Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google keeps redirecting


  • This topic is locked This topic is locked
23 replies to this topic

#1 ouchman

ouchman

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 31 August 2012 - 12:06 AM

I ran scans with McAffee and Malwarebytes but the google redirects still happen. My computer appears to be fine otherwise but am worried about logging into any of my accounts while the redirects still happen. I really appreciate any help I can get.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jamie at 17:16:39 on 2012-08-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2666 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\WINDOWS\ALCFDRTM.EXE
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\U-ABIT\uGuru\uGuru.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe
H:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Documents and Settings\Jamie\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Documents and Settings\Jamie\Local Settings\Application Data\Akamai\netsession_win.exe
H:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Documents and Settings\Jamie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jamie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jamie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jamie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jamie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;192.168.*.*;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - h:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: {74F6C5A9-0EAD-4a71-891E-376A838DF1F0} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120626202753.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - h:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {E8558D71-5E4E-4217-B608-D2F5D3623AE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ABIT uGuruIII] h:\program files\u-abit\uguru\uGuru.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Eye-Fi] "c:\program files\eye-fi\helper\EyeFiHelper.exe"
uRun: [HLBackupScheduler] h:\program files\backup assistant plus\V CAST Backup Scheduler.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\jamie\local settings\application data\akamai\netsession_win.exe"
uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "h:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "h:\program files\itunes\iTunesHelper.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\jamie\startm~1\programs\startup\onenot~1.lnk - h:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - h:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - h:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - h:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - h:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - h:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - h:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~1\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxps://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/58.10/uploader2.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342978884312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} - hxxp://www.servicemagic.com/smod/smdesktop.CAB
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.39.5/ttinst.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15033/CTPID.cab
DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - hxxp://yme.music.yahoo.com/qos/cabs/DiagCollectionControl.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EF7F19E6-D58C-46C3-870B-A8859A2BA165} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F399DE32-3E22-4A31-AAE5-7622315844C6} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - h:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - h:\progra~1\micros~1\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-2-22 464304]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [2008-1-18 241664]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-2-22 89792]
R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2007-10-6 14592]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-4-25 202296]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-12-28 95200]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-22 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-22 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-22 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-22 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-22 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-22 151880]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-8-10 227184]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-22 57600]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2012-7-20 1034240]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-22 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-22 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-22 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-2-22 83856]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-30 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-29 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-30 136176]
S3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.1;c:\windows\system32\drivers\libusb0.sys [2011-10-18 35392]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-2-22 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-22 87656]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;h:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER;c:\windows\system32\drivers\9kdUSBXP.sys [2006-12-28 16000]
S3 SSDefrag;SSDefrag;c:\windows\system32\drivers\SSDefrag.sys [2008-1-14 34560]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [2007-10-6 347648]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-28 03:52:57 -------- d-----w- c:\program files\Kaspersky Lab
2012-08-28 03:52:57 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2012-08-22 02:43:56 106496 --sha-r- c:\windows\system32\csrsrv2.dll
2012-08-16 02:24:43 78336 -c----w- c:\windows\system32\dllcache\browser.dll
2012-08-05 05:46:33 -------- d-----w- c:\windows\system32\Adobe
.
==================== Find3M ====================
.
2012-08-17 02:54:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-17 02:54:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 12:51:28 602112 ----a-w- c:\windows\system32\xvid.dll
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-07-02 01:23:28 78848 ----a-w- c:\windows\system32\dfboottime.exe
2012-06-27 02:14:52 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-06-06 15:49:52 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
.
============= FINISH: 17:18:32.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 31 August 2012 - 10:07 AM

Greetings ouchman and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ouchman

ouchman
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 31 August 2012 - 09:09 PM

Results of screen317's Security Check version 0.99.49
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
McAfee Anti-Virus and Anti-Spyware
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.62.0.1300
HijackThis 2.0.2
CCleaner
Java™ 6 Update 31
Java™ 6 Update 5
Java™ 6 Update 6
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 31 August 2012 - 09:24 PM

let me have the combofix report when it finishes


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ouchman

ouchman
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 31 August 2012 - 09:43 PM

ComboFix 12-08-31.08 - Jamie 08/31/2012 19:18:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2639 [GMT -7:00]
Running from: c:\documents and settings\Jamie\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
ADS - WINDOWS: deleted 72 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameK.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Friends\Local Settings\Application Data\._Revolution_
c:\documents and settings\Jamie\Application Data\9CD17F
c:\documents and settings\Jamie\Local Settings\Application Data\._Revolution_
c:\documents and settings\Jamie\WINDOWS
c:\windows\EventSystem.log
c:\windows\system32\AC2005DLL.dll
c:\windows\system32\Cache
c:\windows\system32\drivers\npf.sys
c:\windows\system32\logs
c:\windows\system32\logs\Settings.dat
c:\windows\system32\OGACheckControl.tmp
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
M:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-08-28 03:52 . 2012-08-28 03:52 -------- d-----w- c:\program files\Kaspersky Lab
2012-08-28 03:52 . 2012-08-28 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2012-08-22 18:10 . 2012-08-22 18:10 -------- d-----w- c:\documents and settings\Friends\Application Data\Flip Video
2012-08-22 02:43 . 2012-08-22 02:43 106496 --sha-r- c:\windows\system32\csrsrv2.dll
2012-08-16 02:24 . 2012-07-06 13:58 78336 -c----w- c:\windows\system32\dllcache\browser.dll
2012-08-05 05:46 . 2012-08-05 05:48 -------- d-----w- c:\windows\system32\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 02:54 . 2012-07-29 18:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-17 02:54 . 2011-05-22 01:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 12:51 . 2012-07-12 12:51 602112 ----a-w- c:\windows\system32\xvid.dll
2012-07-06 13:58 . 2007-09-24 04:34 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2007-10-06 20:05 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:46 . 2011-08-18 16:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2007-09-24 04:36 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2007-09-24 04:36 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 07:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 17:49 . 2004-08-04 07:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-07-02 01:23 . 2012-07-02 01:23 78848 ----a-w- c:\windows\system32\dfboottime.exe
2012-06-27 02:14 . 2012-06-27 02:14 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2007-09-24 04:35 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 15:50 . 2007-05-15 22:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 00:35 . 2007-09-24 04:35 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2007-09-24 04:35 152576 ----a-w- c:\windows\system32\schannel.dll
2011-04-14 21:01 . 2011-02-23 02:04 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuruIII"="h:\program files\U-ABIT\uGuru\uGuru.exe" [2007-04-12 425984]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]
"HLBackupScheduler"="h:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-07-09 7057032]
"Akamai NetSession Interface"="c:\documents and settings\Jamie\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-08-11 4440896]
"KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-26 202296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-04-05 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-03-09 252704]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BCSSync"="h:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Jamie\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - h:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - h:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-3-13 67128]
Logitech SetPoint.lnk - h:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-14 805392]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ dfboottime \??\c:\windows\System32\dfboottime.cfg\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2006-12-23 01:47 794688 ----a-r- h:\program files\Camera Assistant Software for ViewSonic\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"h:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"h:\\Program Files\\Curse\\CurseClient.exe"=
"h:\\Program Files\\Eye-Fi\\Eye-Fi Manager.exe"=
"h:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"h:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"h:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Jawbone\\JawboneUpdater.exe"=
"c:\\Documents and Settings\\Jamie\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer
"5910:TCP"= 5910:TCP:vnc5910
.
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [1/18/2008 11:07 AM 241664]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 7:13 PM 65584]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/22/2011 7:04 PM 89792]
R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [10/6/2007 6:22 PM 14592]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 12:56 AM 14336]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [5/6/2011 12:58 PM 1085440]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [4/25/2012 7:53 PM 202296]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/22/2011 7:03 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2/22/2011 7:03 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2/22/2011 7:04 PM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2/22/2011 7:04 PM 151880]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [8/10/2011 12:35 PM 227184]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/22/2011 7:04 PM 57600]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [7/20/2012 9:53 PM 1034240]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/22/2011 7:04 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/22/2011 7:04 PM 83856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2010 6:57 PM 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/28/2010 1:48 PM 95200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/29/2012 11:13 AM 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2010 6:57 PM 136176]
S3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.1;c:\windows\system32\drivers\libusb0.sys [10/18/2011 9:08 PM 35392]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/22/2011 7:04 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/22/2011 7:04 PM 87656]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;h:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER;c:\windows\system32\drivers\9kdUSBXP.sys [12/28/2006 6:50 AM 16000]
S3 SSDefrag;SSDefrag;c:\windows\system32\drivers\SSDefrag.sys [1/14/2008 3:32 PM 34560]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [10/6/2007 7:19 PM 347648]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 02:54]
.
2012-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-01 01:57]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-01 01:57]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-308236825-682003330-1007Core.job
- c:\documents and settings\Friends\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-05 02:02]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-308236825-682003330-1007UA.job
- c:\documents and settings\Friends\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-05 02:02]
.
2012-08-11 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2012-08-30 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2012-08-11 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2012-09-01 c:\windows\Tasks\PCHQMLCBZ.job
- c:\windows\system32\csrsrv2.dll [2012-08-22 02:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;192.168.*.*;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - h:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - h:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxps://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-31 19:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2012-08-31 19:25:42
ComboFix-quarantined-files.txt 2012-09-01 02:25
.
Pre-Run: 2,411,126,784 bytes free
Post-Run: 2,842,869,760 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BE020E2F2A9C5318E7C5F6233D76FB85

