Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hooray! i've got a rootkit in my tcp/ip stack


  • This topic is locked This topic is locked
32 replies to this topic

#1 armymech666

armymech666

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 31 August 2012 - 06:32 PM

Hello all, my name is Dave! I am the proud new owner of a rootkit infection. My computer is insanely slow. The only reason I knew it was there is because combofix told me. Nothing else has found it. Please help me kill this thing!

Attached Files

  • Attached File  dds.txt   10.23KB   0 downloads

Edited by armymech666, 31 August 2012 - 07:00 PM.


BC AdBot (Login to Remove)

 


#2 armymech666

armymech666
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 31 August 2012 - 06:42 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.5.1
Run by asswipe at 19:40:53 on 2012-08-31
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.478.148 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\asswipe\My Documents\Downloads\tdsskiller.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\asswipe\My Documents\Downloads\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111208165643.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRun: [<NO NAME>]
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1316998345946
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{62964A5E-86C8-4F16-BDF4-C8C6E803C1EE} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxsrvc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\asswipe\application data\mozilla\firefox\profiles\83nccaoo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=0B4E6C08-5870-44E7-95EC-44B3C49D9E47&apn_ptnrs=&apn_sauid=33170911-83B5-4F6E-85A6-76B6B76055C1&apn_dtid=OSJ000&&q=
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - c78fab99-4e45-4380-a073-0735d898c897
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-12-8 436728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-12-8 88544]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-12-8 159320]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-8 145936]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-8-21 763840]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-12-8 171296]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-12-8 58456]
S2 navapel;Se2Bunic;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 rt2870;Dlcj_device;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-26 253088]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-8 85152]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 114144]
.
=============== Created Last 30 ================
.
2012-08-31 22:10:03 110080 ----a-r- c:\documents and settings\asswipe\application data\microsoft\installer\{adafc0b4-fc15-45d9-bab3-bc7a8829d0c4}\IconD7F16134.exe
2012-08-31 22:10:03 110080 ----a-r- c:\documents and settings\asswipe\application data\microsoft\installer\{adafc0b4-fc15-45d9-bab3-bc7a8829d0c4}\IconCF33A0CE.exe
2012-08-31 22:10:02 110080 ----a-r- c:\documents and settings\asswipe\application data\microsoft\installer\{adafc0b4-fc15-45d9-bab3-bc7a8829d0c4}\IconF7A21AF7.exe
2012-08-31 22:08:16 -------- d-----w- C:\sh4ldr
2012-08-31 22:08:16 -------- d-----w- c:\program files\Enigma Software Group
2012-08-31 22:07:14 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-08-31 22:06:54 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-08-31 00:54:11 -------- d-sha-r- C:\cmdcons
2012-08-31 00:50:42 98816 ----a-w- c:\windows\sed.exe
2012-08-31 00:50:42 518144 ----a-w- c:\windows\SWREG.exe
2012-08-31 00:50:42 256000 ----a-w- c:\windows\PEV.exe
2012-08-31 00:50:42 208896 ----a-w- c:\windows\MBR.exe
2012-08-31 00:45:46 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-08-31 00:45:05 -------- d-----w- c:\program files\Yontoo
2012-08-31 00:44:59 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2012-08-30 16:51:11 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2012-08-30 16:51:00 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-08-30 16:51:00 65536 ----a-w- c:\program files\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
.
==================== Find3M ====================
.
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E3D45] -> \Device\Harddisk0\DR0[0x85B8C030]
3 CLASSPNP[0xF76D005B] -> nt!IofCallDriver[0x804E3D45] -> \Device\00000076[0x85BE66E0]
5 ACPI[0xF7626620] -> nt!IofCallDriver[0x804E3D45] -> \Device\Ide\IdeDeviceP0T0L0-3[0x85BE67F8]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 19:41:16.04 ===============

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:25 AM

Posted 31 August 2012 - 11:53 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 armymech666

armymech666
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 01 September 2012 - 12:50 AM

Results of screen317's Security Check version 0.99.49
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee VirusScan Enterprise
McAfee Agent
`````````Anti-malware/Other Utilities Check:`````````
SpyHunter
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Java 2 Runtime Environment, SE v1.4.2_05
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.10 Flash Player out of Date!
Adobe Reader 6 Adobe Reader out of Date!
Mozilla Firefox (13.0)
````````Process Check: objlist.exe by Laurent````````
McAfee VirusScan Enterprise SHSTAT.EXE
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:25 AM

Posted 01 September 2012 - 12:58 AM

thank you for that report and let me have the combofix report when it is complete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 armymech666

armymech666
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 01 September 2012 - 01:50 AM

