Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running extremely slow


  • This topic is locked This topic is locked
21 replies to this topic

#1 Sersey

Sersey

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 21 August 2012 - 11:31 PM

DDS LOG BELOW:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Andre at 22:27:19 on 2012-08-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.374 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Digital Line Detect\DLG.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Andre\Local Settings\Temporary Internet Files\Content.IE5\L8F6RE24\Defogger[1].exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.okayplayer.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: musicmatch.com\online
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.238.1.61 24.238.1.62 24.238.0.53
TCP: Interfaces\{B00CAEF3-A549-4D13-A789-9F8ED5631AA0} : DhcpNameServer = 24.238.1.61 24.238.1.62 24.238.0.53
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\andre\application data\mozilla\firefox\profiles\h0mkiqv9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/?cid=xfactiv_tech_main
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-17 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-17 108392]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-5-13 2440632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-14 106656]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120821.002\NAVENG.SYS [2012-8-21 92704]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120821.002\NAVEX15.SYS [2012-8-21 1601184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-29 136176]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-29 136176]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 22:28:40.49 ===============















ATTACH LOG BELOW:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/10/2009 9:44:05 PM
System Uptime: 8/15/2012 3:10:39 AM (163 hours ago)
.
Motherboard: Dell Inc. | | 0WG261
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 32.697 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP935: 5/24/2012 3:00:16 AM - Software Distribution Service 3.0
RP936: 5/25/2012 3:00:15 AM - Software Distribution Service 3.0
RP937: 5/25/2012 7:33:54 PM - Software Distribution Service 3.0
RP938: 5/25/2012 7:41:21 PM - Software Distribution Service 3.0
RP939: 5/26/2012 7:49:33 PM - System Checkpoint
RP940: 5/27/2012 9:16:11 PM - System Checkpoint
RP941: 5/28/2012 10:08:51 PM - System Checkpoint
RP942: 5/29/2012 10:15:56 PM - System Checkpoint
RP943: 5/30/2012 11:06:53 PM - System Checkpoint
RP944: 5/31/2012 11:07:01 PM - System Checkpoint
RP945: 6/2/2012 12:07:03 AM - System Checkpoint
RP946: 6/3/2012 12:17:50 AM - System Checkpoint
RP947: 6/4/2012 1:28:24 AM - System Checkpoint
RP948: 6/5/2012 2:15:24 AM - System Checkpoint
RP949: 6/5/2012 3:00:16 AM - Software Distribution Service 3.0
RP950: 6/6/2012 3:20:07 AM - System Checkpoint
RP951: 6/7/2012 4:20:09 AM - System Checkpoint
RP952: 6/8/2012 5:20:10 AM - System Checkpoint
RP953: 6/9/2012 5:35:07 AM - System Checkpoint
RP954: 6/10/2012 6:31:33 AM - System Checkpoint
RP955: 6/11/2012 7:26:28 AM - System Checkpoint
RP956: 6/12/2012 8:20:48 AM - System Checkpoint
RP957: 6/13/2012 3:00:19 AM - Software Distribution Service 3.0
RP958: 6/14/2012 3:20:53 AM - System Checkpoint
RP959: 6/15/2012 4:20:41 AM - System Checkpoint
RP960: 6/16/2012 4:21:48 AM - System Checkpoint
RP961: 6/17/2012 5:20:45 AM - System Checkpoint
RP962: 6/18/2012 6:20:46 AM - System Checkpoint
RP963: 6/19/2012 7:20:46 AM - System Checkpoint
RP964: 6/20/2012 8:20:47 AM - System Checkpoint
RP965: 6/21/2012 9:20:50 AM - System Checkpoint
RP966: 6/22/2012 10:20:49 AM - System Checkpoint
RP967: 6/23/2012 12:53:13 PM - System Checkpoint
RP968: 6/24/2012 1:47:13 PM - System Checkpoint
RP969: 6/25/2012 2:41:43 PM - System Checkpoint
RP970: 6/26/2012 3:36:55 PM - System Checkpoint
RP971: 6/27/2012 4:34:01 PM - System Checkpoint
RP972: 6/28/2012 4:35:25 PM - System Checkpoint
RP973: 6/29/2012 4:58:41 PM - System Checkpoint
RP974: 6/30/2012 5:35:46 PM - System Checkpoint
RP975: 7/1/2012 5:17:22 PM - Installed iTunes
RP976: 7/2/2012 6:10:04 PM - System Checkpoint
RP977: 7/3/2012 6:27:16 PM - System Checkpoint
RP978: 7/4/2012 6:47:47 PM - System Checkpoint
RP979: 7/5/2012 7:27:20 PM - System Checkpoint
RP980: 7/6/2012 8:44:51 PM - System Checkpoint
RP981: 7/7/2012 9:27:00 PM - System Checkpoint
RP982: 7/8/2012 10:26:54 PM - System Checkpoint
RP983: 7/9/2012 11:00:47 PM - System Checkpoint
RP984: 7/10/2012 11:27:02 PM - System Checkpoint
RP985: 7/11/2012 11:28:10 PM - System Checkpoint
RP986: 7/12/2012 3:00:15 AM - Software Distribution Service 3.0
RP987: 7/13/2012 3:25:07 AM - System Checkpoint
RP988: 7/15/2012 12:45:54 PM - ComboFix created restore point
RP989: 7/15/2012 1:48:21 PM - Removed Adobe Reader 9.5.0.
RP990: 7/15/2012 2:08:21 PM - Restore Operation
RP991: 7/15/2012 2:36:11 PM - Restore Operation
RP992: 7/16/2012 3:34:09 PM - System Checkpoint
RP993: 7/17/2012 3:38:44 PM - System Checkpoint
RP994: 7/18/2012 3:46:11 PM - System Checkpoint
RP995: 7/19/2012 3:52:41 PM - System Checkpoint
RP996: 7/20/2012 4:35:35 PM - System Checkpoint
RP997: 7/21/2012 5:31:50 PM - System Checkpoint
RP998: 7/22/2012 6:31:09 PM - System Checkpoint
RP999: 7/23/2012 10:34:19 PM - System Checkpoint
RP1000: 7/24/2012 11:28:27 PM - System Checkpoint
RP1001: 7/25/2012 11:57:13 PM - System Checkpoint
RP1002: 7/27/2012 12:16:37 AM - System Checkpoint
RP1003: 7/28/2012 1:10:19 AM - System Checkpoint
RP1004: 7/29/2012 2:05:24 AM - System Checkpoint
RP1005: 7/30/2012 3:01:39 AM - System Checkpoint
RP1006: 7/31/2012 3:55:18 AM - System Checkpoint
RP1007: 8/1/2012 4:49:46 AM - System Checkpoint
RP1008: 8/2/2012 5:47:03 AM - System Checkpoint
RP1009: 8/3/2012 6:44:13 AM - System Checkpoint
RP1010: 8/4/2012 7:43:32 AM - System Checkpoint
RP1011: 8/5/2012 7:51:49 AM - System Checkpoint
RP1012: 8/6/2012 8:44:40 AM - System Checkpoint
RP1013: 8/7/2012 8:46:00 AM - System Checkpoint
RP1014: 8/8/2012 9:44:50 AM - System Checkpoint
RP1015: 8/9/2012 9:45:26 AM - System Checkpoint
RP1016: 8/10/2012 10:03:08 AM - System Checkpoint
RP1017: 8/11/2012 10:34:03 AM - System Checkpoint
RP1018: 8/12/2012 11:00:57 AM - System Checkpoint
RP1019: 8/13/2012 12:07:29 PM - System Checkpoint
RP1020: 8/14/2012 1:02:09 PM - System Checkpoint
RP1021: 8/15/2012 3:00:15 AM - Software Distribution Service 3.0
RP1022: 8/16/2012 3:24:27 AM - System Checkpoint
RP1023: 8/17/2012 4:22:27 AM - System Checkpoint
RP1024: 8/18/2012 5:27:55 AM - System Checkpoint
RP1025: 8/19/2012 6:18:05 AM - System Checkpoint
RP1026: 8/20/2012 7:17:27 AM - System Checkpoint
RP1027: 8/21/2012 8:10:43 AM - System Checkpoint
.
==== Installed Programs ======================
.
810plc32
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Advertising Center
America Online (Choose which version to remove)
Any Video Converter 3.3.1
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Bonjour
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Dell AIO 810
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support 3.1
Dell System Restore
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink setup files
EducateU
ELIcon
ESET Online Scanner v3
ESPNMotion
ffdshow [rev 3154] [2009-12-09]
GemMaster Mystic
Get High Speed Internet!
Google Toolbar for Internet Explorer
Google Update Helper
HDtracks Download Manager
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Internet Service Offers Launcher
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 26
Learn2 Player (Uninstall Only)
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.5.9)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Nero 9 Essentials
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart OEM
neroxml
NetWaiting
NetZeroInstallers
Otto
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SCRABBLE (remove only)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Symantec Endpoint Protection
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Virtual DJ - Atomix Productions
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
Yahoo! BrowserPlus 2.6.0
.
==== End Of File ===========================
