#6 ouchman

ouchman
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 31 August 2012 - 09:45 PM

gringo_pr,

I think it is fixed. I tested a search that redirected before and it looks like the redirect is gone. Thank you very much. Can you tell what corrupted my machine? I have McAffee running and run Malwarebytes Anti-Malware periodically. Do you suggest any other applications I should use?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 31 August 2012 - 09:47 PM

Greetings ouchman

That is good news that everything is back to normal but I would like to double check it first

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ouchman

ouchman
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 31 August 2012 - 10:15 PM

20:09:20.0156 3944 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:09:21.0578 3944 ============================================================
20:09:21.0578 3944 Current date / time: 2012/08/31 20:09:21.0578
20:09:21.0578 3944 SystemInfo:
20:09:21.0578 3944
20:09:21.0578 3944 OS Version: 5.1.2600 ServicePack: 3.0
20:09:21.0578 3944 Product type: Workstation
20:09:21.0578 3944 ComputerName: JFC2D
20:09:21.0578 3944 UserName: Jamie
20:09:21.0578 3944 Windows directory: C:\WINDOWS
20:09:21.0578 3944 System windows directory: C:\WINDOWS
20:09:21.0578 3944 Processor architecture: Intel x86
20:09:21.0578 3944 Number of processors: 2
20:09:21.0578 3944 Page size: 0x1000
20:09:21.0578 3944 Boot type: Normal boot
20:09:21.0578 3944 ============================================================
20:09:22.0343 3944 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:09:22.0343 3944 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:09:22.0359 3944 ============================================================
20:09:22.0359 3944 \Device\Harddisk0\DR0:
20:09:22.0359 3944 MBR partitions:
20:09:22.0359 3944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x627B5DD
20:09:22.0359 3944 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x627B61C, BlocksNum 0x9C263D
20:09:22.0359 3944 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6C3DC59, BlocksNum 0x61A7966
20:09:22.0359 3944 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xCDE55FE, BlocksNum 0x186480C3
20:09:22.0359 3944 \Device\Harddisk1\DR1:
20:09:22.0375 3944 MBR partitions:
20:09:22.0375 3944 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1388AFC
20:09:22.0375 3944 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1388B3B, BlocksNum 0xEA60942
20:09:22.0375 3944 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xFDE947D, BlocksNum 0x124F6C32
20:09:22.0375 3944 ============================================================
20:09:22.0406 3944 C: <-> \Device\Harddisk0\DR0\Partition1
20:09:22.0421 3944 D: <-> \Device\Harddisk0\DR0\Partition2
20:09:22.0437 3944 H: <-> \Device\Harddisk0\DR0\Partition3
20:09:22.0453 3944 V: <-> \Device\Harddisk0\DR0\Partition4
20:09:22.0453 3944 E: <-> \Device\Harddisk1\DR1\Partition1
20:09:22.0484 3944 M: <-> \Device\Harddisk1\DR1\Partition2
20:09:22.0515 3944 N: <-> \Device\Harddisk1\DR1\Partition3
20:09:22.0515 3944 ============================================================
20:09:22.0515 3944 Initialize success
20:09:22.0515 3944 ============================================================
20:09:35.0125 3492 ============================================================
20:09:35.0125 3492 Scan started
20:09:35.0125 3492 Mode: Manual;
20:09:35.0125 3492 ============================================================
20:09:35.0843 3492 ================ Scan system memory ========================
20:09:35.0843 3492 System memory - ok
20:09:35.0843 3492 ================ Scan services =============================
20:09:35.0953 3492 Abiosdsk - ok
20:09:35.0953 3492 abp480n5 - ok
20:09:35.0968 3492 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:09:35.0984 3492 ACPI - ok
20:09:36.0000 3492 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:09:36.0000 3492 ACPIEC - ok
20:09:36.0031 3492 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:09:36.0031 3492 AdobeFlashPlayerUpdateSvc - ok
20:09:36.0031 3492 adpu160m - ok
20:09:36.0046 3492 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:09:36.0046 3492 aec - ok
20:09:36.0062 3492 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:09:36.0062 3492 AFD - ok
20:09:36.0078 3492 Aha154x - ok
20:09:36.0078 3492 aic78u2 - ok
20:09:36.0078 3492 aic78xx - ok
20:09:36.0234 3492 [ 29584F02A43E427C4227E3B1D9FF1B22 ] Akamai c:\program files\common files\akamai/netsession_win_4f7fccd.dll
20:09:36.0234 3492 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584F02A43E427C4227E3B1D9FF1B22
20:09:36.0234 3492 Akamai ( HiddenFile.Multi.Generic ) - warning
20:09:36.0234 3492 Akamai - detected HiddenFile.Multi.Generic (1)
20:09:36.0265 3492 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:09:36.0265 3492 Alerter - ok
20:09:36.0281 3492 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:09:36.0281 3492 ALG - ok
20:09:36.0281 3492 AliIde - ok
20:09:36.0281 3492 amsint - ok
20:09:36.0343 3492 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:09:36.0343 3492 Apple Mobile Device - ok
20:09:36.0375 3492 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:09:36.0375 3492 AppMgmt - ok
20:09:36.0406 3492 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:09:36.0406 3492 Arp1394 - ok
20:09:36.0406 3492 asc - ok
20:09:36.0406 3492 asc3350p - ok
20:09:36.0406 3492 asc3550 - ok
20:09:36.0484 3492 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:09:36.0531 3492 aspnet_state - ok
20:09:36.0546 3492 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:09:36.0546 3492 AsyncMac - ok
20:09:36.0562 3492 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:09:36.0562 3492 atapi - ok
20:09:36.0562 3492 Atdisk - ok
20:09:36.0578 3492 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:09:36.0578 3492 Atmarpc - ok
20:09:36.0609 3492 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:09:36.0609 3492 AudioSrv - ok
20:09:36.0640 3492 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:09:36.0640 3492 audstub - ok
20:09:36.0656 3492 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:09:36.0656 3492 Beep - ok
20:09:36.0687 3492 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:09:36.0812 3492 BITS - ok
20:09:36.0875 3492 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:09:36.0875 3492 Bonjour Service - ok
20:09:36.0890 3492 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:09:36.0906 3492 Browser - ok
20:09:36.0921 3492 [ 57F28CB6EF478AB63F0853D41C0050AE ] c2scsi C:\WINDOWS\system32\drivers\c2scsi.sys
20:09:36.0937 3492 c2scsi - ok
20:09:36.0968 3492 catchme - ok
20:09:37.0000 3492 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:09:37.0000 3492 cbidf2k - ok