ComboFix 12-08-31.08 - asswipe 09/01/2012 2:34.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.478.167 [GMT -4:00]
Running from: c:\documents and settings\asswipe\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-08-31 22:10 . 2012-08-31 22:10 110080 ----a-r- c:\documents and settings\asswipe\Application Data\Microsoft\Installer\{ADAFC0B4-FC15-45D9-BAB3-BC7A8829D0C4}\IconD7F16134.exe
2012-08-31 22:10 . 2012-08-31 22:10 110080 ----a-r- c:\documents and settings\asswipe\Application Data\Microsoft\Installer\{ADAFC0B4-FC15-45D9-BAB3-BC7A8829D0C4}\IconCF33A0CE.exe
2012-08-31 22:10 . 2012-08-31 22:10 110080 ----a-r- c:\documents and settings\asswipe\Application Data\Microsoft\Installer\{ADAFC0B4-FC15-45D9-BAB3-BC7A8829D0C4}\IconF7A21AF7.exe
2012-08-31 22:08 . 2012-08-31 22:10 -------- d-----w- C:\sh4ldr
2012-08-31 22:08 . 2012-08-31 22:08 -------- d-----w- c:\program files\Enigma Software Group
2012-08-31 22:07 . 2012-08-31 22:10 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-08-31 22:06 . 2012-08-31 22:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-31 00:45 . 2012-08-31 00:45 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-08-31 00:45 . 2012-08-31 00:45 -------- d-----w- c:\program files\Yontoo
2012-08-31 00:44 . 2012-08-31 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-08-30 16:51 . 2011-12-08 21:56 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2012-08-30 16:51 . 2012-06-01 15:40 85472 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-08-30 16:51 . 2012-05-28 05:54 65536 ----a-w- c:\program files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2011-12-21 22:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-01 15:40 . 2012-08-30 16:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-31_02.25.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-01 06:14 . 2012-09-01 06:14 16384 c:\windows\Temp\Perflib_Perfdata_6b0.dat
+ 2012-09-01 05:55 . 2012-09-01 05:55 2660 c:\windows\SoftwareDistribution\EventCache\{D2D6BD1D-AB79-47F0-9579-1D971B2AC4C2}.bin
- 2012-08-30 21:57 . 2012-08-31 01:10 2660 c:\windows\SoftwareDistribution\EventCache\{D2D6BD1D-AB79-47F0-9579-1D971B2AC4C2}.bin
+ 2012-07-10 14:53 . 2012-08-31 22:15 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
- 2012-07-10 14:53 . 2012-07-10 14:53 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2012-08-31 22:07 . 2012-08-31 22:07 180696 c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla21.exe
+ 2012-08-31 22:15 . 2012-08-31 22:15 2288128 c:\windows\Installer\7b7919.msi
+ 2012-08-31 22:10 . 2012-08-31 22:10 2964992 c:\windows\Installer\7b7905.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 01:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-14 229438]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-04 286720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-09-26 98304]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\File Type Assistant\\tsassist.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/8/2011 5:56 PM 88544]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/8/2011 5:56 PM 145936]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [8/21/2012 3:29 PM 763840]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/26/2012 6:11 PM 253088]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [5/6/2011 4:57 PM 13904]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/8/2011 5:56 PM 85152]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 7:30 PM 114144]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 22:11]
.
2012-09-01 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-07-27 18:24]
.
2012-09-01 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2012-07-27 02:19]
.
2012-09-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-06-07 01:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=0B4E6C08-5870-44E7-95EC-44B3C49D9E47&apn_ptnrs=&apn_sauid=33170911-83B5-4F6E-85A6-76B6B76055C1&apn_dtid=OSJ000&&q=
FF - user.js: extentions.y2layers.installId - c78fab99-4e45-4380-a073-0735d898c897
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-01 02:42
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????X????|?????? ???B?????????????H<C? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-09-01 02:44:32
ComboFix-quarantined-files.txt 2012-09-01 06:44
ComboFix2.txt 2012-08-31 20:23
ComboFix3.txt 2012-08-31 02:28
.
Pre-Run: 73,502,191,616 bytes free
Post-Run: 73,682,477,056 bytes free
.
- - End Of File - - 3E3F41D432946C53DDAC432244DE57ED



After running combofix, it is still going really slow and getting "stuck" at random times while on the internet. Earlier today, I tried using combofix a couple of times and each time it would say that it fixed the problem, but it always came back saying it was still there.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:25 AM

Posted 01 September 2012 - 02:03 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 armymech666

armymech666
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 01 September 2012 - 09:18 AM