GMER ARK.TXT LOG BELOW:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-22 00:22:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160828AS rev.8.04
Running: vpwn62qm.exe; Driver: C:\DOCUME~1\Andre\LOCALS~1\Temp\uxlyapoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwAllocateVirtualMemory [0xF76F7710]
SSDT 866218A8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xF76F7840]
SSDT 86622DC8 ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwWriteVirtualMemory [0xF76F7970]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Andre\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[408] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[408] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[408] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[408] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[408] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7217 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[408] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7149 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[408] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[408] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E701A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[408] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E707C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[408] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E727A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[408] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70DE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[408] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[408] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E757F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[572] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[572] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[572] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7217 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[572] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7149 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[572] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[572] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E701A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[572] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E707C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[572] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E727A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[572] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70DE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2104] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2104] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2104] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2104] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7217 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2104] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7149 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2104] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2104] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E701A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2104] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E707C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2104] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E727A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2104] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70DE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2104] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2104] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E757F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\SYMTDI \Device\SymTDI wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device EF22BD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 312496383
Disk \Device\Harddisk0\DR0 PE file @ sector 312496405

---- Files - GMER 1.0.15 ----

File C:\Program Files\Microsoft Silverlight 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\lt 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\lt\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\lt\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\lt\mscorrc.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\lt\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.Net.ni.dll 655360 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\agcore.dll 5970504 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\agcp.exe 16448 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ar 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ar\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ar\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ar\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ar\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\bg 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\bg\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\bg\mscorlib.resources.dll 5120 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\bg\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\bg\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ca 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ca\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ca\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ca\mscorrc.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ca\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\coreclr.dll 3519488 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\coregen.exe 74312 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\cs 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\cs\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\cs\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\cs\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\cs\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\da 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\da\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\da\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\da\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\da\system.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\de 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\de\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\de\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\de\mscorrc.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\de\system.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\el 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\el\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\el\mscorlib.resources.dll 5120 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\el\mscorrc.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\el\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\es 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\es\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\es\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\es\mscorrc.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\es\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\et 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\et\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\et\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\et\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\et\system.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\eu 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\eu\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\eu\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\eu\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\eu\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\fi 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\fi\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\fi\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\fi\mscorrc.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\fi\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\fr 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\fr\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\fr\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\fr\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\fr\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\he 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\he\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\he\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\he\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\he\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\hr 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\hr\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\hr\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\hr\mscorrc.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\hr\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\hu 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\hu\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\hu\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\hu\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\hu\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\id 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\id\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\id\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\id\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\id\system.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\it 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\it\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\it\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\it\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\it\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ja 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ja\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ja\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ja\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ja\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ko 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ko\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ko\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ko\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ko\system.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\lv 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\lv\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\lv\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\lv\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\lv\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\Microsoft.VisualBasic.dll 253952 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ms 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ms\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ms\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ms\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ms\system.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\mscorlib.dll 1589248 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\mscorlib.ni.dll 6185984 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\nl 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\nl\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\nl\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\nl\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\nl\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\no 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\no\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\no\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\no\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\no\system.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll 1026632 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrlui.dll 760832 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\pl 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\pl\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\pl\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\pl\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\pl\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\pt 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\pt\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\pt\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\pt\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\pt\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\pt-BR 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\pt-BR\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\pt-BR\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\pt-BR\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\pt-BR\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ro 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ro\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ro\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ro\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ro\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ru 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ru\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ru\mscorlib.resources.dll 5120 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ru\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\ru\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\Silverlight.Configuration.exe 351336 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\Silverlight.ConfigurationUI.dll 756224 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sk 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sk\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sk\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sk\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sk\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sl 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sl\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sl\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sl\mscorrc.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sl\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\SLMSPRBootstrap.dll 427608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\slr.dll.managed_manifest 5587 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sr-Cyrl-CS 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sr-Cyrl-CS\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sr-Cyrl-CS\mscorlib.resources.dll 5120 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sr-Cyrl-CS\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sr-Cyrl-CS\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sr-Latn-CS 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sr-Latn-CS\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sr-Latn-CS\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sr-Latn-CS\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sr-Latn-CS\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sv 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sv\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sv\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sv\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\sv\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.Core.dll 536576 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.Core.ni.dll 2365440 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\system.dll 233472 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.Net.dll 225280 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.ni.dll 665088 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.dll 413696 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.ni.dll 1186816 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.ServiceModel.dll 520192 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.ServiceModel.ni.dll 1598976 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.ServiceModel.Web.dll 73728 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.ServiceModel.Web.ni.dll 138240 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.Windows.Browser.dll 143360 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.Windows.Browser.ni.dll 375296 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.Windows.dll 1478656 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.Windows.ni.dll 4495872 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.Xml.dll 319488 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\System.Xml.ni.dll 844288 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\th 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\th\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\th\mscorlib.resources.dll 5120 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\th\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\th\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\tr 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\tr\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\tr\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\tr\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\tr\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\uk 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\uk\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\uk\mscorlib.resources.dll 5120 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\uk\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\uk\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\vi 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\vi\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\vi\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\vi\mscorrc.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\vi\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\zh-Hans 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\zh-Hans\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\zh-Hans\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\zh-Hans\mscorrc.dll 3584 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\zh-Hans\system.resources.dll 3584 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\zh-Hant 0 bytes
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\zh-Hant\Microsoft.VisualBasic.resources.dll 4096 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\zh-Hant\mscorlib.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\zh-Hant\mscorrc.dll 3584 bytes executable
File C:\Program Files\Microsoft Silverlight\4.1.10329.0\zh-Hant\system.resources.dll 4608 bytes executable
File C:\Program Files\Microsoft Silverlight\sllauncher.exe 490064 bytes
File C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll 21088 bytes executable

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 Sersey

Sersey
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 22 August 2012 - 12:01 AM

COMBOFIX LOG BELOW:



ComboFix 12-08-21.02 - Andre 08/22/2012 0:39.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.448 [GMT -4:00]
Running from: c:\documents and settings\Andre\Desktop\ComboFix2.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-22 03:27 . 2012-08-22 03:27 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2005-08-16 09:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2005-08-16 09:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2005-08-16 09:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-08-16 09:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2005-08-16 09:18 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2008-10-16 20:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2008-10-16 20:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 09:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 09:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-08-16 09:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2008-10-16 20:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2008-10-16 20:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-08-16 09:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 09:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 09:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2008-10-16 20:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 09:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 09:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-09_02.19.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-16 01:08 . 2012-08-16 01:08 16384 c:\windows\temp\Perflib_Perfdata_e04.dat
+ 2012-08-15 07:23 . 2012-08-15 07:23 16384 c:\windows\temp\Perflib_Perfdata_a90.dat
- 2005-08-16 09:18 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll
+ 2005-08-16 09:18 . 2012-07-02 17:49 67072 c:\windows\system32\mshtmled.dll
+ 2009-03-08 09:31 . 2012-07-02 17:49 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 09:31 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll
- 2005-08-16 09:18 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll
+ 2005-08-16 09:18 . 2012-07-02 17:49 25600 c:\windows\system32\jsproxy.dll
+ 2009-11-14 20:00 . 2012-07-02 17:49 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-11-14 20:00 . 2012-05-11 14:42 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-09-25 05:56 . 2012-07-02 17:49 67072 c:\windows\system32\dllcache\mshtmled.dll
- 2009-09-25 05:56 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-11-14 20:00 . 2012-07-02 17:49 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-11-14 20:00 . 2012-05-11 14:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 09:34 . 2012-07-02 17:49 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-03-08 09:34 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-09-25 05:56 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-09-25 05:56 . 2012-07-02 17:49 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2012-07-06 13:58 . 2012-07-06 13:58 78336 c:\windows\system32\dllcache\browser.dll
+ 2012-08-15 14:40 . 2012-08-15 14:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-11 02:41 . 2012-08-15 14:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-11-11 02:41 . 2012-03-17 07:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-08-15 14:40 . 2012-08-15 14:39 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-08-22 03:27 . 2012-08-22 03:27 39424 c:\windows\Installer\23472dc4.msi
+ 2012-08-22 03:27 . 2012-08-22 03:27 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 12800 c:\windows\ie8updates\KB2722913-IE8\xpshims.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 67072 c:\windows\ie8updates\KB2722913-IE8\mshtmled.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 55296 c:\windows\ie8updates\KB2722913-IE8\msfeedsbs.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 43520 c:\windows\ie8updates\KB2722913-IE8\licmgr10.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 25600 c:\windows\ie8updates\KB2722913-IE8\jsproxy.dll
- 2005-08-16 09:18 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll
+ 2005-08-16 09:18 . 2012-07-02 17:49 105984 c:\windows\system32\url.dll
- 2005-08-16 09:18 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll
+ 2005-08-16 09:18 . 2012-07-02 17:49 206848 c:\windows\system32\occache.dll
+ 2005-08-16 09:18 . 2012-07-06 13:58 337920 c:\windows\system32\netapi32.dll
- 2005-08-16 09:18 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll
+ 2005-08-16 09:18 . 2012-07-02 17:49 611840 c:\windows\system32\mstime.dll
- 2009-03-08 09:32 . 2012-05-11 14:42 629760 c:\windows\system32\msfeeds.dll
+ 2009-03-08 09:32 . 2012-07-02 17:49 629760 c:\windows\system32\msfeeds.dll
+ 2005-08-16 09:18 . 2012-05-14 09:22 345600 c:\windows\system32\localspl.dll
- 2005-08-16 09:18 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2005-08-16 09:18 . 2012-07-02 17:49 184320 c:\windows\system32\iepeers.dll
- 2005-08-16 09:18 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll
- 2005-08-16 09:18 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll
+ 2005-08-16 09:18 . 2012-07-02 17:49 387584 c:\windows\system32\iedkcs32.dll
- 2005-08-16 09:18 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe
+ 2005-08-16 09:18 . 2012-07-02 12:05 174080 c:\windows\system32\ie4uinit.exe
- 2005-08-16 09:27 . 2012-07-12 07:22 299640 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 09:27 . 2012-08-15 07:23 299640 c:\windows\system32\FNTCACHE.DAT
+ 2008-06-20 05:12 . 2010-09-11 02:32 167936 c:\windows\system32\drivers\WpsHelper.sys
- 2008-06-20 05:12 . 2011-06-22 23:05 167936 c:\windows\system32\drivers\WpsHelper.sys
+ 2009-09-25 05:56 . 2012-07-02 17:49 916992 c:\windows\system32\dllcache\wininet.dll
- 2009-09-25 05:56 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 09:34 . 2012-07-02 17:49 105984 c:\windows\system32\dllcache\url.dll
- 2009-03-08 09:34 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll
+ 2011-08-10 19:01 . 2012-07-04 14:05 139784 c:\windows\system32\dllcache\rdpwd.sys
- 2009-03-08 09:34 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 09:34 . 2012-07-02 17:49 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-11-11 20:39 . 2012-07-06 13:58 337920 c:\windows\system32\dllcache\netapi32.dll
+ 2009-09-25 05:56 . 2012-07-02 17:49 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-09-25 05:56 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-11-14 20:00 . 2012-07-02 17:49 629760 c:\windows\system32\dllcache\msfeeds.dll
- 2009-11-14 20:00 . 2012-05-11 14:42 629760 c:\windows\system32\dllcache\msfeeds.dll
- 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-05-07 15:32 . 2012-05-14 09:22 345600 c:\windows\system32\dllcache\localspl.dll
+ 2012-06-12 21:09 . 2012-07-02 17:49 521728 c:\windows\system32\dllcache\jsdbgui.dll
- 2012-06-12 21:09 . 2012-05-11 14:42 521728 c:\windows\system32\dllcache\jsdbgui.dll
+ 2009-11-14 20:00 . 2012-07-02 17:49 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-11-14 20:00 . 2012-05-11 14:42 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-09-25 05:56 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-09-25 05:56 . 2012-07-02 17:49 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-11 02:49 . 2012-05-11 14:42 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-11 02:49 . 2012-07-02 17:49 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 19:09 . 2012-07-02 17:49 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 19:09 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 09:32 . 2012-07-02 12:05 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 09:32 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2012-08-15 07:00 . 2012-05-16 15:08 916992 c:\windows\ie8updates\KB2722913-IE8\wininet.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 105984 c:\windows\ie8updates\KB2722913-IE8\url.dll
+ 2012-08-15 07:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2722913-IE8\spuninst\updspapi.dll
+ 2012-08-15 07:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2722913-IE8\spuninst\spuninst.exe
+ 2012-08-15 07:00 . 2012-05-11 14:42 206848 c:\windows\ie8updates\KB2722913-IE8\occache.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 611840 c:\windows\ie8updates\KB2722913-IE8\mstime.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 629760 c:\windows\ie8updates\KB2722913-IE8\msfeeds.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 521728 c:\windows\ie8updates\KB2722913-IE8\jsdbgui.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 247808 c:\windows\ie8updates\KB2722913-IE8\ieproxy.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 184320 c:\windows\ie8updates\KB2722913-IE8\iepeers.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 743424 c:\windows\ie8updates\KB2722913-IE8\iedvtool.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 387584 c:\windows\ie8updates\KB2722913-IE8\iedkcs32.dll
+ 2012-08-15 07:00 . 2012-05-11 11:38 174080 c:\windows\ie8updates\KB2722913-IE8\ie4uinit.exe
- 2005-08-16 09:18 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll
+ 2005-08-16 09:18 . 2012-07-02 17:49 1212416 c:\windows\system32\urlmon.dll
+ 2005-08-16 09:18 . 2012-07-02 17:49 6008320 c:\windows\system32\mshtml.dll
- 2009-03-08 09:32 . 2012-05-11 14:42 2000384 c:\windows\system32\iertutil.dll
+ 2009-03-08 09:32 . 2012-07-02 17:49 2000384 c:\windows\system32\iertutil.dll
+ 2009-08-14 13:21 . 2012-07-03 13:40 1866112 c:\windows\system32\dllcache\win32k.sys
- 2009-08-14 13:21 . 2012-06-13 13:19 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2009-09-25 05:56 . 2012-07-02 17:49 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2009-09-25 05:56 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-09-25 05:56 . 2012-07-02 17:49 6008320 c:\windows\system32\dllcache\mshtml.dll
+ 2009-11-14 20:00 . 2012-07-02 17:49 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2009-11-14 20:00 . 2012-05-11 14:42 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 1212416 c:\windows\ie8updates\KB2722913-IE8\urlmon.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 6007808 c:\windows\ie8updates\KB2722913-IE8\mshtml.dll
+ 2012-08-15 07:00 . 2012-05-11 14:42 2000384 c:\windows\ie8updates\KB2722913-IE8\iertutil.dll
+ 2010-01-22 01:07 . 2012-08-15 07:01 59884088 c:\windows\system32\MRT.exe
+ 2009-03-08 09:39 . 2012-07-03 03:19 11111424 c:\windows\system32\ieframe.dll
- 2009-03-08 09:39 . 2012-05-12 00:12 11111424 c:\windows\system32\ieframe.dll
- 2009-11-14 20:00 . 2012-05-12 00:12 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2009-11-14 20:00 . 2012-07-03 03:19 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2012-08-22 03:27 . 2012-08-22 03:27 20343808 c:\windows\Installer\23472dca.msp
+ 2012-08-15 07:00 . 2012-05-12 00:12 11111424 c:\windows\ie8updates\KB2722913-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-17 115560]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-27 24576]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/14/2012 3:44 PM 106656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2012 11:14 PM 136176]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 7:17 PM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2012 11:14 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uxlyapoc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-30 03:14]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-30 03:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.okayplayer.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 24.238.1.61 24.238.1.62 24.238.0.53
FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\h0mkiqv9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/?cid=xfactiv_tech_main
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-22 00:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2864)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-08-22 00:51:30
ComboFix-quarantined-files.txt 2012-08-22 04:51
ComboFix2.txt 2012-08-09 02:22
ComboFix3.txt 2012-07-15 16:59
ComboFix4.txt 2011-09-06 00:36
ComboFix5.txt 2012-08-22 04:36
.
Pre-Run: 35,011,891,200 bytes free
Post-Run: 35,051,728,896 bytes free
.
- - End Of File - - 737BFA9BCF8B020316F67B5C96F573AF

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 26 August 2012 - 01:45 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

The next thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Sersey

Sersey
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 26 August 2012 - 10:41 AM

SECURITY CHECK LOG BELOW:


Results of screen317's Security Check version 0.99.46
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 26
Java™ 6 Update 2
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (3.5.9) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````








OTL LOG BELOW:

OTL logfile created on: 8/26/2012 11:32:02 AM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Andre\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 429.34 Mb Available Physical Memory | 42.01% Memory free
2.40 Gb Paging File | 1.98 Gb Available in Paging File | 82.39% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 32.76 Gb Free Space | 22.70% Space Free | Partition Type: NTFS

Computer Name: DDN87X91 | User Name: Andre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Andre\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dlcgcoms.exe ( )
PRC - C:\Program Files\Dell AIO 810\DLCGmon.exe (Dell)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MOD - C:\Program Files\Dell AIO 810\DLCGcfg.dll ()
MOD - C:\Program Files\Dell AIO 810\dlcgtsfw.dll ()
MOD - C:\Program Files\Dell AIO 810\dlcgdrec.dll ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (dlcg_device) -- C:\WINDOWS\system32\dlcgcoms.exe ( )
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Andre\LOCALS~1\Temp\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120825.007\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120825.007\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SysPlant) -- C:\WINDOWS\system32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3672217857-1773724037-4224134468-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.okayplayer.com/
IE - HKU\S-1-5-21-3672217857-1773724037-4224134468-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3672217857-1773724037-4224134468-1005\..\SearchScopes\{4039EBFD-8347-4155-94DD-D35E94A62CB6}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3672217857-1773724037-4224134468-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3672217857-1773724037-4224134468-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.xfinity.com/?cid=xfactiv_tech_main"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.6.0: C:\Documents and Settings\Andre\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/15 14:38:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/15 14:39:41 | 000,000,000 | ---D | M]

[2009/11/14 17:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andre\Application Data\Mozilla\Extensions
[2012/02/19 23:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\h0mkiqv9.default\extensions
[2011/04/27 20:36:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\h0mkiqv9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/15 14:37:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/03 20:24:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/05 17:08:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/30 10:34:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/30 10:36:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/23 14:27:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/11/03 20:23:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/08/08 22:19:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.DLL ()
O4 - HKLM..\Run: [dlcgmon.exe] C:\Program Files\Dell AIO 810\dlcgmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3672217857-1773724037-4224134468-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3672217857-1773724037-4224134468-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3672217857-1773724037-4224134468-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3672217857-1773724037-4224134468-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-3672217857-1773724037-4224134468-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.238.1.61 24.238.1.62 24.238.0.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B00CAEF3-A549-4D13-A789-9F8ED5631AA0}: DhcpNameServer = 24.238.1.61 24.238.1.62 24.238.0.53
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Andre\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andre\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/26 11:31:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/08/21 23:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/08/21 23:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/08/21 22:27:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Andre\Desktop\dds.com
[2012/08/08 22:04:42 | 004,735,501 | R--- | C] (Swearware) -- C:\Documents and Settings\Andre\Desktop\ComboFix2.exe

========== Files - Modified Within 30 Days ==========

[2012/08/26 11:30:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Desktop\OTL.exe
[2012/08/26 11:27:11 | 000,881,581 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\SecurityCheck.exe
[2012/08/26 11:24:07 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/26 11:23:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/26 11:23:45 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/26 10:39:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/22 00:35:18 | 004,735,501 | R--- | M] (Swearware) -- C:\Documents and Settings\Andre\Desktop\ComboFix2.exe
[2012/08/21 22:32:37 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\vpwn62qm.exe
[2012/08/21 22:27:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Andre\Desktop\dds.com
[2012/08/20 20:18:41 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/15 03:23:04 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/15 03:05:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/08 22:19:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/07 20:04:38 | 000,001,254 | ---- | M] () -- C:\Documents and Settings\Andre\Desktop\Shortcut to The Catch.lnk

========== Files Created - No Company Name ==========

[2012/08/26 11:27:06 | 000,881,581 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\SecurityCheck.exe
[2012/08/21 22:32:32 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\vpwn62qm.exe
[2012/08/07 20:04:38 | 000,001,254 | ---- | C] () -- C:\Documents and Settings\Andre\Desktop\Shortcut to The Catch.lnk
[2012/08/07 20:04:25 | 001,367,485 | ---- | C] () -- C:\Documents and Settings\Andre\My Documents\The Catch.mp3
[2012/02/14 23:17:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/05 20:03:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/05 20:03:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/05 20:03:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/05 20:03:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/05 20:03:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/27 18:01:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/06 19:58:11 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/10 22:44:22 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\fusioncache.dat
[2005/08/16 05:18:29 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{ac6a81da-54fd-2a37-fc66-e0ca9214cc82}\@

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >

< End of report >







Computer is still slow to navigate online & slow to load and download any media

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 26 August 2012 - 02:55 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2005/08/16 05:18:29 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{ac6a81da-54fd-2a37-fc66-e0ca9214cc82}\@  
    :Files
    C:\WINDOWS\Installer\{ac6a81da-54fd-2a37-fc66-e0ca9214cc82}
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Sersey

Sersey
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 26 August 2012 - 03:27 PM

BELOW IS LOG FOR OTL CUSTOM SCRIPT:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\Installer\{ac6a81da-54fd-2a37-fc66-e0ca9214cc82}\@ moved successfully.
========== FILES ==========
C:\WINDOWS\Installer\{ac6a81da-54fd-2a37-fc66-e0ca9214cc82}\U folder moved successfully.
C:\WINDOWS\Installer\{ac6a81da-54fd-2a37-fc66-e0ca9214cc82}\L folder moved successfully.
C:\WINDOWS\Installer\{ac6a81da-54fd-2a37-fc66-e0ca9214cc82} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Andre\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Andre\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Andre
->Java cache emptied: 549377 bytes

User: Default User

User: HelpAssistant
->Java cache emptied: 0 bytes

User: HelpAssistant.DDN87X91
->Java cache emptied: 0 bytes

User: HelpAssistant.DDN87X91.000
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Andre
->Flash cache emptied: 8128149 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Flash cache emptied: 0 bytes

User: HelpAssistant.DDN87X91
->Flash cache emptied: 0 bytes

User: HelpAssistant.DDN87X91.000
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 8.00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 08262012_160008




I have not noticed where the computer is any quicker. Are my slow response issues related to a lack of memory/RAM? I dont know how much memory I have, but I do store a lot of music on the computer About 70GB. If there is a way to delete unecessary /unused applications that will make my processing time faster, please advise. What are the largest programs I coul delete that would make a difference?

But if space is not the problem, then disregard my question...

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 26 August 2012 - 03:44 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Sersey

Sersey
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 26 August 2012 - 04:15 PM

No improvements to load/processing time. COMBOFIX LOG BELOW:


ComboFix 12-08-25.04 - Andre 08/26/2012 16:52:15.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.473 [GMT -4:00]
Running from: c:\documents and settings\Andre\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wt
c:\windows\wt\data.wts
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdcaps.ded
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.jar
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wildtangent.jar
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html
c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt
c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded
c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll
c:\windows\wt\wtupdates\wtupdater\appinfo.dat
c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts
c:\windows\wt\wtvh.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-22 03:27 . 2012-08-22 03:27 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2005-08-16 09:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2005-08-16 09:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2005-08-16 09:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-08-16 09:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2005-08-16 09:18 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2008-10-16 20:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2008-10-16 20:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 09:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 09:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-08-16 09:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2008-10-16 20:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2008-10-16 20:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-08-16 09:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 09:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 09:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2008-10-16 20:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 09:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 09:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-22_04.48.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-26 15:24 . 2012-08-26 15:24 16384 c:\windows\temp\Perflib_Perfdata_834.dat
+ 2008-06-20 05:12 . 2011-07-08 20:44 167936 c:\windows\system32\drivers\WpsHelper.sys
- 2008-06-20 05:12 . 2010-09-11 02:32 167936 c:\windows\system32\drivers\WpsHelper.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-17 115560]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-27 24576]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/14/2012 3:44 PM 106656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2012 11:14 PM 136176]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 7:17 PM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2012 11:14 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-30 03:14]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-30 03:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.okayplayer.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 24.238.1.61 24.238.1.62 24.238.0.53
FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\h0mkiqv9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/?cid=xfactiv_tech_main
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-26 17:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-26 17:05:39
ComboFix-quarantined-files.txt 2012-08-26 21:05
ComboFix2.txt 2012-08-22 04:51
ComboFix3.txt 2012-08-09 02:22
ComboFix4.txt 2012-07-15 16:59
ComboFix5.txt 2012-08-26 20:50
.
Pre-Run: 35,139,047,424 bytes free
Post-Run: 35,138,306,048 bytes free
.
- - End Of File - - 8BA7C74E7CB3750E93CF1FA2E951CA54

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 26 August 2012 - 04:30 PM

Hello


I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Sersey

Sersey
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 26 August 2012 - 05:21 PM