20:09:37.0015 3492 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:09:37.0015 3492 CCDECODE - ok
20:09:37.0031 3492 cd20xrnt - ok
20:09:37.0031 3492 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:09:37.0031 3492 Cdaudio - ok
20:09:37.0062 3492 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:09:37.0062 3492 Cdfs - ok
20:09:37.0062 3492 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:09:37.0062 3492 Cdrom - ok
20:09:37.0093 3492 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
20:09:37.0109 3492 cfwids - ok
20:09:37.0109 3492 Changer - ok
20:09:37.0140 3492 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:09:37.0140 3492 CiSvc - ok
20:09:37.0156 3492 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:09:37.0156 3492 ClipSrv - ok
20:09:37.0171 3492 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:37.0250 3492 clr_optimization_v2.0.50727_32 - ok
20:09:37.0296 3492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:09:37.0296 3492 clr_optimization_v4.0.30319_32 - ok
20:09:37.0296 3492 CmdIde - ok
20:09:37.0296 3492 COMSysApp - ok
20:09:37.0312 3492 Cpqarray - ok
20:09:37.0359 3492 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
20:09:37.0359 3492 Creative Service for CDROM Access - ok
20:09:37.0375 3492 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:09:37.0375 3492 CryptSvc - ok
20:09:37.0421 3492 [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv C:\Program Files\Creative\Shared Files\CTDevSrv.exe
20:09:37.0421 3492 CTDevice_Srv - ok
20:09:37.0453 3492 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
20:09:37.0453 3492 ctxusbm - ok
20:09:37.0453 3492 dac2w2k - ok
20:09:37.0453 3492 dac960nt - ok
20:09:37.0468 3492 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:09:37.0468 3492 DcomLaunch - ok
20:09:37.0515 3492 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:09:37.0515 3492 Dhcp - ok
20:09:37.0531 3492 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:09:37.0531 3492 Disk - ok
20:09:37.0578 3492 [ 7A1E8F722479EF934D71798AC3617ED7 ] DLABMFSM C:\WINDOWS\system32\DLA\DLABMFSM.SYS
20:09:37.0578 3492 DLABMFSM - ok
20:09:37.0578 3492 [ 2281B5C596C04645426B3771A3BD5657 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
20:09:37.0578 3492 DLABOIOM - ok
20:09:37.0593 3492 [ 43749294A1D9F22FE164A62C1A42919D ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
20:09:37.0593 3492 DLACDBHM - ok
20:09:37.0609 3492 [ 54A3F9EBD1DDC975736F8E18A9B8FCE9 ] DLADResM C:\WINDOWS\system32\DLA\DLADResM.SYS
20:09:37.0609 3492 DLADResM - ok
20:09:37.0625 3492 [ E0FBAF0146BFCEEC29F31F07452DB4AD ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
20:09:37.0625 3492 DLAIFS_M - ok
20:09:37.0625 3492 [ D3CE0C76496A5332032399639485774F ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
20:09:37.0640 3492 DLAOPIOM - ok
20:09:37.0640 3492 [ FCE1882364D4C324B937A841EF9C58AC ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
20:09:37.0640 3492 DLAPoolM - ok
20:09:37.0640 3492 [ 14183A8EFF683EB0C1774802578ED0F4 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
20:09:37.0640 3492 DLARTL_M - ok
20:09:37.0656 3492 [ 2EF8C92AB8411589387845F58534C7D9 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
20:09:37.0656 3492 DLAUDFAM - ok
20:09:37.0671 3492 [ A2096FD7B5037085A3DC580E2891D2C4 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
20:09:37.0671 3492 DLAUDF_M - ok
20:09:37.0671 3492 dmadmin - ok
20:09:37.0703 3492 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:09:37.0703 3492 dmboot - ok
20:09:37.0703 3492 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:09:37.0718 3492 dmio - ok
20:09:37.0718 3492 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:09:37.0718 3492 dmload - ok
20:09:37.0734 3492 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:09:37.0734 3492 dmserver - ok
20:09:37.0750 3492 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:09:37.0750 3492 DMusic - ok
20:09:37.0781 3492 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:09:37.0781 3492 Dnscache - ok
20:09:37.0796 3492 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:09:37.0796 3492 Dot3svc - ok
20:09:37.0812 3492 dpti2o - ok
20:09:37.0828 3492 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:09:37.0828 3492 drmkaud - ok
20:09:37.0843 3492 [ 1FB11E1EAC27668754FD18A079CCCFB3 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
20:09:37.0843 3492 drvmcdb - ok
20:09:37.0859 3492 [ 9628DFA16B1A47615C65318F8776F233 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
20:09:37.0859 3492 DRVNDDM - ok
20:09:37.0875 3492 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:09:37.0875 3492 EapHost - ok
20:09:37.0937 3492 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:09:37.0937 3492 ERSvc - ok
20:09:37.0968 3492 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:09:37.0968 3492 Eventlog - ok
20:09:38.0000 3492 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:09:38.0015 3492 EventSystem - ok
20:09:38.0031 3492 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:09:38.0031 3492 Fastfat - ok
20:09:38.0062 3492 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:09:38.0078 3492 FastUserSwitchingCompatibility - ok
20:09:38.0109 3492 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:09:38.0109 3492 Fdc - ok
20:09:38.0125 3492 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:09:38.0125 3492 Fips - ok
20:09:38.0156 3492 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:09:38.0171 3492 FLEXnet Licensing Service - ok
20:09:38.0234 3492 [ B8602C90D3C427D8A86CE60437615CF5 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
20:09:38.0234 3492 FlipShare Service - ok
20:09:38.0265 3492 [ AC5FB7094F31534594CAE48306972CBD ] FlipShareServer C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
20:09:38.0281 3492 FlipShareServer - ok
20:09:38.0296 3492 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:09:38.0296 3492 Flpydisk - ok
20:09:38.0328 3492 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:09:38.0328 3492 FltMgr - ok
20:09:38.0390 3492 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:09:38.0390 3492 FontCache3.0.0.0 - ok
20:09:38.0406 3492 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:09:38.0406 3492 Fs_Rec - ok
20:09:38.0406 3492 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:09:38.0406 3492 Ftdisk - ok
20:09:38.0421 3492 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:09:38.0421 3492 GEARAspiWDM - ok
20:09:38.0453 3492 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:09:38.0453 3492 Gpc - ok
20:09:38.0484 3492 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:09:38.0484 3492 gupdate - ok
20:09:38.0500 3492 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:09:38.0500 3492 gupdatem - ok
20:09:38.0515 3492 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:09:38.0515 3492 gusvc - ok
