Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mystart.incredibar.com/


  • This topic is locked This topic is locked
19 replies to this topic

#1 zestylemons

zestylemons

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North West, UK
  • Local time:01:20 PM

Posted 19 September 2012 - 10:57 AM

Hi

I was trying to download the black mesa HL game (finally) and even though I unchecked every 'install this as well' box I still seem to have installed the mystart.incerdibar.com. I have run rkill and mbam and it's still there. I seem to have cleaned it from IE and firefox but it keeps com ing back in to chrome. I am unsure if that has 'reinfected' firefox and IE but it doesn't appear to.

Please help me get shut of it. below are logs etc FYI

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Chris at 8:23:33 on 2012-09-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1209 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\AirPrint\airprint.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Edimax\PCIE Wireless LAN\RtWLan.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Drive\googledrivesync.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No File
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [ABBYY Screenshot Reader Retail] c:\program files\abbyy screenshot reader\ScreenShotReader.exe -autorun
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [SonicWALLNetExtender] c:\program files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI -clearReboot
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [Pinnacle WebUpdater] "c:\program files\pinnacle\shared files\programs\webupdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\edimax~1.lnk - c:\program files\edimax\pcie wireless lan\RtWLan.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: landmarkinfo.co.uk
Trusted Zone: promap.co.uk
Trusted Zone: promapserver.co.uk
DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} - hxxps://www.promapserver.co.uk/controls/latest/promap.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1306406381961
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://89.249.64.43/NELX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2613AA83-ADE8-4B60-AEEA-3870D7826252} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9DB5B6D0-B5AA-4A51-9638-011854AA86B3} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\d1xkjgpw.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files\abbyy screenshot reader\NetworkLicenseServer.exe [2008-10-16 759072]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-3-31 913792]
R2 AirPrint;AirPrint;c:\program files\airprint\airprint.exe -s --> c:\program files\airprint\airprint.exe -s [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-22 2253120]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-8-31 2754984]
R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [2012-4-13 22600]
R3 PinnacleRoyalTS;Pinnacle Systems RoyalTS Device;c:\windows\system32\drivers\RoyalTS.sys [2012-6-17 124544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-2 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [2011-5-26 24424]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250568]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-2 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-11 114144]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-10-21 18432]
S3 RTL8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2011-5-26 574880]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-6-7 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-6-7 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-6-7 114728]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
SUnknown Wdf0imgrrth;Wdf0imgrrth; [x]
UnknownUnknown AVGIDSHX;AVGIDSHX; [x]
UnknownUnknown AVGIDSShim;AVGIDSShim; [x]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-09-17 11:45:46 -------- d-sha-r- C:\cmdcons
2012-09-17 11:38:29 98816 ----a-w- c:\windows\sed.exe
2012-09-17 11:38:29 518144 ----a-w- c:\windows\SWREG.exe
2012-09-17 11:38:29 256000 ----a-w- c:\windows\PEV.exe
2012-09-17 11:38:29 208896 ----a-w- c:\windows\MBR.exe
2012-09-17 04:09:27 -------- d-----w- c:\program files\Perion
2012-09-13 09:17:29 -------- d-----w- c:\documents and settings\chris\local settings\application data\Deployment
2012-09-13 08:24:09 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-09-13 08:24:01 -------- d-----w- c:\documents and settings\chris\application data\iolo
2012-09-13 08:24:01 -------- d-----w- c:\documents and settings\all users\application data\iolo
2012-09-07 13:51:53 192600 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-08-22 11:08:19 -------- d-----w- c:\documents and settings\chris\application data\IObit
.
==================== Find3M ====================
.
2012-09-07 16:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 14:09:51 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 14:09:50 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 8:24:15.20 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-18 16:33:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3320620AS rev.3.ADG
Running: h2qi330b.exe; Driver: C:\DOCUME~1\Chris\LOCALS~1\Temp\awgcikob.sys


---- Kernel code sections - GMER 1.0.15 ----

? Combo-Fix.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7123380, 0x8D6CD5, 0xE8000020]
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Chris\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7217 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7149 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E701A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E707C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E727A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70DE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1040] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1040] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1040] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1040] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7217 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1040] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7149 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1040] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1040] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E701A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1040] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E707C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1040] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E727A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1040] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70DE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1040] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1040] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E757F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[1148] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1424] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1424] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1424] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7217 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1424] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7149 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1424] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1424] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E701A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1424] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E707C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1424] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E727A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1424] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70DE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011C0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1624] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 013F7B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1624] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 013F7B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1624] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 011C3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1624] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 013F7AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE[2304] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 326050B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE[2304] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 330CE11A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7217 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7149 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E701A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E707C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E727A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70DE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E757F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----