Ok, I reset the DMA

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 26 August 2012 - 05:39 PM

status update please Did it help or not?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Sersey

Sersey
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 26 August 2012 - 05:45 PM

No noticable difference. Still very slow load times.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 26 August 2012 - 05:53 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Sersey

Sersey
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 26 August 2012 - 07:36 PM

TDSS KILLER LOG:

18:56:36.0630 2220 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:56:36.0989 2220 ============================================================
18:56:36.0989 2220 Current date / time: 2012/08/26 18:56:36.0989
18:56:36.0989 2220 SystemInfo:
18:56:36.0989 2220
18:56:36.0989 2220 OS Version: 5.1.2600 ServicePack: 3.0
18:56:36.0989 2220 Product type: Workstation
18:56:36.0989 2220 ComputerName: DDN87X91
18:56:36.0989 2220 UserName: Andre
18:56:36.0989 2220 Windows directory: C:\WINDOWS
18:56:36.0989 2220 System windows directory: C:\WINDOWS
18:56:36.0989 2220 Processor architecture: Intel x86
18:56:36.0989 2220 Number of processors: 2
18:56:36.0989 2220 Page size: 0x1000
18:56:36.0989 2220 Boot type: Normal boot
18:56:36.0989 2220 ============================================================
18:56:37.0880 2220 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:56:37.0895 2220 ============================================================
18:56:37.0895 2220 \Device\Harddisk0\DR0:
18:56:37.0895 2220 MBR partitions:
18:56:37.0895 2220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1209CE16
18:56:37.0895 2220 ============================================================
18:56:37.0911 2220 C: <-> \Device\Harddisk0\DR0\Partition1
18:56:37.0911 2220 ============================================================
18:56:37.0911 2220 Initialize success
18:56:37.0911 2220 ============================================================
18:57:10.0864 1972 ============================================================
18:57:10.0864 1972 Scan started
18:57:10.0864 1972 Mode: Manual;
18:57:10.0864 1972 ============================================================
18:57:11.0364 1972 ================ Scan system memory ========================
18:57:13.0302 1972 System memory - ok
18:57:13.0302 1972 ================ Scan services =============================
18:57:13.0380 1972 Abiosdsk - ok
18:57:13.0427 1972 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:57:13.0427 1972 abp480n5 - ok
18:57:13.0473 1972 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:57:13.0473 1972 ACPI - ok
18:57:13.0489 1972 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:57:13.0489 1972 ACPIEC - ok
18:57:13.0489 1972 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:57:13.0505 1972 adpu160m - ok
18:57:13.0552 1972 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:57:13.0552 1972 aec - ok
18:57:13.0598 1972 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:57:13.0598 1972 AFD - ok
18:57:13.0630 1972 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:57:13.0630 1972 agp440 - ok
18:57:13.0645 1972 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:57:13.0645 1972 agpCPQ - ok
18:57:13.0645 1972 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:57:13.0645 1972 Aha154x - ok
18:57:13.0661 1972 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:57:13.0661 1972 aic78u2 - ok
18:57:13.0677 1972 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:57:13.0677 1972 aic78xx - ok
18:57:13.0723 1972 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:57:13.0723 1972 Alerter - ok
18:57:13.0739 1972 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:57:13.0755 1972 ALG - ok
18:57:13.0755 1972 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
18:57:13.0755 1972 AliIde - ok
18:57:13.0802 1972 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:57:13.0817 1972 alim1541 - ok
18:57:13.0817 1972 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:57:13.0817 1972 amdagp - ok
18:57:13.0833 1972 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
18:57:13.0833 1972 amsint - ok
18:57:13.0973 1972 [ 8FA646F0E639D9A8C8B98E217D471DC0 ] AOL ACS C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
18:57:14.0005 1972 AOL ACS - ok
18:57:14.0083 1972 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:57:14.0083 1972 Apple Mobile Device - ok
18:57:14.0114 1972 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:57:14.0130 1972 AppMgmt - ok
18:57:14.0145 1972 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
18:57:14.0145 1972 asc - ok
18:57:14.0161 1972 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:57:14.0161 1972 asc3350p - ok
18:57:14.0161 1972 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:57:14.0177 1972 asc3550 - ok
18:57:14.0223 1972 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
18:57:14.0223 1972 ASCTRM - ok
18:57:14.0333 1972 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:57:14.0333 1972 aspnet_state - ok
18:57:14.0364 1972 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:57:14.0364 1972 AsyncMac - ok
18:57:14.0411 1972 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:57:14.0411 1972 atapi - ok
18:57:14.0411 1972 Atdisk - ok
18:57:14.0473 1972 [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
18:57:14.0473 1972 Ati HotKey Poller - ok
18:57:14.0552 1972 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:57:14.0630 1972 ati2mtag - ok
18:57:14.0723 1972 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:57:14.0723 1972 Atmarpc - ok
18:57:14.0786 1972 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:57:14.0786 1972 AudioSrv - ok
18:57:14.0817 1972 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:57:14.0817 1972 audstub - ok
18:57:14.0848 1972 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:57:14.0848 1972 Beep - ok
18:57:14.0880 1972 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:57:14.0911 1972 BITS - ok
18:57:14.0989 1972 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:57:14.0989 1972 Bonjour Service - ok
18:57:15.0036 1972 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
18:57:15.0036 1972 Browser - ok
18:57:15.0036 1972 bvrp_pci - ok
18:57:15.0161 1972 catchme - ok
18:57:15.0208 1972 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:57:15.0208 1972 cbidf - ok
18:57:15.0223 1972 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:57:15.0223 1972 cbidf2k - ok
18:57:15.0302 1972 [ 4ED0778CF4E1C2406DB5FD456F2ED746 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:57:15.0302 1972 ccEvtMgr - ok
18:57:15.0317 1972 [ 4ED0778CF4E1C2406DB5FD456F2ED746 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:57:15.0317 1972 ccSetMgr - ok
18:57:15.0333 1972 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:57:15.0333 1972 cd20xrnt - ok
18:57:15.0380 1972 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:57:15.0380 1972 Cdaudio - ok
18:57:15.0427 1972 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:57:15.0442 1972 Cdfs - ok
18:57:15.0489 1972 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:57:15.0489 1972 Cdrom - ok
18:57:15.0505 1972 Changer - ok
18:57:15.0552 1972 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:57:15.0552 1972 CiSvc - ok
18:57:15.0614 1972 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:57:15.0614 1972 ClipSrv - ok
18:57:15.0677 1972 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:57:15.0677 1972 clr_optimization_v2.0.50727_32 - ok
18:57:15.0739 1972 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:57:15.0739 1972 CmdIde - ok
18:57:15.0786 1972 [ 86A22DFF16E8CA67601044EFE6825537 ] COH_Mon C:\WINDOWS\system32\Drivers\COH_Mon.sys
18:57:15.0786 1972 COH_Mon - ok
18:57:15.0802 1972 COMSysApp - ok
18:57:15.0833 1972 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:57:15.0833 1972 Cpqarray - ok
18:57:15.0895 1972 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:57:15.0895 1972 CryptSvc - ok
18:57:15.0927 1972 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:57:15.0927 1972 dac2w2k - ok
18:57:15.0942 1972 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:57:15.0942 1972 dac960nt - ok
18:57:16.0005 1972 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:57:16.0005 1972 DcomLaunch - ok
18:57:16.0052 1972 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:57:16.0052 1972 Dhcp - ok
18:57:16.0067 1972 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:57:16.0067 1972 Disk - ok
18:57:16.0130 1972 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
18:57:16.0130 1972 DLABOIOM - ok
18:57:16.0145 1972 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
18:57:16.0145 1972 DLACDBHM - ok
18:57:16.0161 1972 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
18:57:16.0161 1972 DLADResN - ok
18:57:16.0177 1972 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
18:57:16.0177 1972 DLAIFS_M - ok
18:57:16.0192 1972 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
18:57:16.0192 1972 DLAOPIOM - ok
18:57:16.0208 1972 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
18:57:16.0208 1972 DLAPoolM - ok
18:57:16.0223 1972 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
18:57:16.0223 1972 DLARTL_N - ok
18:57:16.0239 1972 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
18:57:16.0239 1972 DLAUDFAM - ok
18:57:16.0239 1972 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
18:57:16.0255 1972 DLAUDF_M - ok
18:57:16.0255 1972 dlcg_device - ok
18:57:16.0270 1972 dmadmin - ok
18:57:16.0333 1972 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:57:16.0348 1972 dmboot - ok
18:57:16.0380 1972 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:57:16.0380 1972 dmio - ok
18:57:16.0380 1972 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:57:16.0380 1972 dmload - ok
18:57:16.0427 1972 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:57:16.0427 1972 dmserver - ok
18:57:16.0442 1972 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:57:16.0442 1972 DMusic - ok
18:57:16.0473 1972 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:57:16.0489 1972 Dnscache - ok
18:57:16.0520 1972 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:57:16.0536 1972 Dot3svc - ok
18:57:16.0536 1972 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:57:16.0536 1972 dpti2o - ok
18:57:16.0583 1972 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:57:16.0583 1972 drmkaud - ok
18:57:16.0598 1972 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
18:57:16.0598 1972 DRVMCDB - ok
18:57:16.0614 1972 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
18:57:16.0614 1972 DRVNDDM - ok
18:57:16.0645 1972 [ 95974E66D3DE4951D29E28E8BC0B644C ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:57:16.0645 1972 E100B - ok
18:57:16.0677 1972 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:57:16.0677 1972 EapHost - ok
18:57:16.0723 1972 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:57:16.0739 1972 eeCtrl - ok
18:57:16.0802 1972 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
18:57:16.0802 1972 ehRecvr - ok
18:57:16.0833 1972 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
18:57:16.0848 1972 ehSched - ok
18:57:16.0880 1972 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:57:16.0880 1972 EraserUtilRebootDrv - ok
18:57:16.0911 1972 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:57:16.0927 1972 ERSvc - ok
18:57:16.0942 1972 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:57:16.0942 1972 Eventlog - ok
18:57:16.0973 1972 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
18:57:16.0989 1972 EventSystem - ok
18:57:17.0036 1972 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:57:17.0036 1972 Fastfat - ok
18:57:17.0067 1972 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:57:17.0067 1972 FastUserSwitchingCompatibility - ok
18:57:17.0098 1972 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
18:57:17.0098 1972 Fax - ok
18:57:17.0130 1972 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:57:17.0130 1972 Fdc - ok
18:57:17.0161 1972 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:57:17.0161 1972 Fips - ok
18:57:17.0192 1972 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:57:17.0192 1972 Flpydisk - ok
18:57:17.0223 1972 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:57:17.0223 1972 FltMgr - ok
18:57:17.0302 1972 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:57:17.0302 1972 FontCache3.0.0.0 - ok