20:09:38.0531 3492 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:09:38.0546 3492 HDAudBus - ok
20:09:38.0593 3492 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:09:38.0593 3492 helpsvc - ok
20:09:38.0609 3492 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:09:38.0609 3492 HidServ - ok
20:09:38.0640 3492 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:09:38.0640 3492 hidusb - ok
20:09:38.0656 3492 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:09:38.0671 3492 hkmsvc - ok
20:09:38.0671 3492 hpn - ok
20:09:38.0703 3492 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:09:38.0703 3492 HTTP - ok
20:09:38.0718 3492 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:09:38.0734 3492 HTTPFilter - ok
20:09:38.0734 3492 i2omgmt - ok
20:09:38.0734 3492 i2omp - ok
20:09:38.0750 3492 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
20:09:38.0750 3492 i8042prt - ok
20:09:38.0796 3492 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:09:38.0812 3492 IDriverT - ok
20:09:38.0859 3492 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:09:38.0875 3492 idsvc - ok
20:09:38.0906 3492 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
20:09:38.0906 3492 IISADMIN - ok
20:09:38.0921 3492 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:09:38.0921 3492 Imapi - ok
20:09:38.0937 3492 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:09:38.0937 3492 ImapiService - ok
20:09:38.0937 3492 ini910u - ok
20:09:39.0078 3492 [ B29781B9A90CD55FC5D859C0B1C243BC ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:09:39.0093 3492 IntcAzAudAddService - ok
20:09:39.0109 3492 IntelIde - ok
20:09:39.0140 3492 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:09:39.0140 3492 intelppm - ok
20:09:39.0187 3492 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
20:09:39.0187 3492 IntuitUpdateService - ok
20:09:39.0218 3492 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
20:09:39.0218 3492 IntuitUpdateServiceV4 - ok
20:09:39.0234 3492 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:09:39.0234 3492 Ip6Fw - ok
20:09:39.0265 3492 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:09:39.0265 3492 IpFilterDriver - ok
20:09:39.0281 3492 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:09:39.0281 3492 IpInIp - ok
20:09:39.0296 3492 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:09:39.0296 3492 IpNat - ok
20:09:39.0343 3492 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:09:39.0359 3492 iPod Service - ok
20:09:39.0375 3492 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:09:39.0375 3492 IPSec - ok
20:09:39.0390 3492 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:09:39.0390 3492 IRENUM - ok
20:09:39.0390 3492 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:09:39.0390 3492 isapnp - ok
20:09:39.0453 3492 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:09:39.0453 3492 JavaQuickStarterService - ok
20:09:39.0468 3492 [ C995C0E8B4503FAC38793BB0236AD246 ] JGOGO C:\WINDOWS\system32\DRIVERS\JGOGO.sys
20:09:39.0468 3492 JGOGO - ok
20:09:39.0468 3492 [ 8F55EFD8B7D99465C16D06B345D50CA9 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
20:09:39.0468 3492 JRAID - ok
20:09:39.0484 3492 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:09:39.0484 3492 Kbdclass - ok
20:09:39.0500 3492 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:09:39.0500 3492 kbdhid - ok
20:09:39.0515 3492 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:09:39.0531 3492 kmixer - ok
20:09:39.0562 3492 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:09:39.0562 3492 KSecDD - ok
20:09:39.0593 3492 [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
20:09:39.0593 3492 KSS - ok
20:09:39.0609 3492 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:09:39.0609 3492 lanmanserver - ok
20:09:39.0640 3492 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:09:39.0640 3492 lanmanworkstation - ok
20:09:39.0640 3492 lbrtfdc - ok
20:09:39.0687 3492 [ A0F7DC0080E4F97DC97DE08B699E231B ] LBTServ C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
20:09:39.0687 3492 LBTServ - ok
20:09:39.0718 3492 [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
20:09:39.0718 3492 LHidFilt - ok
20:09:39.0750 3492 [ 05C10E70B437841F31E1BFA8812895BA ] libusb0 C:\WINDOWS\system32\DRIVERS\libusb0.sys
20:09:39.0750 3492 libusb0 - ok
20:09:39.0796 3492 [ BCDF72DCE41874B3AD9143D537B493B2 ] Linksys_adapter_H C:\WINDOWS\system32\DRIVERS\AE2500xp.sys
20:09:39.0828 3492 Linksys_adapter_H - ok
20:09:39.0859 3492 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:09:39.0859 3492 LmHosts - ok
20:09:39.0859 3492 [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
20:09:39.0859 3492 LMouFilt - ok
20:09:39.0890 3492 [ 44BAED93F652C9886BB9D68530A9AA69 ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
20:09:39.0890 3492 LVSrvLauncher - ok
20:09:39.0953 3492 [ 6C3D154FFF0A97A6C3D9F78D60C41655 ] McAfee SiteAdvisor Service c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
20:09:39.0953 3492 McAfee SiteAdvisor Service - ok
20:09:40.0015 3492 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
20:09:40.0015 3492 McComponentHostService - ok
20:09:40.0062 3492 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:09:40.0062 3492 McMPFSvc - ok
20:09:40.0062 3492 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:09:40.0062 3492 mcmscsvc - ok
20:09:40.0078 3492 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:09:40.0078 3492 McNaiAnn - ok
20:09:40.0093 3492 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:09:40.0093 3492 McNASvc - ok
20:09:40.0125 3492 [ B3CD9ADE1C2665124CA34125B331B0B4 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
20:09:40.0140 3492 McODS - ok
20:09:40.0156 3492 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:09:40.0156 3492 McProxy - ok
20:09:40.0171 3492 [ 593FA4C378818ECE76BA64A11AD56CF2 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:09:40.0171 3492 McShield - ok
20:09:40.0171 3492 MCSTRM - ok
20:09:40.0203 3492 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:09:40.0203 3492 Messenger - ok
20:09:40.0218 3492 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
20:09:40.0218 3492 mfeapfk - ok
20:09:40.0250 3492 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
20:09:40.0250 3492 mfeavfk - ok
20:09:40.0250 3492 mfeavfk01 - ok
20:09:40.0265 3492 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
20:09:40.0265 3492 mfebopk - ok
20:09:40.0265 3492 [ 7E1F8B1BDC8240F08BD358B3A466C005 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:09:40.0265 3492 mfefire - ok
20:09:40.0281 3492 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
20:09:40.0281 3492 mfefirek - ok
20:09:40.0296 3492 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
