3244 Boot (0x1200) (07d4cee1714b84927e55af10d51302a7) \Device\Harddisk0\DR0\Partition1
17:31:56.0000 3244 \Device\Harddisk0\DR0\Partition1 - ok
17:31:56.0000 3244 ============================================================
17:31:56.0000 3244 Scan finished
17:31:56.0000 3244 ============================================================
17:31:56.0015 0380 Detected object count: 0
17:31:56.0015 0380 Actual detected object count: 0

Attached Files



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 PM

Posted 10 August 2012 - 08:06 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
explorer.exe
svchost.exe
winlogon.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:10:41 PM

Posted 10 August 2012 - 11:37 PM

I added the scan you asked for and it is in an attachment. I also forgot to mention my internet connection goes out a lot and I get the popup saying LOCAL AREA CONNECTION- A network cable is unplugged...it happens a lot for no reason..maybe the trojan or malware which causes all the problems we trying to solve?

Also there is an svchost.exe causing my cpu to go to 100% and the pc is so slow it wont hardly do anything now.

Attached Files


Edited by pigfoot, 10 August 2012 - 11:44 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 PM

Posted 10 August 2012 - 11:48 PM

Greetings

Lets run this now.

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
CopyFile:
C:\WINDOWS\ServicePackFiles\i386\explorer.exe C:\WINDOWS\explorer.exe
C:\WINDOWS\ServicePackFiles\i386\svchost.exe C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\ServicePackFiles\i386\explorer.exe C:\WINDOWS\system32\dllcache\explorer.exe
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe C:\WINDOWS\system32\dllcache\winlogon.exe
C:\WINDOWS\ServicePackFiles\i386\svchost.exe C:\WINDOWS\system32\dllcache\svchost.exe
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:10:41 PM

Posted 11 August 2012 - 03:50 AM

Here is the report...I also forgot to tell you I am getting strange audio advertisements on my pc earlier..nothing to do with the webpages I was on..I closed the browser and it still continued. It was one advertisement for Lysol, Trojan condoms...so weird.



BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\explorer.exe", destinationFile = "\??\c:\windows\explorer.exe"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\svchost.exe", destinationFile = "\??\c:\windows\system32\svchost.exe"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\winlogon.exe", destinationFile = "\??\c:\windows\system32\winlogon.exe"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\explorer.exe", destinationFile = "\??\c:\windows\system32\dllcache\explorer.exe"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\winlogon.exe", destinationFile = "\??\c:\windows\system32\dllcache\winlogon.exe"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\svchost.exe", destinationFile = "\??\c:\windows\system32\dllcache\svchost.exe"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 PM

Posted 11 August 2012 - 03:52 AM

try and run combofix for me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:10:41 PM

Posted 11 August 2012 - 04:40 AM

Just tried to run Combo..it does same thing as before...stalls out on extracting part about halfways....then some backup registry popup starts then combo shuts off. Want me to put a screenshot of it..not sure if attachment fit here..might be too big?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 PM

Posted 11 August 2012 - 04:59 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 pigfoot

pigfoot
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MIAMI, FLORIDA, USA
  • Local time:10:41 PM

Posted 11 August 2012 - 05:19 AM

I tried to run in safe mode but it is still doing same thing..seems like it ran a little longer and backed up some more files in some registry popup..3 parts out of nine I think.. but combo did not finish and left no report. What actually happens when combo runs correct..how long and how many scans it makes..I not used in so long I forgot.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 PM

Posted 11 August 2012 - 12:05 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users