18:57:17.0348 1972 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:57:17.0348 1972 Fs_Rec - ok
18:57:17.0348 1972 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:57:17.0364 1972 Ftdisk - ok
18:57:17.0411 1972 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:57:17.0411 1972 GEARAspiWDM - ok
18:57:17.0411 1972 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:57:17.0411 1972 Gpc - ok
18:57:17.0489 1972 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:57:17.0505 1972 gupdate - ok
18:57:17.0505 1972 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:57:17.0505 1972 gupdatem - ok
18:57:17.0583 1972 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:57:17.0598 1972 gusvc - ok
18:57:17.0630 1972 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:57:17.0645 1972 HDAudBus - ok
18:57:17.0708 1972 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:57:17.0708 1972 helpsvc - ok
18:57:17.0723 1972 HidServ - ok
18:57:17.0770 1972 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:57:17.0770 1972 HidUsb - ok
18:57:17.0802 1972 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:57:17.0802 1972 hkmsvc - ok
18:57:17.0833 1972 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
18:57:17.0833 1972 hpn - ok
18:57:17.0880 1972 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
18:57:17.0880 1972 HSFHWBS2 - ok
18:57:17.0942 1972 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
18:57:17.0973 1972 HSF_DP - ok
18:57:18.0036 1972 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:57:18.0036 1972 HTTP - ok
18:57:18.0067 1972 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:57:18.0083 1972 HTTPFilter - ok
18:57:18.0114 1972 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
18:57:18.0114 1972 i2omgmt - ok
18:57:18.0130 1972 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:57:18.0130 1972 i2omp - ok
18:57:18.0161 1972 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:57:18.0161 1972 i8042prt - ok
18:57:18.0223 1972 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:57:18.0270 1972 ialm - ok
18:57:18.0348 1972 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:57:18.0364 1972 idsvc - ok
18:57:18.0411 1972 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:57:18.0411 1972 Imapi - ok
18:57:18.0442 1972 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:57:18.0458 1972 ImapiService - ok
18:57:18.0489 1972 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:57:18.0505 1972 ini910u - ok
18:57:18.0552 1972 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:57:18.0552 1972 IntelIde - ok
18:57:18.0614 1972 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:57:18.0614 1972 intelppm - ok
18:57:18.0677 1972 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:57:18.0677 1972 Ip6Fw - ok
18:57:18.0739 1972 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:57:18.0739 1972 IpFilterDriver - ok
18:57:18.0786 1972 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:57:18.0786 1972 IpInIp - ok
18:57:18.0817 1972 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:57:18.0817 1972 IpNat - ok
18:57:18.0895 1972 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:57:18.0911 1972 iPod Service - ok
18:57:18.0958 1972 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:57:18.0958 1972 IPSec - ok
18:57:19.0005 1972 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:57:19.0005 1972 IRENUM - ok
18:57:19.0036 1972 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:57:19.0036 1972 isapnp - ok
18:57:19.0145 1972 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:57:19.0145 1972 JavaQuickStarterService - ok
18:57:19.0161 1972 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:57:19.0161 1972 Kbdclass - ok
18:57:19.0177 1972 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:57:19.0192 1972 kbdhid - ok
18:57:19.0223 1972 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:57:19.0223 1972 kmixer - ok
18:57:19.0239 1972 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:57:19.0239 1972 KSecDD - ok
18:57:19.0270 1972 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:57:19.0286 1972 lanmanserver - ok
18:57:19.0317 1972 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:57:19.0317 1972 lanmanworkstation - ok
18:57:19.0333 1972 lbrtfdc - ok
18:57:19.0505 1972 [ 010FD2B41E75A98E3A4D23F44405F5C9 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
18:57:19.0614 1972 LiveUpdate - ok
18:57:19.0661 1972 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:57:19.0661 1972 LmHosts - ok
18:57:19.0692 1972 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
18:57:19.0708 1972 McrdSvc - ok
18:57:19.0739 1972 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:57:19.0739 1972 mdmxsdk - ok
18:57:19.0770 1972 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:57:19.0770 1972 Messenger - ok
18:57:19.0833 1972 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
18:57:19.0848 1972 MHN - ok
18:57:19.0848 1972 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:57:19.0848 1972 MHNDRV - ok
18:57:19.0895 1972 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:57:19.0895 1972 mnmdd - ok
18:57:19.0942 1972 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:57:19.0942 1972 mnmsrvc - ok
18:57:19.0958 1972 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:57:19.0973 1972 Modem - ok
18:57:19.0989 1972 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:57:19.0989 1972 MODEMCSA - ok
18:57:20.0005 1972 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:57:20.0005 1972 Mouclass - ok
18:57:20.0020 1972 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:57:20.0020 1972 mouhid - ok
18:57:20.0067 1972 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:57:20.0067 1972 MountMgr - ok
18:57:20.0083 1972 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:57:20.0083 1972 mraid35x - ok
18:57:20.0114 1972 MREMP50 - ok
18:57:20.0130 1972 MREMPR5 - ok
18:57:20.0145 1972 MRENDIS5 - ok
18:57:20.0145 1972 MRESP50 - ok
18:57:20.0192 1972 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:57:20.0192 1972 MRxDAV - ok
18:57:20.0255 1972 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:57:20.0255 1972 MRxSmb - ok
18:57:20.0317 1972 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:57:20.0317 1972 MSDTC - ok
18:57:20.0348 1972 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:57:20.0348 1972 Msfs - ok
18:57:20.0348 1972 MSIServer - ok
18:57:20.0364 1972 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:57:20.0364 1972 MSKSSRV - ok
18:57:20.0395 1972 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:57:20.0395 1972 MSPCLOCK - ok
18:57:20.0427 1972 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:57:20.0427 1972 MSPQM - ok
18:57:20.0458 1972 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:57:20.0458 1972 mssmbios - ok
18:57:20.0505 1972 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:57:20.0505 1972 Mup - ok
18:57:20.0552 1972 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:57:20.0552 1972 napagent - ok
18:57:20.0661 1972 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120825.007\NAVENG.SYS
18:57:20.0661 1972 NAVENG - ok
18:57:20.0739 1972 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120825.007\NAVEX15.SYS
18:57:20.0833 1972 NAVEX15 - ok
18:57:20.0848 1972 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:57:20.0848 1972 NDIS - ok
18:57:20.0895 1972 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:57:20.0895 1972 NdisTapi - ok
18:57:20.0942 1972 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:57:20.0942 1972 Ndisuio - ok
18:57:20.0942 1972 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:57:20.0958 1972 NdisWan - ok
18:57:21.0005 1972 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:57:21.0005 1972 NDProxy - ok
18:57:21.0114 1972 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:57:21.0130 1972 Nero BackItUp Scheduler 4.0 - ok
18:57:21.0192 1972 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:57:21.0192 1972 NetBIOS - ok
18:57:21.0208 1972 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:57:21.0208 1972 NetBT - ok
18:57:21.0239 1972 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:57:21.0255 1972 NetDDE - ok
18:57:21.0255 1972 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:57:21.0255 1972 NetDDEdsdm - ok
18:57:21.0333 1972 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:57:21.0333 1972 Netlogon - ok
18:57:21.0364 1972 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:57:21.0380 1972 Netman - ok
18:57:21.0473 1972 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
18:57:21.0473 1972 NetSvc - ok
18:57:21.0520 1972 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:57:21.0536 1972 NetTcpPortSharing - ok
18:57:21.0567 1972 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:57:21.0567 1972 Nla - ok
18:57:21.0630 1972 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:57:21.0630 1972 Npfs - ok
18:57:21.0661 1972 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:57:21.0677 1972 Ntfs - ok
18:57:21.0708 1972 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:57:21.0708 1972 NtLmSsp - ok
18:57:21.0770 1972 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:57:21.0770 1972 NtmsSvc - ok
18:57:21.0817 1972 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:57:21.0817 1972 Null - ok
18:57:21.0927 1972 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:57:22.0052 1972 nv - ok
18:57:22.0098 1972 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:57:22.0098 1972 NwlnkFlt - ok
18:57:22.0114 1972 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:57:22.0114 1972 NwlnkFwd - ok
18:57:22.0161 1972 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:57:22.0161 1972 ose - ok
18:57:22.0192 1972 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:57:22.0192 1972 Parport - ok
18:57:22.0223 1972 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:57:22.0223 1972 PartMgr - ok
18:57:22.0255 1972 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:57:22.0255 1972 ParVdm - ok
18:57:22.0255 1972 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:57:22.0270 1972 PCI - ok
18:57:22.0270 1972 PCIDump - ok
18:57:22.0286 1972 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:57:22.0286 1972 PCIIde - ok
18:57:22.0317 1972 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:57:22.0317 1972 Pcmcia - ok
18:57:22.0317 1972 PDCOMP - ok
18:57:22.0333 1972 PDFRAME - ok
18:57:22.0348 1972 PDRELI - ok
18:57:22.0348 1972 PDRFRAME - ok
18:57:22.0364 1972 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
18:57:22.0364 1972 perc2 - ok
18:57:22.0380 1972 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:57:22.0380 1972 perc2hib - ok
18:57:22.0427 1972 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:57:22.0427 1972 PlugPlay - ok
18:57:22.0442 1972 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:57:22.0442 1972 PolicyAgent - ok
18:57:22.0458 1972 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:57:22.0458 1972 PptpMiniport - ok
18:57:22.0473 1972 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:57:22.0473 1972 ProtectedStorage - ok
18:57:22.0473 1972 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:57:22.0489 1972 PSched - ok
18:57:22.0505 1972 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:57:22.0505 1972 Ptilink - ok
18:57:22.0567 1972 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:57:22.0567 1972 PxHelp20 - ok
18:57:22.0567 1972 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:57:22.0567 1972 ql1080 - ok
18:57:22.0583 1972 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:57:22.0583 1972 Ql10wnt - ok
18:57:22.0598 1972 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:57:22.0598 1972 ql12160 - ok
18:57:22.0598 1972 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:57:22.0598 1972 ql1240 - ok
18:57:22.0614 1972 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:57:22.0614 1972 ql1280 - ok
18:57:22.0645 1972 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:57:22.0645 1972 RasAcd - ok
18:57:22.0708 1972 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:57:22.0708 1972 RasAuto - ok
18:57:22.0723 1972 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:57:22.0739 1972 Rasl2tp - ok
18:57:22.0770 1972 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:57:22.0786 1972 RasMan - ok
18:57:22.0786 1972 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:57:22.0786 1972 RasPppoe - ok
18:57:22.0817 1972 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:57:22.0817 1972 Raspti - ok