20:09:40.0312 3492 mfehidk - ok
20:09:40.0312 3492 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
20:09:40.0312 3492 mfendisk - ok
20:09:40.0312 3492 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
20:09:40.0312 3492 mfendiskmp - ok
20:09:40.0328 3492 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
20:09:40.0328 3492 mferkdet - ok
20:09:40.0343 3492 [ 070D3FAF2EAC417C59D8674A8752F7A6 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
20:09:40.0343 3492 mfetdi2k - ok
20:09:40.0359 3492 [ B10C4EFD40810C08F4B44DF2EFCB54F7 ] mfevtp C:\WINDOWS\system32\mfevtps.exe
20:09:40.0359 3492 mfevtp - ok
20:09:40.0421 3492 Microsoft SharePoint Workspace Audit Service - ok
20:09:40.0453 3492 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:09:40.0453 3492 mnmdd - ok
20:09:40.0468 3492 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:09:40.0468 3492 mnmsrvc - ok
20:09:40.0500 3492 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:09:40.0500 3492 Modem - ok
20:09:40.0546 3492 [ 98A10AC4257A3BA48C9611338544EE49 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
20:09:40.0546 3492 MotoHelper - ok
20:09:40.0546 3492 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:09:40.0546 3492 Mouclass - ok
20:09:40.0562 3492 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:09:40.0562 3492 mouhid - ok
20:09:40.0562 3492 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:09:40.0562 3492 MountMgr - ok
20:09:40.0562 3492 mraid35x - ok
20:09:40.0578 3492 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:09:40.0578 3492 MRxDAV - ok
20:09:40.0609 3492 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:09:40.0625 3492 MRxSmb - ok
20:09:40.0640 3492 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:09:40.0640 3492 MSDTC - ok
20:09:40.0640 3492 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:09:40.0640 3492 Msfs - ok
20:09:40.0640 3492 MSIServer - ok
20:09:40.0656 3492 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:09:40.0656 3492 MSKSSRV - ok
20:09:40.0671 3492 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:09:40.0671 3492 MSPCLOCK - ok
20:09:40.0687 3492 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:09:40.0687 3492 MSPQM - ok
20:09:40.0718 3492 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:09:40.0718 3492 mssmbios - ok
20:09:40.0734 3492 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:09:40.0734 3492 MSTEE - ok
20:09:40.0750 3492 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:09:40.0750 3492 Mup - ok
20:09:40.0781 3492 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:09:40.0781 3492 NABTSFEC - ok
20:09:40.0812 3492 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:09:40.0812 3492 napagent - ok
20:09:40.0828 3492 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:09:40.0828 3492 NDIS - ok
20:09:40.0875 3492 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:09:40.0875 3492 NdisIP - ok
20:09:40.0890 3492 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:09:40.0890 3492 NdisTapi - ok
20:09:40.0890 3492 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:09:40.0890 3492 Ndisuio - ok
20:09:40.0906 3492 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:09:40.0906 3492 NdisWan - ok
20:09:40.0921 3492 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:09:40.0921 3492 NDProxy - ok
20:09:40.0937 3492 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:09:40.0937 3492 NetBIOS - ok
20:09:40.0937 3492 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:09:40.0937 3492 NetBT - ok
20:09:40.0968 3492 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:09:40.0968 3492 NetDDE - ok
20:09:40.0968 3492 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:09:40.0968 3492 NetDDEdsdm - ok
20:09:41.0000 3492 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:09:41.0000 3492 Netlogon - ok
20:09:41.0015 3492 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:09:41.0015 3492 Netman - ok
20:09:41.0062 3492 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:09:41.0062 3492 NetTcpPortSharing - ok
20:09:41.0078 3492 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:09:41.0093 3492 NIC1394 - ok
20:09:41.0093 3492 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:09:41.0109 3492 Nla - ok
20:09:41.0109 3492 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:09:41.0125 3492 Npfs - ok
20:09:41.0156 3492 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:09:41.0156 3492 Ntfs - ok
20:09:41.0156 3492 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:09:41.0156 3492 NtLmSsp - ok
20:09:41.0187 3492 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:09:41.0187 3492 NtmsSvc - ok
20:09:41.0218 3492 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:09:41.0218 3492 Null - ok
20:09:41.0437 3492 [ ED9816DBAF6689542EA7D022631906A1 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:09:41.0640 3492 nv - ok
20:09:41.0656 3492 [ A2322C6207EBB0761A6C8CC9003EBACF ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
20:09:41.0656 3492 NVSvc - ok
20:09:41.0687 3492 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:09:41.0687 3492 NwlnkFlt - ok
20:09:41.0687 3492 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:09:41.0687 3492 NwlnkFwd - ok
20:09:41.0703 3492 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:09:41.0703 3492 ohci1394 - ok
20:09:41.0734 3492 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:09:41.0734 3492 ose - ok
20:09:41.0875 3492 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:09:41.0968 3492 osppsvc - ok
20:09:41.0984 3492 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
20:09:42.0000 3492 Parport - ok
20:09:42.0000 3492 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:09:42.0000 3492 PartMgr - ok
20:09:42.0031 3492 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:09:42.0031 3492 ParVdm - ok
20:09:42.0031 3492 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:09:42.0046 3492 PCI - ok
20:09:42.0046 3492 PCIDump - ok
20:09:42.0062 3492 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:09:42.0062 3492 PCIIde - ok
20:09:42.0078 3492 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:09:42.0078 3492 Pcmcia - ok
20:09:42.0078 3492 PDCOMP - ok
20:09:42.0078 3492 PDFRAME - ok
20:09:42.0078 3492 PDRELI - ok
20:09:42.0093 3492 PDRFRAME - ok
20:09:42.0093 3492 perc2 - ok
20:09:42.0093 3492 perc2hib - ok
20:09:42.0109 3492 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:09:42.0109 3492 PlugPlay - ok
20:09:42.0125 3492 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:09:42.0125 3492 PolicyAgent - ok
20:09:42.0125 3492 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:09:42.0125 3492 PptpMiniport - ok
20:09:42.0156 3492 [ 04F3971B70A7855F04D351AA4BEE7799 ] PQNTDrv C:\WINDOWS\system32\drivers\PQNTDrv.sys