10:15:03.0890 0184 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:15:04.0281 0184 ============================================================
10:15:04.0281 0184 Current date / time: 2012/09/01 10:15:04.0281
10:15:04.0281 0184 SystemInfo:
10:15:04.0281 0184
10:15:04.0281 0184 OS Version: 5.1.2600 ServicePack: 2.0
10:15:04.0281 0184 Product type: Workstation
10:15:04.0281 0184 ComputerName: ASSWIPE-94CEDED
10:15:04.0296 0184 UserName: asswipe
10:15:04.0296 0184 Windows directory: C:\WINDOWS
10:15:04.0296 0184 System windows directory: C:\WINDOWS
10:15:04.0296 0184 Processor architecture: Intel x86
10:15:04.0296 0184 Number of processors: 1
10:15:04.0296 0184 Page size: 0x1000
10:15:04.0296 0184 Boot type: Normal boot
10:15:04.0296 0184 ============================================================
10:15:06.0390 0184 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:15:06.0406 0184 ============================================================
10:15:06.0406 0184 \Device\Harddisk0\DR0:
10:15:06.0406 0184 MBR partitions:
10:15:06.0406 0184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
10:15:06.0406 0184 ============================================================
10:15:06.0437 0184 C: <-> \Device\Harddisk0\DR0\Partition1
10:15:06.0437 0184 ============================================================
10:15:06.0437 0184 Initialize success
10:15:06.0437 0184 ============================================================
10:15:23.0781 1392 ============================================================
10:15:23.0781 1392 Scan started
10:15:23.0781 1392 Mode: Manual;
10:15:23.0781 1392 ============================================================
10:15:24.0812 1392 ================ Scan system memory ========================
10:15:24.0828 1392 System memory - ok
10:15:24.0828 1392 ================ Scan services =============================
10:15:24.0953 1392 Abiosdsk - ok
10:15:24.0984 1392 abp480n5 - ok
10:15:25.0046 1392 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:15:25.0046 1392 ACPI - ok
10:15:25.0078 1392 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:15:25.0093 1392 ACPIEC - ok
10:15:25.0156 1392 [ 459AC130C6AB892B1CD5D7544626EFC5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:15:25.0156 1392 AdobeFlashPlayerUpdateSvc - ok
10:15:25.0187 1392 adpu160m - ok
10:15:25.0234 1392 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:15:25.0250 1392 aec - ok
10:15:25.0296 1392 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:15:25.0312 1392 AFD - ok
10:15:25.0328 1392 Aha154x - ok
10:15:25.0343 1392 aic78u2 - ok
10:15:25.0375 1392 aic78xx - ok
10:15:25.0406 1392 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:15:25.0421 1392 Alerter - ok
10:15:25.0453 1392 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
10:15:25.0468 1392 ALG - ok
10:15:25.0484 1392 AliIde - ok
10:15:25.0500 1392 amdagp - ok
10:15:25.0515 1392 amsint - ok
10:15:25.0546 1392 AppMgmt - ok
10:15:25.0578 1392 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:15:25.0578 1392 Arp1394 - ok
10:15:25.0593 1392 asc - ok
10:15:25.0609 1392 asc3350p - ok
10:15:25.0625 1392 asc3550 - ok
10:15:25.0750 1392 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
10:15:25.0765 1392 aspnet_state - ok
10:15:25.0812 1392 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:15:25.0812 1392 AsyncMac - ok
10:15:25.0859 1392 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:15:25.0859 1392 atapi - ok
10:15:25.0875 1392 Atdisk - ok
10:15:25.0906 1392 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:15:25.0921 1392 Atmarpc - ok
10:15:25.0953 1392 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:15:25.0953 1392 AudioSrv - ok
10:15:25.0984 1392 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:15:25.0984 1392 audstub - ok
10:15:26.0062 1392 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:15:26.0062 1392 Beep - ok
10:15:26.0125 1392 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
10:15:26.0140 1392 BITS - ok
10:15:26.0187 1392 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
10:15:26.0187 1392 Browser - ok
10:15:26.0250 1392 [ 9EA1E669AFBAAB94E673CF68B37D1260 ] CAMCAUD C:\WINDOWS\system32\drivers\camcaud.sys
10:15:26.0265 1392 CAMCAUD - ok
10:15:26.0312 1392 [ C05F17EE176399A49EF1FE74F02F7E93 ] CAMCHALA C:\WINDOWS\system32\drivers\camchal.sys
10:15:26.0328 1392 CAMCHALA - ok
10:15:26.0421 1392 catchme - ok
10:15:26.0468 1392 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:15:26.0468 1392 cbidf2k - ok
10:15:26.0484 1392 cd20xrnt - ok
10:15:26.0531 1392 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:15:26.0531 1392 Cdaudio - ok
10:15:26.0578 1392 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:15:26.0593 1392 Cdfs - ok
10:15:26.0609 1392 cdr4_xp - ok
10:15:26.0656 1392 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:15:26.0671 1392 Cdrom - ok
10:15:26.0687 1392 Changer - ok
10:15:26.0718 1392 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:15:26.0718 1392 CiSvc - ok
10:15:26.0765 1392 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:15:26.0765 1392 ClipSrv - ok
10:15:26.0828 1392 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:15:26.0828 1392 CmBatt - ok
10:15:26.0843 1392 CmdIde - ok
10:15:26.0859 1392 cobbmservice - ok
10:15:26.0906 1392 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:15:26.0906 1392 Compbatt - ok
10:15:26.0937 1392 COMSysApp - ok
10:15:26.0984 1392 Cpqarray - ok
10:15:27.0031 1392 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:15:27.0046 1392 CryptSvc - ok
10:15:27.0062 1392 CrystalSysInfo - ok
10:15:27.0078 1392 dac2w2k - ok
10:15:27.0109 1392 dac960nt - ok
10:15:27.0171 1392 [ 5C83A4408604F737717AB96371201680 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:15:27.0187 1392 DcomLaunch - ok
10:15:27.0218 1392 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:15:27.0234 1392 Dhcp - ok
10:15:27.0281 1392 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:15:27.0281 1392 Disk - ok
10:15:27.0296 1392 dmadmin - ok
10:15:27.0437 1392 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:15:27.0484 1392 dmboot - ok
10:15:27.0562 1392 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:15:27.0562 1392 dmio - ok
10:15:27.0625 1392 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:15:27.0625 1392 dmload - ok
10:15:27.0671 1392 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
10:15:27.0687 1392 dmserver - ok
10:15:27.0734 1392 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:15:27.0734 1392 DMusic - ok
10:15:27.0765 1392 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:15:27.0765 1392 Dnscache - ok
10:15:27.0781 1392 dpti2o - ok
10:15:27.0859 1392 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:15:27.0859 1392 drmkaud - ok
10:15:27.0875 1392 DXEC02 - ok
10:15:27.0937 1392 [ 81B7808D3B5892388F33273119C2DC31 ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
10:15:27.0937 1392 eabfiltr - ok
10:15:27.0968 1392 [ 1BA14DA377B66278335D4B9E8824CD42 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys
10:15:27.0984 1392 eabusb - ok
10:15:28.0031 1392 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:15:28.0031 1392 ERSvc - ok