18:57:22.0833 1972 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:57:22.0833 1972 Rdbss - ok
18:57:22.0848 1972 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:57:22.0848 1972 RDPCDD - ok
18:57:22.0880 1972 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:57:22.0880 1972 rdpdr - ok
18:57:22.0942 1972 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:57:22.0942 1972 RDPWD - ok
18:57:22.0989 1972 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:57:22.0989 1972 RDSessMgr - ok
18:57:23.0020 1972 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:57:23.0036 1972 redbook - ok
18:57:23.0098 1972 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:57:23.0098 1972 RemoteAccess - ok
18:57:23.0145 1972 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:57:23.0161 1972 RemoteRegistry - ok
18:57:23.0192 1972 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:57:23.0192 1972 RpcLocator - ok
18:57:23.0239 1972 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:57:23.0239 1972 RpcSs - ok
18:57:23.0286 1972 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:57:23.0302 1972 RSVP - ok
18:57:23.0317 1972 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:57:23.0317 1972 SamSs - ok
18:57:23.0364 1972 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:57:23.0364 1972 SCardSvr - ok
18:57:23.0395 1972 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:57:23.0395 1972 Schedule - ok
18:57:23.0427 1972 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:57:23.0427 1972 Secdrv - ok
18:57:23.0458 1972 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:57:23.0473 1972 seclogon - ok
18:57:23.0489 1972 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:57:23.0489 1972 SENS - ok
18:57:23.0520 1972 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:57:23.0520 1972 serenum - ok
18:57:23.0552 1972 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:57:23.0552 1972 Serial - ok
18:57:23.0583 1972 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:57:23.0583 1972 Sfloppy - ok
18:57:23.0630 1972 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:57:23.0645 1972 SharedAccess - ok
18:57:23.0661 1972 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:57:23.0661 1972 ShellHWDetection - ok
18:57:23.0661 1972 Simbad - ok
18:57:23.0708 1972 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:57:23.0708 1972 sisagp - ok
18:57:23.0817 1972 [ E9859A09625B68225F9BF35838D4CFD5 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
18:57:23.0880 1972 SmcService - ok
18:57:23.0927 1972 [ D3B6133B0BF6620643E5F36DE1F54AB6 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
18:57:23.0942 1972 SNAC - ok
18:57:23.0989 1972 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:57:23.0989 1972 Sparrow - ok
18:57:24.0052 1972 [ D7BB213566E16BCA372E2CB517EDA907 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:57:24.0052 1972 SPBBCDrv - ok
18:57:24.0098 1972 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:57:24.0098 1972 splitter - ok
18:57:24.0145 1972 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:57:24.0145 1972 Spooler - ok
18:57:24.0161 1972 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:57:24.0161 1972 sr - ok
18:57:24.0208 1972 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:57:24.0208 1972 srservice - ok
18:57:24.0223 1972 [ 3CB2F35789632F0BAE8A1B9EDB08E965 ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP.SYS
18:57:24.0239 1972 SRTSP - ok
18:57:24.0302 1972 [ D69F1BE5FD6DA685A4C0E36D58A29E85 ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL.SYS
18:57:24.0302 1972 SRTSPL - ok
18:57:24.0348 1972 [ 1AF60C53C43E2E672BBDA3BA9A947D48 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX.SYS
18:57:24.0348 1972 SRTSPX - ok
18:57:24.0380 1972 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:57:24.0380 1972 Srv - ok
18:57:24.0411 1972 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:57:24.0411 1972 SSDPSRV - ok
18:57:24.0473 1972 [ 2A2DC39623ADEF8AB3703AB9FAC4B440 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
18:57:24.0505 1972 STHDA - ok
18:57:24.0552 1972 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:57:24.0567 1972 stisvc - ok
18:57:24.0598 1972 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:57:24.0598 1972 swenum - ok
18:57:24.0645 1972 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:57:24.0645 1972 swmidi - ok
18:57:24.0677 1972 SwPrv - ok
18:57:24.0802 1972 [ DA035C6CD2684E3160B9D0A66176814C ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
18:57:24.0895 1972 Symantec AntiVirus - ok
18:57:24.0927 1972 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
18:57:24.0927 1972 symc810 - ok
18:57:24.0942 1972 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:57:24.0942 1972 symc8xx - ok
18:57:24.0973 1972 [ E03EE3EF1037099554D17BED99545A5E ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:57:24.0989 1972 SymEvent - ok
18:57:25.0052 1972 [ BE3C117150C055E50A4CAF23E548C856 ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
18:57:25.0052 1972 SYMREDRV - ok
18:57:25.0067 1972 [ 7B0AF4E22B32F8C5BFBA5A5D53522160 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
18:57:25.0067 1972 SYMTDI - ok
18:57:25.0083 1972 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:57:25.0083 1972 sym_hi - ok
18:57:25.0098 1972 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:57:25.0098 1972 sym_u3 - ok
18:57:25.0161 1972 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:57:25.0161 1972 sysaudio - ok
18:57:25.0208 1972 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:57:25.0208 1972 SysmonLog - ok
18:57:25.0223 1972 [ 6CCBB4B7E72C8EE59E0B649B4FEEC3D1 ] SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
18:57:25.0223 1972 SysPlant - ok
18:57:25.0286 1972 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:57:25.0286 1972 TapiSrv - ok
18:57:25.0317 1972 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:57:25.0333 1972 Tcpip - ok
18:57:25.0348 1972 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:57:25.0348 1972 TDPIPE - ok
18:57:25.0380 1972 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:57:25.0380 1972 TDTCP - ok
18:57:25.0395 1972 [ 0DC098CC18A974E7C1E96E6846BD06E4 ] Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys
18:57:25.0395 1972 Teefer2 - ok
18:57:25.0411 1972 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:57:25.0411 1972 TermDD - ok
18:57:25.0458 1972 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:57:25.0473 1972 TermService - ok
18:57:25.0489 1972 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:57:25.0489 1972 Themes - ok
18:57:25.0552 1972 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:57:25.0552 1972 TlntSvr - ok
18:57:25.0598 1972 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
18:57:25.0598 1972 TosIde - ok
18:57:25.0614 1972 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:57:25.0630 1972 TrkWks - ok
18:57:25.0661 1972 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:57:25.0661 1972 Udfs - ok
18:57:25.0677 1972 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
18:57:25.0692 1972 ultra - ok
18:57:25.0739 1972 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:57:25.0739 1972 Update - ok
18:57:25.0786 1972 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:57:25.0786 1972 upnphost - ok
18:57:25.0802 1972 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:57:25.0802 1972 UPS - ok
18:57:25.0833 1972 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
18:57:25.0833 1972 USBAAPL - ok
18:57:25.0880 1972 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:57:25.0880 1972 usbccgp - ok
18:57:25.0895 1972 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:57:25.0895 1972 usbehci - ok
18:57:25.0911 1972 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:57:25.0911 1972 usbhub - ok
18:57:25.0927 1972 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:57:25.0927 1972 usbprint - ok
18:57:25.0958 1972 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:57:25.0958 1972 usbscan - ok
18:57:25.0973 1972 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:57:25.0973 1972 USBSTOR - ok
18:57:25.0989 1972 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:57:25.0989 1972 usbuhci - ok
18:57:25.0989 1972 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:57:25.0989 1972 VgaSave - ok
18:57:26.0036 1972 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:57:26.0036 1972 viaagp - ok
18:57:26.0067 1972 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
18:57:26.0067 1972 ViaIde - ok
18:57:26.0114 1972 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:57:26.0114 1972 VolSnap - ok
18:57:26.0161 1972 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:57:26.0161 1972 VSS - ok
18:57:26.0192 1972 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
18:57:26.0192 1972 w32time - ok
18:57:26.0239 1972 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:57:26.0239 1972 Wanarp - ok
18:57:26.0270 1972 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
18:57:26.0270 1972 wanatw - ok
18:57:26.0286 1972 WDICA - ok
18:57:26.0317 1972 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:57:26.0317 1972 wdmaud - ok
18:57:26.0333 1972 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:57:26.0333 1972 WebClient - ok
18:57:26.0364 1972 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:57:26.0380 1972 winachsf - ok
18:57:26.0473 1972 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:57:26.0489 1972 winmgmt - ok
18:57:26.0520 1972 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:57:26.0520 1972 WmdmPmSN - ok
18:57:26.0552 1972 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:57:26.0567 1972 Wmi - ok
18:57:26.0598 1972 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:57:26.0614 1972 WmiApSrv - ok
18:57:26.0786 1972 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:57:26.0802 1972 WMPNetworkSvc - ok
18:57:26.0848 1972 [ 0CDBEA86A391F11918AF8576C7844A3F ] WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys
18:57:26.0848 1972 WPS - ok
18:57:26.0880 1972 [ FF983A25AE6F7D3F87F26BF51F02A201 ] WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys
18:57:26.0880 1972 WpsHelper - ok
18:57:26.0911 1972 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:57:26.0911 1972 WS2IFSL - ok
18:57:26.0942 1972 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:57:26.0958 1972 wscsvc - ok
18:57:26.0973 1972 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:57:26.0973 1972 wuauserv - ok
18:57:27.0020 1972 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:57:27.0020 1972 WudfPf - ok
18:57:27.0067 1972 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:57:27.0067 1972 WudfRd - ok
18:57:27.0114 1972 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:57:27.0114 1972 WudfSvc - ok
18:57:27.0161 1972 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:57:27.0177 1972 WZCSVC - ok
18:57:27.0208 1972 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:57:27.0223 1972 xmlprov - ok
18:57:27.0223 1972 ================ Scan global ===============================
18:57:27.0270 1972 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:57:27.0302 1972 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:57:27.0317 1972 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:57:27.0348 1972 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:57:27.0348 1972 [Global] - ok
18:57:27.0348 1972 ================ Scan MBR ==================================
18:57:27.0364 1972 [ 91722E6BC3A2B40FF00222DCA4A3DB3E ] \Device\Harddisk0\DR0
18:57:27.0395 1972 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
18:57:27.0395 1972 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
18:57:27.0395 1972 ================ Scan VBR ==================================
18:57:27.0427 1972 [ 9CE906CE7C3255CB56AB395C1B77A41A ] \Device\Harddisk0\DR0\Partition1
18:57:27.0427 1972 \Device\Harddisk0\DR0\Partition1 - ok
18:57:27.0427 1972 ============================================================
18:57:27.0427 1972 Scan finished
18:57:27.0427 1972 ============================================================
18:57:27.0442 3228 Detected object count: 1
18:57:27.0442 3228 Actual detected object count: 1
18:57:40.0473 3228 \Device\Harddisk0\DR0\# - copied to quarantine
18:57:40.0489 3228 \Device\Harddisk0\DR0 - copied to quarantine
18:57:40.0520 3228 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
18:57:40.0536 3228 \Device\Harddisk0\DR0 - ok
18:57:40.0536 3228 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
18:57:50.0755 3052 Deinitialize success