20:09:42.0156 3492 PQNTDrv - ok
20:09:42.0156 3492 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:09:42.0156 3492 ProtectedStorage - ok
20:09:42.0187 3492 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:09:42.0187 3492 PSched - ok
20:09:42.0203 3492 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:09:42.0203 3492 Ptilink - ok
20:09:42.0218 3492 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:09:42.0218 3492 PxHelp20 - ok
20:09:42.0234 3492 ql1080 - ok
20:09:42.0234 3492 Ql10wnt - ok
20:09:42.0234 3492 ql12160 - ok
20:09:42.0234 3492 ql1240 - ok
20:09:42.0234 3492 ql1280 - ok
20:09:42.0250 3492 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:09:42.0250 3492 RasAcd - ok
20:09:42.0265 3492 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:09:42.0281 3492 RasAuto - ok
20:09:42.0281 3492 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:09:42.0281 3492 Rasl2tp - ok
20:09:42.0312 3492 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:09:42.0312 3492 RasMan - ok
20:09:42.0328 3492 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:09:42.0328 3492 RasPppoe - ok
20:09:42.0328 3492 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:09:42.0328 3492 Raspti - ok
20:09:42.0343 3492 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:09:42.0343 3492 Rdbss - ok
20:09:42.0343 3492 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:09:42.0343 3492 RDPCDD - ok
20:09:42.0359 3492 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:09:42.0359 3492 rdpdr - ok
20:09:42.0390 3492 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:09:42.0390 3492 RDPWD - ok
20:09:42.0421 3492 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:09:42.0421 3492 RDSessMgr - ok
20:09:42.0437 3492 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:09:42.0437 3492 redbook - ok
20:09:42.0484 3492 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:09:42.0484 3492 RemoteAccess - ok
20:09:42.0484 3492 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:09:42.0500 3492 RemoteRegistry - ok
20:09:42.0500 3492 RimUsb - ok
20:09:42.0531 3492 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:09:42.0531 3492 RimVSerPort - ok
20:09:42.0546 3492 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
20:09:42.0546 3492 ROOTMODEM - ok
20:09:42.0578 3492 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:09:42.0578 3492 RpcLocator - ok
20:09:42.0593 3492 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:09:42.0593 3492 RpcSs - ok
20:09:42.0625 3492 [ 0E11B35E972796042044BC27CE13B065 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
20:09:42.0625 3492 rspndr - ok
20:09:42.0640 3492 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:09:42.0656 3492 RSVP - ok
20:09:42.0687 3492 [ CF84B1F0E8B14D4120AAF9CF35CBB265 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
20:09:42.0687 3492 RTL8023xp - ok
20:09:42.0687 3492 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:09:42.0687 3492 SamSs - ok
20:09:42.0703 3492 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:09:42.0703 3492 SCardSvr - ok
20:09:42.0734 3492 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:09:42.0734 3492 Schedule - ok
20:09:42.0765 3492 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:09:42.0765 3492 Secdrv - ok
20:09:42.0765 3492 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:09:42.0781 3492 seclogon - ok
20:09:42.0796 3492 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:09:42.0796 3492 SENS - ok
20:09:42.0828 3492 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
20:09:42.0828 3492 Serial - ok
20:09:42.0859 3492 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:09:42.0859 3492 Sfloppy - ok
20:09:42.0890 3492 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:09:42.0890 3492 SharedAccess - ok
20:09:42.0906 3492 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:09:42.0906 3492 ShellHWDetection - ok
20:09:42.0906 3492 Simbad - ok
20:09:42.0937 3492 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:09:42.0937 3492 SLIP - ok
20:09:42.0953 3492 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
20:09:42.0953 3492 SMTPSVC - ok
20:09:42.0968 3492 [ D079068B720258EA3D0653ECAC2F9874 ] SNL320XP C:\WINDOWS\system32\DRIVERS\9kdUSBXP.sys
20:09:42.0968 3492 SNL320XP - ok
20:09:42.0968 3492 Sparrow - ok
20:09:43.0000 3492 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:09:43.0000 3492 splitter - ok
20:09:43.0015 3492 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:09:43.0015 3492 Spooler - ok
20:09:43.0031 3492 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:09:43.0031 3492 sr - ok
20:09:43.0062 3492 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:09:43.0062 3492 srservice - ok
20:09:43.0093 3492 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:09:43.0093 3492 Srv - ok
20:09:43.0125 3492 [ 615ADFB45F1882E2B79F4A66BD3E141A ] SSDefrag C:\WINDOWS\system32\drivers\SSDefrag.sys
20:09:43.0125 3492 SSDefrag - ok
20:09:43.0140 3492 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:09:43.0140 3492 SSDPSRV - ok
20:09:43.0171 3492 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
20:09:43.0171 3492 StillCam - ok
20:09:43.0187 3492 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:09:43.0187 3492 stisvc - ok
20:09:43.0218 3492 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:09:43.0218 3492 streamip - ok
20:09:43.0234 3492 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:09:43.0234 3492 swenum - ok
20:09:43.0250 3492 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:09:43.0250 3492 swmidi - ok
20:09:43.0250 3492 SwPrv - ok
20:09:43.0265 3492 symc810 - ok
20:09:43.0265 3492 symc8xx - ok
20:09:43.0265 3492 sym_hi - ok
20:09:43.0265 3492 sym_u3 - ok
20:09:43.0281 3492 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:09:43.0281 3492 sysaudio - ok
20:09:43.0296 3492 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:09:43.0296 3492 SysmonLog - ok
20:09:43.0312 3492 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:09:43.0312 3492 TapiSrv - ok
20:09:43.0359 3492 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:09:43.0359 3492 Tcpip - ok
20:09:43.0375 3492 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:09:43.0375 3492 TDPIPE - ok
20:09:43.0390 3492 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:09:43.0390 3492 TDTCP - ok
20:09:43.0406 3492 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:09:43.0406 3492 TermDD - ok
20:09:43.0421 3492 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:09:43.0421 3492 TermService - ok
20:09:43.0437 3492 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:09:43.0437 3492 Themes - ok
20:09:43.0453 3492 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:09:43.0468 3492 TlntSvr - ok
20:09:43.0468 3492 TosIde - ok