10:15:28.0156 1392 [ 2407B8164E966755BC6A4242FC9DE31E ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
10:15:28.0156 1392 esgiguard - ok
10:15:28.0218 1392 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
10:15:28.0234 1392 Eventlog - ok
10:15:28.0312 1392 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\system32\es.dll
10:15:28.0312 1392 EventSystem - ok
10:15:28.0343 1392 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:15:28.0359 1392 Fastfat - ok
10:15:28.0390 1392 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:15:28.0406 1392 FastUserSwitchingCompatibility - ok
10:15:28.0453 1392 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:15:28.0453 1392 Fdc - ok
10:15:28.0484 1392 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:15:28.0484 1392 Fips - ok
10:15:28.0515 1392 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:15:28.0515 1392 Flpydisk - ok
10:15:28.0562 1392 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:15:28.0562 1392 FltMgr - ok
10:15:28.0578 1392 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:15:28.0593 1392 Fs_Rec - ok
10:15:28.0609 1392 FTDIBUS - ok
10:15:28.0625 1392 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:15:28.0640 1392 Ftdisk - ok
10:15:28.0656 1392 gdrv - ok
10:15:28.0703 1392 [ 8210B0B16E674586D331E804F81635BD ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:15:28.0703 1392 GEARAspiWDM - ok
10:15:28.0734 1392 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:15:28.0734 1392 Gpc - ok
10:15:28.0828 1392 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:15:28.0828 1392 helpsvc - ok
10:15:28.0843 1392 HidServ - ok
10:15:28.0859 1392 hpn - ok
10:15:28.0953 1392 [ E7E0CF2E13994DAB2CE10DFEF25BF610 ] hpqwmi C:\Program Files\HPQ\SHARED\HPQWMI.exe
10:15:28.0953 1392 hpqwmi - ok
10:15:29.0031 1392 [ EECF0C3B62040F26C62B6579794C702E ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
10:15:29.0046 1392 HSFHWICH - ok
10:15:29.0125 1392 [ 4683B5D9566B8653D4580C407C8D0FBC ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
10:15:29.0203 1392 HSF_DP - ok
10:15:29.0265 1392 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:15:29.0265 1392 HTTP - ok
10:15:29.0328 1392 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:15:29.0343 1392 HTTPFilter - ok
10:15:29.0359 1392 i2omgmt - ok
10:15:29.0375 1392 i2omp - ok
10:15:29.0437 1392 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:15:29.0437 1392 i8042prt - ok
10:15:29.0515 1392 [ 7B46903F26A729E68DD73FF7955DFC83 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:15:29.0578 1392 ialm - ok
10:15:29.0609 1392 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:15:29.0609 1392 Imapi - ok
10:15:29.0640 1392 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:15:29.0656 1392 ImapiService - ok
10:15:29.0671 1392 ini910u - ok
10:15:29.0718 1392 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:15:29.0718 1392 IntelIde - ok
10:15:29.0734 1392 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:15:29.0750 1392 intelppm - ok
10:15:29.0781 1392 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:15:29.0781 1392 Ip6Fw - ok
10:15:29.0828 1392 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:15:29.0828 1392 IpFilterDriver - ok
10:15:29.0843 1392 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:15:29.0843 1392 IpInIp - ok
10:15:29.0890 1392 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:15:29.0890 1392 IpNat - ok
10:15:29.0968 1392 [ 5098D9C342CBA50CE16006086E919040 ] iPodService C:\Program Files\iPod\bin\iPodService.exe
10:15:29.0968 1392 iPodService - ok
10:15:30.0015 1392 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:15:30.0015 1392 IPSec - ok
10:15:30.0062 1392 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:15:30.0062 1392 IRENUM - ok
10:15:30.0125 1392 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:15:30.0125 1392 isapnp - ok
10:15:30.0218 1392 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
10:15:30.0218 1392 JavaQuickStarterService - ok
10:15:30.0265 1392 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:15:30.0265 1392 Kbdclass - ok
10:15:30.0312 1392 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:15:30.0312 1392 kmixer - ok
10:15:30.0375 1392 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:15:30.0375 1392 KSecDD - ok
10:15:30.0421 1392 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:15:30.0437 1392 lanmanserver - ok
10:15:30.0453 1392 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:15:30.0468 1392 lanmanworkstation - ok
10:15:30.0484 1392 lbrtfdc - ok
10:15:30.0531 1392 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:15:30.0531 1392 LmHosts - ok
10:15:30.0609 1392 [ 062D80F13D762F7BC2F38430D60F5048 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
10:15:30.0625 1392 McAfeeFramework - ok
10:15:30.0718 1392 [ 50182E471B44C7A0F63B46E2DEF08B0F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
10:15:30.0734 1392 McShield - ok
10:15:30.0796 1392 [ B15BB3AEF59158B4E1DDA5328C842713 ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
10:15:30.0812 1392 McTaskManager - ok
10:15:30.0843 1392 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:15:30.0859 1392 mdmxsdk - ok
10:15:30.0890 1392 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:15:30.0890 1392 Messenger - ok
10:15:30.0921 1392 [ C0D975D64C1AF8057F2D75B1297A6979 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
10:15:30.0921 1392 mfeapfk - ok
10:15:30.0968 1392 [ C169326049A8A03D5F905B34F5A65F8C ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
10:15:30.0968 1392 mfeavfk - ok
10:15:30.0984 1392 mfeavfk01 - ok
10:15:31.0015 1392 [ 50B0253B2484A306A20D8695C5AE5858 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
10:15:31.0015 1392 mfebopk - ok
10:15:31.0062 1392 [ 188B40866DB2AB8EF262FEBC65291687 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
10:15:31.0078 1392 mfehidk - ok
10:15:31.0125 1392 [ C1B30AF2E18E69BF8CEB39B33F32D3C1 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
10:15:31.0125 1392 mferkdet - ok
10:15:31.0156 1392 [ 97EF4CA122DDDA4781FF557E65DFB262 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
10:15:31.0156 1392 mfetdi2k - ok
10:15:31.0203 1392 [ 49C8E20D178BE981FF28523A942A570F ] mfevtp C:\WINDOWS\system32\mfevtps.exe
10:15:31.0203 1392 mfevtp - ok
10:15:31.0265 1392 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:15:31.0265 1392 mnmdd - ok
10:15:31.0312 1392 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:15:31.0312 1392 mnmsrvc - ok
10:15:31.0343 1392 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:15:31.0343 1392 Modem - ok
10:15:31.0375 1392 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:15:31.0375 1392 Mouclass - ok
10:15:31.0406 1392 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:15:31.0406 1392 MountMgr - ok
10:15:31.0468 1392 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:15:31.0484 1392 MozillaMaintenance - ok
10:15:31.0500 1392 mraid35x - ok
10:15:31.0546 1392 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:15:31.0562 1392 MRxDAV - ok
10:15:31.0609 1392 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:15:31.0640 1392 MRxSmb - ok
10:15:31.0687 1392 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:15:31.0687 1392 MSDTC - ok