AWSMBR LOG:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-26 19:47:42
-----------------------------
19:47:42.562 OS Version: Windows 5.1.2600 Service Pack 3
19:47:42.562 Number of processors: 2 586 0x403
19:47:42.562 ComputerName: DDN87X91 UserName: Andre
19:47:42.875 Initialize success
19:47:52.265 AVAST engine defs: 12082601
19:47:55.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
19:47:55.437 Disk 0 Vendor: ST3160828AS 8.04 Size: 152587MB BusType: 3
19:47:55.453 Disk 0 MBR read successfully
19:47:55.453 Disk 0 MBR scan
19:47:55.515 Disk 0 unknown MBR code
19:47:55.515 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
19:47:55.546 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147769 MB offset 112455
19:47:55.593 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 302760990
19:47:55.609 Disk 0 scanning sectors +312496380
19:47:55.656 Disk 0 malicious Win32:MBRoot code @ sector 312496383 !
19:47:55.765 Disk 0 scanning C:\WINDOWS\system32\drivers
19:48:25.453 Service scanning
19:48:43.578 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
19:48:43.890 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
19:48:46.093 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
19:48:46.156 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
19:48:47.125 Modules scanning
19:49:03.125 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
19:49:06.234 Disk 0 trace - called modules:
19:49:06.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
19:49:06.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d93ab8]
19:49:06.296 3 CLASSPNP.SYS[f74d2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86d75d98]
19:49:06.734 AVAST engine scan C:\WINDOWS
19:49:58.406 AVAST engine scan C:\WINDOWS\system32
19:57:36.703 AVAST engine scan C:\WINDOWS\system32\drivers
19:58:33.234 AVAST engine scan C:\Documents and Settings\Andre
20:29:50.171 AVAST engine scan C:\Documents and Settings\All Users
20:31:28.968 Scan finished successfully
20:31:51.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Andre\Desktop\MBR.dat"
20:31:51.609 The log file has been saved successfully to "C:\Documents and Settings\Andre\Desktop\aswMBR.txt"



PLEASE NOTE: While I was running AWSMBR, My Symantec Antivirus software detected the following:

SecurityRisk.ADH -Cleaned By Deletion
Trojan.Gen.2 -Quarantined

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 26 August 2012 - 08:52 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users