20:09:43.0484 3492 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:09:43.0484 3492 TrkWks - ok
20:09:43.0500 3492 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:09:43.0500 3492 Udfs - ok
20:09:43.0531 3492 [ C3CD138762AAB1797805C26BF5DEFCBE ] UGURU C:\WINDOWS\system32\drivers\uGuru.sys
20:09:43.0531 3492 UGURU - ok
20:09:43.0531 3492 ultra - ok
20:09:43.0562 3492 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:09:43.0562 3492 Update - ok
20:09:43.0578 3492 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:09:43.0593 3492 upnphost - ok
20:09:43.0609 3492 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:09:43.0609 3492 UPS - ok
20:09:43.0640 3492 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
20:09:43.0640 3492 USBAAPL - ok
20:09:43.0656 3492 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:09:43.0656 3492 usbaudio - ok
20:09:43.0656 3492 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:09:43.0656 3492 usbccgp - ok
20:09:43.0671 3492 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:09:43.0671 3492 usbehci - ok
20:09:43.0703 3492 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:09:43.0703 3492 usbhub - ok
20:09:43.0718 3492 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:09:43.0718 3492 usbprint - ok
20:09:43.0734 3492 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:09:43.0734 3492 usbscan - ok
20:09:43.0750 3492 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:09:43.0750 3492 USBSTOR - ok
20:09:43.0765 3492 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:09:43.0765 3492 usbuhci - ok
20:09:43.0796 3492 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
20:09:43.0796 3492 usbvideo - ok
20:09:43.0796 3492 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:09:43.0812 3492 VgaSave - ok
20:09:43.0812 3492 ViaIde - ok
20:09:43.0843 3492 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:09:43.0843 3492 VolSnap - ok
20:09:43.0875 3492 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:09:43.0875 3492 VSS - ok
20:09:43.0890 3492 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:09:43.0890 3492 W32Time - ok
20:09:43.0890 3492 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
20:09:43.0890 3492 W3SVC - ok
20:09:43.0921 3492 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:09:43.0921 3492 Wanarp - ok
20:09:43.0953 3492 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:09:43.0953 3492 Wdf01000 - ok
20:09:43.0953 3492 WDICA - ok
20:09:43.0968 3492 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:09:43.0968 3492 wdmaud - ok
20:09:43.0968 3492 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:09:43.0968 3492 WebClient - ok
20:09:44.0031 3492 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:09:44.0031 3492 winmgmt - ok
20:09:44.0062 3492 [ 01A3D371863250118591FB829EEC91AC ] WlanUIG C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
20:09:44.0078 3492 WlanUIG - ok
20:09:44.0093 3492 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:09:44.0109 3492 WmdmPmSN - ok
20:09:44.0125 3492 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:09:44.0140 3492 Wmi - ok
20:09:44.0171 3492 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:09:44.0171 3492 WmiApSrv - ok
20:09:44.0218 3492 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:09:44.0250 3492 WMPNetworkSvc - ok
20:09:44.0250 3492 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:09:44.0250 3492 WpdUsb - ok
20:09:44.0328 3492 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:09:44.0328 3492 WPFFontCache_v0400 - ok
20:09:44.0359 3492 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:09:44.0359 3492 WS2IFSL - ok
20:09:44.0390 3492 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:09:44.0390 3492 wscsvc - ok
20:09:44.0390 3492 WSearch - ok
20:09:44.0421 3492 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:09:44.0421 3492 WSTCODEC - ok
20:09:44.0437 3492 [ 365980DA5B43B397542429B0743E6226 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:09:44.0437 3492 wuauserv - ok
20:09:44.0453 3492 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:09:44.0453 3492 WudfPf - ok
20:09:44.0468 3492 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:09:44.0468 3492 WudfRd - ok
20:09:44.0484 3492 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:09:44.0484 3492 WudfSvc - ok
20:09:44.0500 3492 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:09:44.0531 3492 WZCSVC - ok
20:09:44.0562 3492 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:09:44.0562 3492 xmlprov - ok
20:09:44.0578 3492 ================ Scan global ===============================
20:09:44.0593 3492 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:09:44.0625 3492 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:09:44.0625 3492 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:09:44.0640 3492 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:09:44.0640 3492 [Global] - ok
20:09:44.0640 3492 ================ Scan MBR ==================================
20:09:44.0656 3492 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:09:44.0875 3492 \Device\Harddisk0\DR0 - ok
20:09:44.0890 3492 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
20:09:44.0890 3492 \Device\Harddisk1\DR1 - ok
20:09:44.0890 3492 ================ Scan VBR ==================================
20:09:44.0890 3492 [ 2CD6BB2782F98F73FCED51AE74A998F8 ] \Device\Harddisk0\DR0\Partition1
20:09:44.0890 3492 \Device\Harddisk0\DR0\Partition1 - ok
20:09:44.0906 3492 [ 8214CC423F9ED85D37055C83D6262F63 ] \Device\Harddisk0\DR0\Partition2
20:09:44.0906 3492 \Device\Harddisk0\DR0\Partition2 - ok
20:09:44.0921 3492 [ 7DEC8BD1634B5058CCAA28D58E05904E ] \Device\Harddisk0\DR0\Partition3
20:09:44.0921 3492 \Device\Harddisk0\DR0\Partition3 - ok
20:09:44.0937 3492 [ BEF7E76ABF4670C08E7317C9C65CCF19 ] \Device\Harddisk0\DR0\Partition4
20:09:44.0937 3492 \Device\Harddisk0\DR0\Partition4 - ok
20:09:44.0937 3492 [ A4A26C9F9FB602335D69D072D5743578 ] \Device\Harddisk1\DR1\Partition1
20:09:44.0937 3492 \Device\Harddisk1\DR1\Partition1 - ok
20:09:44.0937 3492 [ 3B23807E80BBA50C65BD053590CC843A ] \Device\Harddisk1\DR1\Partition2
20:09:44.0937 3492 \Device\Harddisk1\DR1\Partition2 - ok
20:09:44.0953 3492 [ 2F9CD95964C2655325427E01D9ABBC66 ] \Device\Harddisk1\DR1\Partition3
20:09:44.0953 3492 \Device\Harddisk1\DR1\Partition3 - ok
20:09:44.0953 3492 ============================================================
20:09:44.0953 3492 Scan finished
20:09:44.0953 3492 ============================================================
20:09:44.0968 5024 Detected object count: 1
20:09:44.0968 5024 Actual detected object count: 1
20:10:18.0359 5024 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:10:18.0359 5024 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 31 August 2012 - 10:29 PM