10:15:31.0718 1392 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:15:31.0718 1392 Msfs - ok
10:15:31.0734 1392 MSIServer - ok
10:15:31.0765 1392 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:15:31.0765 1392 MSKSSRV - ok
10:15:31.0796 1392 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:15:31.0796 1392 MSPCLOCK - ok
10:15:31.0859 1392 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:15:31.0859 1392 MSPQM - ok
10:15:31.0921 1392 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:15:31.0921 1392 mssmbios - ok
10:15:31.0953 1392 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:15:31.0953 1392 Mup - ok
10:15:31.0984 1392 navapel - ok
10:15:32.0015 1392 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:15:32.0015 1392 NDIS - ok
10:15:32.0093 1392 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:15:32.0093 1392 NdisTapi - ok
10:15:32.0125 1392 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:15:32.0140 1392 Ndisuio - ok
10:15:32.0156 1392 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:15:32.0156 1392 NdisWan - ok
10:15:32.0187 1392 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:15:32.0187 1392 NDProxy - ok
10:15:32.0203 1392 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:15:32.0218 1392 NetBIOS - ok
10:15:32.0265 1392 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:15:32.0281 1392 NetBT - ok
10:15:32.0328 1392 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
10:15:32.0343 1392 NetDDE - ok
10:15:32.0359 1392 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:15:32.0359 1392 NetDDEdsdm - ok
10:15:32.0406 1392 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:15:32.0406 1392 Netlogon - ok
10:15:32.0453 1392 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
10:15:32.0468 1392 Netman - ok
10:15:32.0500 1392 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:15:32.0500 1392 NIC1394 - ok
10:15:32.0562 1392 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
10:15:32.0562 1392 Nla - ok
10:15:32.0593 1392 npapimon - ok
10:15:32.0625 1392 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:15:32.0625 1392 Npfs - ok
10:15:32.0671 1392 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:15:32.0703 1392 Ntfs - ok
10:15:32.0734 1392 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:15:32.0734 1392 NtLmSsp - ok
10:15:32.0796 1392 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:15:32.0828 1392 NtmsSvc - ok
10:15:32.0859 1392 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:15:32.0859 1392 Null - ok
10:15:32.0906 1392 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:15:32.0906 1392 NwlnkFlt - ok
10:15:32.0937 1392 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:15:32.0937 1392 NwlnkFwd - ok
10:15:32.0984 1392 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:15:33.0000 1392 ohci1394 - ok
10:15:33.0031 1392 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:15:33.0031 1392 Parport - ok
10:15:33.0062 1392 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:15:33.0062 1392 PartMgr - ok
10:15:33.0109 1392 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:15:33.0109 1392 ParVdm - ok
10:15:33.0140 1392 PCDCODEC - ok
10:15:33.0187 1392 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:15:33.0187 1392 PCI - ok
10:15:33.0203 1392 PCIDump - ok
10:15:33.0234 1392 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:15:33.0234 1392 PCIIde - ok
10:15:33.0265 1392 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:15:33.0265 1392 Pcmcia - ok
10:15:33.0281 1392 PDCOMP - ok
10:15:33.0312 1392 PDFRAME - ok
10:15:33.0328 1392 PDRELI - ok
10:15:33.0359 1392 PDRFRAME - ok
10:15:33.0375 1392 perc2 - ok
10:15:33.0390 1392 perc2hib - ok
10:15:33.0437 1392 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
10:15:33.0453 1392 PlugPlay - ok
10:15:33.0453 1392 pmshellsrv - ok
10:15:33.0468 1392 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:15:33.0468 1392 PolicyAgent - ok
10:15:33.0500 1392 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:15:33.0500 1392 PptpMiniport - ok
10:15:33.0515 1392 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:15:33.0515 1392 ProtectedStorage - ok
10:15:33.0531 1392 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:15:33.0531 1392 PSched - ok
10:15:33.0546 1392 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:15:33.0546 1392 Ptilink - ok
10:15:33.0562 1392 [ D7E32C33C08CCDBD21D47D291F30D35B ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:15:33.0562 1392 PxHelp20 - ok
10:15:33.0578 1392 ql1080 - ok
10:15:33.0593 1392 Ql10wnt - ok
10:15:33.0609 1392 ql12160 - ok
10:15:33.0609 1392 ql1240 - ok
10:15:33.0625 1392 ql1280 - ok
10:15:33.0656 1392 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:15:33.0656 1392 RasAcd - ok
10:15:33.0703 1392 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:15:33.0703 1392 RasAuto - ok
10:15:33.0718 1392 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:15:33.0718 1392 Rasl2tp - ok
10:15:33.0765 1392 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:15:33.0781 1392 RasMan - ok
10:15:33.0781 1392 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:15:33.0781 1392 RasPppoe - ok
10:15:33.0796 1392 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:15:33.0796 1392 Raspti - ok
10:15:33.0875 1392 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:15:33.0875 1392 Rdbss - ok
10:15:33.0906 1392 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:15:33.0906 1392 RDPCDD - ok
10:15:33.0968 1392 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:15:33.0968 1392 RDPWD - ok
10:15:34.0031 1392 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:15:34.0031 1392 RDSessMgr - ok
10:15:34.0062 1392 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:15:34.0062 1392 redbook - ok
10:15:34.0109 1392 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:15:34.0109 1392 RemoteAccess - ok
10:15:34.0125 1392 ROCKEYNT - ok
10:15:34.0171 1392 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
10:15:34.0171 1392 RpcLocator - ok
10:15:34.0218 1392 [ 5C83A4408604F737717AB96371201680 ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:15:34.0234 1392 RpcSs - ok
10:15:34.0312 1392 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:15:34.0328 1392 RSVP - ok
10:15:34.0343 1392 rt2870 - ok
10:15:34.0406 1392 [ 1E7978C5E355407EFDFC7B7328EF13E7 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
10:15:34.0406 1392 RTL8023xp - ok
10:15:34.0406 1392 rtl8139 - ok
10:15:34.0437 1392 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
10:15:34.0437 1392 SamSs - ok
10:15:34.0500 1392 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:15:34.0500 1392 SCardSvr - ok
10:15:34.0562 1392 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:15:34.0578 1392 Schedule - ok
10:15:34.0625 1392 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:15:34.0625 1392 sdbus - ok
10:15:34.0656 1392 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:15:34.0656 1392 Secdrv - ok
10:15:34.0687 1392 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
10:15:34.0687 1392 seclogon - ok
10:15:34.0718 1392 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
10:15:34.0718 1392 SENS - ok
10:15:34.0765 1392 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
10:15:34.0765 1392 Serial - ok
10:15:34.0781 1392 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:15:34.0796 1392 Sfloppy - ok
10:15:34.0890 1392 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:15:34.0906 1392 SharedAccess - ok
10:15:34.0937 1392 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:15:34.0953 1392 ShellHWDetection - ok
10:15:34.0968 1392 Simbad - ok
10:15:35.0000 1392 Sparrow - ok
10:15:35.0031 1392 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:15:35.0031 1392 splitter - ok
10:15:35.0062 1392 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:15:35.0062 1392 Spooler - ok
10:15:35.0218 1392 [ 2FE97C829ACCF0ACFC595CF33EA42247 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
10:15:35.0250 1392 SpyHunter 4 Service - ok
10:15:35.0296 1392 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:15:35.0296 1392 sr - ok
10:15:35.0328 1392 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
10:15:35.0343 1392 srservice - ok
10:15:35.0375 1392 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:15:35.0390 1392 Srv - ok
10:15:35.0437 1392 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:15:35.0437 1392 SSDPSRV - ok
10:15:35.0468 1392 ssoftservice - ok
10:15:35.0484 1392 stac97 - ok
10:15:35.0546 1392 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:15:35.0562 1392 stisvc - ok
10:15:35.0593 1392 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:15:35.0593 1392 swenum - ok
10:15:35.0640 1392 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:15:35.0640 1392 swmidi - ok
10:15:35.0671 1392 SwPrv - ok
10:15:35.0687 1392 symc810 - ok
10:15:35.0718 1392 symc8xx - ok
10:15:35.0734 1392 sym_hi - ok
10:15:35.0765 1392 sym_u3 - ok
10:15:35.0828 1392 [ 1A8E6B04907687A8EED75C8031B679FD ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:15:35.0828 1392 SynTP - ok
10:15:35.0890 1392 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:15:35.0890 1392 sysaudio - ok
10:15:35.0953 1392 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:15:35.0953 1392 SysmonLog - ok
10:15:36.0031 1392 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:15:36.0031 1392 TapiSrv - ok
10:15:36.0078 1392 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:15:36.0093 1392 Tcpip - ok
10:15:36.0125 1392 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:15:36.0140 1392 TDPIPE - ok
10:15:36.0171 1392 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:15:36.0171 1392 TDTCP - ok
10:15:36.0203 1392 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:15:36.0203 1392 TermDD - ok
10:15:36.0265 1392 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
10:15:36.0265 1392 TermService - ok
10:15:36.0312 1392 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:15:36.0312 1392 Themes - ok
10:15:36.0359 1392 [ E947A092B5E7B3B8FDC66F6D7A770000 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
10:15:36.0375 1392 tifm21 - ok
10:15:36.0390 1392 tiwlnsvc - ok
10:15:36.0421 1392 TosIde - ok
10:15:36.0453 1392 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:15:36.0468 1392 TrkWks - ok
10:15:36.0531 1392 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:15:36.0531 1392 Udfs - ok
10:15:36.0562 1392 ultra - ok
10:15:36.0609 1392 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:15:36.0609 1392 Update - ok
10:15:36.0671 1392 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
10:15:36.0671 1392 upnphost - ok
10:15:36.0703 1392 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
10:15:36.0703 1392 UPS - ok
10:15:36.0765 1392 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:15:36.0765 1392 usbehci - ok
10:15:36.0796 1392 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:15:36.0812 1392 usbhub - ok
10:15:36.0859 1392 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:15:36.0859 1392 USBSTOR - ok
10:15:36.0875 1392 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:15:36.0890 1392 usbuhci - ok
10:15:36.0906 1392 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:15:36.0906 1392 VgaSave - ok
10:15:36.0921 1392 ViaIde - ok
10:15:36.0968 1392 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:15:36.0968 1392 VolSnap - ok
10:15:37.0031 1392 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
10:15:37.0046 1392 VSS - ok
10:15:37.0281 1392 [ 960CE9B896750CC02FE5F1103CC23460 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
10:15:37.0484 1392 w29n51 - ok
10:15:37.0531 1392 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
10:15:37.0546 1392 W32Time - ok
10:15:37.0578 1392 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:15:37.0578 1392 Wanarp - ok
10:15:37.0593 1392 WDICA - ok
10:15:37.0656 1392 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:15:37.0656 1392 wdmaud - ok
10:15:37.0687 1392 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:15:37.0687 1392 WebClient - ok
10:15:37.0765 1392 [ 2A8C145E9E9E63B0071DA4F35544AB9D ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:15:37.0812 1392 winachsf - ok
10:15:37.0906 1392 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:15:37.0921 1392 winmgmt - ok
10:15:38.0031 1392 [ C086483E3DBA8C1C0A687EC8D5B3D4C1 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:15:38.0031 1392 WmdmPmSN - ok
10:15:38.0046 1392 wmi - ok
10:15:38.0109 1392 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:15:38.0109 1392 WmiAcpi - ok
10:15:38.0171 1392 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:15:38.0171 1392 WmiApSrv - ok
10:15:38.0218 1392 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:15:38.0218 1392 WS2IFSL - ok
10:15:38.0265 1392 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:15:38.0281 1392 wscsvc - ok
10:15:38.0312 1392 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:15:38.0328 1392 wuauserv - ok
10:15:38.0375 1392 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:15:38.0406 1392 WZCSVC - ok
10:15:38.0421 1392 XFX_program - ok
10:15:38.0500 1392 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:15:38.0500 1392 xmlprov - ok
10:15:38.0531 1392 z525bus - ok
10:15:38.0562 1392 ================ Scan global ===============================
10:15:38.0609 1392 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
10:15:38.0656 1392 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
10:15:38.0703 1392 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
10:15:38.0734 1392 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
10:15:38.0734 1392 [Global] - ok
10:15:38.0750 1392 ================ Scan MBR ==================================
10:15:38.0765 1392 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:15:39.0234 1392 \Device\Harddisk0\DR0 - ok
10:15:39.0250 1392 ================ Scan VBR ==================================
10:15:39.0250 1392 [ 17C3F44FBFEDD0A94838F93620E04FCB ] \Device\Harddisk0\DR0\Partition1
10:15:39.0250 1392 \Device\Harddisk0\DR0\Partition1 - ok
10:15:39.0265 1392 ============================================================
10:15:39.0265 1392 Scan finished
10:15:39.0265 1392 ============================================================
10:15:39.0281 3236 Detected object count: 0
10:15:39.0281 3236 Actual detected object count: 0