did you run the aswMBR report?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ouchman

ouchman
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 31 August 2012 - 11:10 PM

It is still running. It has been running for about an hour.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 31 August 2012 - 11:20 PM

give 15 more to see if it finishes and if don't go ahead and stop it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ouchman

ouchman
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 31 August 2012 - 11:23 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-31 20:15:56
-----------------------------
20:15:56.687 OS Version: Windows 5.1.2600 Service Pack 3
20:15:56.687 Number of processors: 2 586 0xF0B
20:15:56.687 ComputerName: JFC2D UserName: Jamie
20:15:57.265 Initialize success
20:33:16.656 AVAST engine defs: 12083102
20:33:46.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:33:46.265 Disk 0 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
20:33:46.265 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17
20:33:46.265 Disk 1 Vendor: ST3500630AS 3.AAE Size: 476940MB BusType: 3
20:33:46.281 Disk 0 MBR read successfully
20:33:46.281 Disk 0 MBR scan
20:33:46.328 Disk 0 Windows XP default MBR code
20:33:46.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 50422 MB offset 63
20:33:46.359 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 4996 MB offset 103265820
20:33:46.359 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 49999 MB offset 113499225
20:33:46.375 Disk 0 Partition - 00 0F Extended LBA 199824 MB offset 215897535
20:33:46.375 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 199824 MB offset 215897598
20:33:46.390 Disk 0 scanning sectors +625137345
20:33:46.484 Disk 0 scanning C:\WINDOWS\system32\drivers
20:33:57.359 Service scanning
20:34:34.875 Modules scanning
20:35:22.359 Disk 0 trace - called modules:
20:35:22.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
20:35:22.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0e6ab8]
20:35:22.406 3 CLASSPNP.SYS[b8118fd7] -> nt!IofCallDriver -> \Device\00000082[0x8b071e98]
20:35:22.406 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b0ead98]
20:35:23.859 AVAST engine scan C:\WINDOWS
20:35:46.984 AVAST engine scan C:\WINDOWS\system32
20:43:55.828 AVAST engine scan C:\WINDOWS\system32\drivers
20:44:17.703 AVAST engine scan C:\Documents and Settings\Jamie
21:07:24.125 AVAST engine scan C:\Documents and Settings\All Users
21:12:38.000 Scan finished successfully
21:22:07.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jamie\Desktop\MBR.dat"
21:22:07.781 The log file has been saved successfully to "C:\Documents and Settings\Jamie\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 31 August 2012 - 11:33 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\system32\csrsrv2.dll
c:\windows\Tasks\PCHQMLCBZ.job

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ouchman

ouchman
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 01 September 2012 - 12:40 AM

ComboFix 12-08-31.08 - Jamie 08/31/2012 22:21:59.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2372 [GMT -7:00]
Running from: c:\documents and settings\Jamie\Desktop\Bleeping\ComboFix.exe
Command switches used :: c:\documents and settings\Jamie\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\windows\system32\csrsrv2.dll"
"c:\windows\Tasks\PCHQMLCBZ.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\csrsrv2.dll
c:\windows\Tasks\PCHQMLCBZ.job
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-08-28 03:52 . 2012-08-28 03:52 -------- d-----w- c:\program files\Kaspersky Lab
2012-08-28 03:52 . 2012-08-28 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2012-08-22 18:10 . 2012-08-22 18:10 -------- d-----w- c:\documents and settings\Friends\Application Data\Flip Video
2012-08-16 02:24 . 2012-07-06 13:58 78336 -c----w- c:\windows\system32\dllcache\browser.dll
2012-08-05 05:46 . 2012-08-05 05:48 -------- d-----w- c:\windows\system32\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 02:54 . 2012-07-29 18:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-17 02:54 . 2011-05-22 01:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 12:51 . 2012-07-12 12:51 602112 ----a-w- c:\windows\system32\xvid.dll
2012-07-06 13:58 . 2007-09-24 04:34 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2007-10-06 20:05 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:46 . 2011-08-18 16:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2007-09-24 04:36 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2007-09-24 04:36 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 07:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 17:49 . 2004-08-04 07:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-07-02 01:23 . 2012-07-02 01:23 78848 ----a-w- c:\windows\system32\dfboottime.exe
2012-06-27 02:14 . 2012-06-27 02:14 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2007-09-24 04:35 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 15:50 . 2007-05-15 22:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 00:35 . 2007-09-24 04:35 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2007-09-24 04:35 152576 ----a-w- c:\windows\system32\schannel.dll
2011-04-14 21:01 . 2011-02-23 02:04 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-01_02.23.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-21 07:04 . 2012-09-01 05:27 224898 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuruIII"="h:\program files\U-ABIT\uGuru\uGuru.exe" [2007-04-12 425984]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]
"HLBackupScheduler"="h:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-07-09 7057032]
"Akamai NetSession Interface"="c:\documents and settings\Jamie\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-08-11 4440896]
"KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-26 202296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-04-05 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-03-09 252704]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BCSSync"="h:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Jamie\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - h:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - h:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-3-13 67128]
Logitech SetPoint.lnk - h:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-14 805392]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ dfboottime \??\c:\windows\System32\dfboottime.cfg\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2006-12-23 01:47 794688 ----a-r- h:\program files\Camera Assistant Software for ViewSonic\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"h:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"h:\\Program Files\\Curse\\CurseClient.exe"=
"h:\\Program Files\\Eye-Fi\\Eye-Fi Manager.exe"=
"h:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"h:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"h:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Jawbone\\JawboneUpdater.exe"=
"c:\\Documents and Settings\\Jamie\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer
"5910:TCP"= 5910:TCP:vnc5910
.
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [1/18/2008 11:07 AM 241664]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 7:13 PM 65584]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/22/2011 7:04 PM 89792]
R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [10/6/2007 6:22 PM 14592]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 12:56 AM 14336]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [5/6/2011 12:58 PM 1085440]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [4/25/2012 7:53 PM 202296]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/22/2011 7:03 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2/22/2011 7:03 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2/22/2011 7:04 PM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2/22/2011 7:04 PM 151880]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [8/10/2011 12:35 PM 227184]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/22/2011 7:04 PM 57600]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [7/20/2012 9:53 PM 1034240]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/22/2011 7:04 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/22/2011 7:04 PM 83856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2010 6:57 PM 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/28/2010 1:48 PM 95200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/29/2012 11:13 AM 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2010 6:57 PM 136176]
S3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.1;c:\windows\system32\drivers\libusb0.sys [10/18/2011 9:08 PM 35392]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/22/2011 7:04 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/22/2011 7:04 PM 87656]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;h:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER;c:\windows\system32\drivers\9kdUSBXP.sys [12/28/2006 6:50 AM 16000]
S3 SSDefrag;SSDefrag;c:\windows\system32\drivers\SSDefrag.sys [1/14/2008 3:32 PM 34560]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [10/6/2007 7:19 PM 347648]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 85346091
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - 85346091
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 02:54]
.
2012-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-01 01:57]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-01 01:57]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-308236825-682003330-1007Core.job
- c:\documents and settings\Friends\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-05 02:02]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-308236825-682003330-1007UA.job
- c:\documents and settings\Friends\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-05 02:02]
.
2012-08-11 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2012-08-30 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2012-08-11 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;192.168.*.*;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - h:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - h:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxps://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-31 22:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2012-08-31 22:30:00
ComboFix-quarantined-files.txt 2012-09-01 05:29
ComboFix2.txt 2012-09-01 02:25
.
Pre-Run: 2,899,808,256 bytes free
Post-Run: 2,877,739,008 bytes free
.
- - End Of File - - DE7D2ACF23391E9A21593923D1D7BD0B

I received a warning that real time scanning was still on. I did not realize that McAffee was started. I immediately stopped the real time scanning and then clicked ok. Then Combofix appeared to start correctly. The computer seems to be doing fine but have not really done much testing.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 01 September 2012 - 12:48 AM

Greetings ouchman


Now is the time to do the testing - so give it good workout



These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

J2SE Runtime Environment 5.0
Java™ 6 Update 31
Java™ 6 Update 5
Java™ 6 Update 6
Java™ 6 Update 7
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users