#9 armymech666

armymech666
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 01 September 2012 - 09:39 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-01 10:19:22
-----------------------------
10:19:22.406 OS Version: Windows 5.1.2600 Service Pack 2
10:19:22.406 Number of processors: 1 586 0xD08
10:19:22.406 ComputerName: ASSWIPE-94CEDED UserName: asswipe
10:19:23.781 Initialize success
10:29:40.343 AVAST engine defs: 12090100
10:30:16.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:30:16.015 Disk 0 Vendor: ST9808210A 3.02 Size: 76319MB BusType: 3
10:30:16.031 Disk 0 MBR read successfully
10:30:16.046 Disk 0 MBR scan
10:30:16.671 Disk 0 Windows XP default MBR code
10:30:16.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
10:30:17.515 Disk 0 scanning sectors +156280320
10:30:17.906 Disk 0 scanning C:\WINDOWS\system32\drivers
10:30:43.140 Service scanning
10:31:09.187 Modules scanning
10:31:18.203 Disk 0 trace - called modules:
10:31:18.265 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:31:18.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b6aab8]
10:31:18.843 3 CLASSPNP.SYS[f76d005b] -> nt!IofCallDriver -> \Device\00000077[0x85be2210]
10:31:18.859 5 ACPI.sys[f7626620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85be2328]
10:31:22.171 AVAST engine scan C:\WINDOWS
10:31:33.140 AVAST engine scan C:\WINDOWS\system32
10:33:56.734 AVAST engine scan C:\WINDOWS\system32\drivers
10:34:14.125 AVAST engine scan C:\Documents and Settings\asswipe
10:36:47.046 AVAST engine scan C:\Documents and Settings\All Users
10:36:55.906 Scan finished successfully
10:37:49.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\asswipe\Desktop\MBR.dat"
10:37:49.375 The log file has been saved successfully to "C:\Documents and Settings\asswipe\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:25 AM

Posted 01 September 2012 - 11:49 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 armymech666

armymech666
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 01 September 2012 - 12:13 PM

OTL logfile created on: 9/1/2012 1:05:32 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\asswipe\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.42 Mb Total Physical Memory | 156.93 Mb Available Physical Memory | 32.80% Memory free
1.10 Gb Paging File | 0.71 Gb Available in Paging File | 64.71% Paging File free
Paging file location(s): c:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 68.55 Gb Free Space | 91.98% Space Free | Partition Type: NTFS

Computer Name: ASSWIPE-94CEDED | User Name: asswipe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\asswipe\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard )
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll ()
MOD - C:\Program Files\McAfee\Common Framework\ccme_base.dll ()
MOD - C:\Program Files\McAfee\Common Framework\cryptocme2.dll ()


========== Services (SafeList) ==========

SRV - (z525bus) -- %systemroot%\system32\emclisrv.dll File not found
SRV - (XFX_program) -- %systemroot%\system32\VRADFIL.dll File not found
SRV - (wmi) -- %systemroot%\system32\Alpham2.dll File not found
SRV - (transactional) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
SRV - (tiwlnsvc) -- %systemroot%\system32\se45mgmt.dll File not found
SRV - (stac97) -- %systemroot%\system32\ibmfilter.dll File not found
SRV - (ssoftservice) -- %systemroot%\system32\pdscheduler.dll File not found
SRV - (rt2870) -- %systemroot%\system32\QWAVEDRV.dll File not found
SRV - (ROCKEYNT) -- %systemroot%\system32\marvinbus.dll File not found
SRV - (pmshellsrv) -- %systemroot%\system32\pxhelp20.dll File not found
SRV - (PCDCODEC) -- %systemroot%\system32\ptilink.dll File not found
SRV - (npapimon) -- %systemroot%\system32\lxdmCATSCustConnectService.dll File not found
SRV - (navapel) -- %systemroot%\system32\BCM42RLY.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (gdrv) -- %systemroot%\system32\npapimon.dll File not found
SRV - (FTDIBUS) -- %systemroot%\system32\symredrv.dll File not found
SRV - (DXEC02) -- %systemroot%\system32\xcomm.dll File not found
SRV - (CrystalSysInfo) -- %systemroot%\system32\MailService.dll File not found
SRV - (cobbmservice) -- %systemroot%\system32\LPCFilter.dll File not found
SRV - (cdr4_xp) -- %systemroot%\system32\smartlinkservice.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (amdagp) -- %systemroot%\system32\Cinemsup.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (rtl8139) -- system32\DRIVERS\RTL8139.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mfeavfk01) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\asswipe\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\DOCUME~1\asswipe\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)
DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-1326574676-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
IE - HKU\S-1-5-21-1060284298-1326574676-1417001333-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1060284298-1326574676-1417001333-1004\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-1060284298-1326574676-1417001333-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=0B4E6C08-5870-44E7-95EC-44B3C49D9E47&apn_sauid=33170911-83B5-4F6E-85A6-76B6B76055C1
IE - HKU\S-1-5-21-1060284298-1326574676-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=0B4E6C08-5870-44E7-95EC-44B3C49D9E47&apn_ptnrs=&apn_sauid=33170911-83B5-4F6E-85A6-76B6B76055C1&apn_dtid=OSJ000&&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/30 12:51:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/09/25 20:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\asswipe\Application Data\Mozilla\Extensions
[2012/08/30 20:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions
[2012/08/30 12:51:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/30 20:45:07 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com
[2012/07/10 10:53:57 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\searchplugins\askcom.xml
[2012/08/30 12:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/30 12:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/08/30 12:50:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/01 11:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/30 22:25:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111208165643.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1060284298-1326574676-1417001333-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\IMKR6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-1326574676-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-1326574676-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-1326574676-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-1326574676-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1316998345946 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62964A5E-86C8-4F16-BDF4-C8C6E803C1EE}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\asswipe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\asswipe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/25 22:49:50 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/31 18:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\asswipe\Start Menu\Programs\SpyHunter
[2012/08/31 18:08:16 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/08/31 18:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/31 18:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/08/30 20:54:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/08/30 20:50:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/30 20:50:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/30 20:50:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/30 20:50:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/30 20:49:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/08/30 20:49:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\asswipe\Start Menu\Programs\Administrative Tools
[2012/08/30 20:45:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/08/30 20:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/08/30 20:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/01 13:10:02 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/09/01 11:14:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/01 10:37:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\asswipe\Desktop\MBR.dat
[2012/09/01 10:08:20 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2012/09/01 10:08:20 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2012/09/01 10:08:08 | 501,731,328 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/01 10:08:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/31 19:35:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\asswipe\defogger_reenable
[2012/08/31 18:10:00 | 000,001,977 | ---- | M] () -- C:\Documents and Settings\asswipe\Desktop\SpyHunter.lnk
[2012/08/30 22:25:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/30 20:54:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/08/30 12:51:05 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\asswipe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/30 12:51:05 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/08/19 18:55:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/04 13:35:49 | 000,047,424 | ---- | M] () -- C:\Documents and Settings\asswipe\Desktop\396850_495788697113343_507913670_n.jpg
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/01 10:37:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\asswipe\Desktop\MBR.dat
[2012/08/31 19:35:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\asswipe\defogger_reenable
[2012/08/31 18:10:00 | 000,001,977 | ---- | C] () -- C:\Documents and Settings\asswipe\Desktop\SpyHunter.lnk
[2012/08/30 20:54:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/08/30 20:54:14 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/08/30 20:50:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/30 20:50:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/30 20:50:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/30 20:50:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/30 20:50:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/04 13:35:40 | 000,047,424 | ---- | C] () -- C:\Documents and Settings\asswipe\Desktop\396850_495788697113343_507913670_n.jpg
[2011/12/21 06:25:19 | 000,018,352 | -HS- | C] () -- C:\Documents and Settings\asswipe\Local Settings\Application Data\cmjmj1jw60dg852sn143pq4h73k1x
[2011/12/21 06:25:19 | 000,018,352 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\cmjmj1jw60dg852sn143pq4h73k1x
[2011/09/25 22:49:04 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/09/25 22:27:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/25 22:19:31 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/25 20:57:28 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/25 15:11:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/25 15:07:41 | 000,166,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:25 AM

Posted 01 September 2012 - 12:26 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-1060284298-1326574676-1417001333-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-1060284298-1326574676-1417001333-1004\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    IE - HKU\S-1-5-21-1060284298-1326574676-1417001333-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=0B4E6C08-5870-44E7-95EC-44B3C49D9E47&apn_sauid=33170911-83B5-4F6E-85A6-76B6B76055C1
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=0B4E6C08-5870-44E7-95EC-44B3C49D9E47&apn_ptnrs=&apn_sauid=33170911-83B5-4F6E-85A6-76B6B76055C1&apn_dtid=OSJ000&&q="
    [2012/08/30 20:45:07 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com
    [2012/07/10 10:53:57 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\searchplugins\askcom.xml
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-1060284298-1326574676-1417001333-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    [2012/08/30 20:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
    [2012/08/30 20:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
    [2011/12/21 06:25:19 | 000,018,352 | -HS- | C] () -- C:\Documents and Settings\asswipe\Local Settings\Application Data\cmjmj1jw60dg852sn143pq4h73k1x
    [2011/12/21 06:25:19 | 000,018,352 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\cmjmj1jw60dg852sn143pq4h73k1x
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 armymech666

armymech666
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 01 September 2012 - 12:47 PM

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1060284298-1326574676-1417001333-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
HKEY_USERS\S-1-5-21-1060284298-1326574676-1417001333-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1060284298-1326574676-1417001333-1004\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=0B4E6C08-5870-44E7-95EC-44B3C49D9E47&apn_ptnrs=&apn_sauid=33170911-83B5-4F6E-85A6-76B6B76055C1&apn_dtid=OSJ000&&q=" removed from keyword.URL
Folder move failed. C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com\skin scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com\locale scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com\content scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com scheduled to be moved on reboot.
C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-1326574676-1417001333-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
C:\Program Files\Yontoo folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Cache folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer folder moved successfully.
C:\Documents and Settings\asswipe\Local Settings\Application Data\cmjmj1jw60dg852sn143pq4h73k1x moved successfully.
C:\Documents and Settings\All Users\Application Data\cmjmj1jw60dg852sn143pq4h73k1x moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\asswipe\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\asswipe\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: asswipe

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: asswipe
->Flash cache emptied: 94520 bytes

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 6530 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 09012012_133642

Files\Folders moved on Reboot...
C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Documents and Settings\asswipe\Application Data\Mozilla\Firefox\Profiles\83nccaoo.default\extensions\plugin@yontoo.com folder moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





Went to a couple of webpages and it is still acting up like before. Pages load fine but then lag when trying to do anything else.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:25 AM

Posted 01 September 2012 - 01:04 PM

In which browsers does this happen in?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 armymech666

armymech666
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 01 September 2012 - 01:10 PM

i mainly us firefox but I just tried IE and it seems to be doing the same things




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users