16:37:50.0156 7188 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:37:50.0281 7188 ============================================================
16:37:50.0281 7188 Current date / time: 2012/09/18 16:37:50.0281
16:37:50.0281 7188 SystemInfo:
16:37:50.0281 7188
16:37:50.0281 7188 OS Version: 5.1.2600 ServicePack: 3.0
16:37:50.0281 7188 Product type: Workstation
16:37:50.0281 7188 ComputerName: PWL-5D9C3A86B12
16:37:50.0281 7188 UserName: Chris
16:37:50.0281 7188 Windows directory: C:\WINDOWS
16:37:50.0281 7188 System windows directory: C:\WINDOWS
16:37:50.0281 7188 Processor architecture: Intel x86
16:37:50.0281 7188 Number of processors: 2
16:37:50.0281 7188 Page size: 0x1000
16:37:50.0281 7188 Boot type: Normal boot
16:37:50.0281 7188 ============================================================
16:37:50.0906 7188 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:37:50.0968 7188 ============================================================
16:37:50.0968 7188 \Device\Harddisk0\DR0:
16:37:50.0984 7188 MBR partitions:
16:37:50.0984 7188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
16:37:50.0984 7188 ============================================================
16:37:51.0000 7188 C: <-> \Device\Harddisk0\DR0\Partition1
16:37:51.0000 7188 ============================================================
16:37:51.0000 7188 Initialize success
16:37:51.0000 7188 ============================================================
16:38:13.0062 7272 ============================================================
16:38:13.0062 7272 Scan started
16:38:13.0062 7272 Mode: Manual; TDLFS;
16:38:13.0062 7272 ============================================================
16:38:13.0390 7272 ================ Scan system memory ========================
16:38:13.0390 7272 System memory - ok
16:38:13.0390 7272 ================ Scan services =============================
16:38:13.0468 7272 [ F9C202597DD9340260DF2482500DFCF9 ] ABBYY.Licensing.FineReader.ScreenshotReader.9.0 C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
16:38:13.0468 7272 ABBYY.Licensing.FineReader.ScreenshotReader.9.0 - ok
16:38:13.0515 7272 Abiosdsk - ok
16:38:13.0515 7272 abp480n5 - ok
16:38:13.0531 7272 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:38:13.0546 7272 ACPI - ok
16:38:13.0562 7272 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:38:13.0578 7272 ACPIEC - ok
16:38:13.0609 7272 [ D3FD36C3DAB82CD4C85A4BD9A6538A6B ] ADM8511 C:\WINDOWS\system32\DRIVERS\NET8511.SYS
16:38:13.0609 7272 ADM8511 - ok
16:38:13.0656 7272 [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
16:38:13.0656 7272 Adobe LM Service - ok
16:38:13.0703 7272 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:38:13.0703 7272 AdobeFlashPlayerUpdateSvc - ok
16:38:13.0718 7272 adpu160m - ok
16:38:13.0781 7272 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
16:38:13.0796 7272 AdvancedSystemCareService5 - ok
16:38:13.0828 7272 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:38:13.0828 7272 aec - ok
16:38:13.0843 7272 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:38:13.0843 7272 AegisP - ok
16:38:13.0875 7272 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:38:13.0875 7272 AFD - ok
16:38:13.0875 7272 Aha154x - ok
16:38:13.0875 7272 aic78u2 - ok
16:38:13.0890 7272 aic78xx - ok
16:38:13.0906 7272 AirPrint - ok
16:38:13.0921 7272 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:38:13.0921 7272 Alerter - ok
16:38:13.0937 7272 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:38:13.0937 7272 ALG - ok
16:38:13.0937 7272 AliIde - ok
16:38:13.0953 7272 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
16:38:13.0953 7272 AmdPPM - ok
16:38:13.0968 7272 amsint - ok
16:38:14.0015 7272 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:38:14.0015 7272 Apple Mobile Device - ok
16:38:14.0046 7272 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:38:14.0046 7272 AppMgmt - ok
16:38:14.0062 7272 [ 875F9079CABEE679D34B49E466B61701 ] ASAPIW2k C:\WINDOWS\system32\drivers\ASAPIW2k.sys
16:38:14.0062 7272 ASAPIW2k - ok
16:38:14.0078 7272 asc - ok
16:38:14.0078 7272 asc3350p - ok
16:38:14.0093 7272 asc3550 - ok
16:38:14.0156 7272 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:38:14.0156 7272 aspnet_state - ok
16:38:14.0171 7272 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:38:14.0171 7272 AsyncMac - ok
16:38:14.0203 7272 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:38:14.0203 7272 atapi - ok
16:38:14.0203 7272 Atdisk - ok
16:38:14.0218 7272 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:38:14.0218 7272 Atmarpc - ok
16:38:14.0234 7272 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:38:14.0234 7272 AudioSrv - ok
16:38:14.0250 7272 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:38:14.0250 7272 audstub - ok
16:38:14.0281 7272 [ EA2D28BBE98256654397CD1F6EAEBDD8 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
16:38:14.0281 7272 Autodesk Licensing Service - ok
16:38:14.0343 7272 [ DE68EF1CCB345DE3C13C5EC9D1EB0CE5 ] Autodesk Network Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
16:38:14.0359 7272 Autodesk Network Licensing Service - ok
16:38:14.0390 7272 [ 78E7B52DA292FA90BAD2F887BBF22159 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
16:38:14.0390 7272 bcm4sbxp - ok
16:38:14.0437 7272 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
16:38:14.0437 7272 BcmSqlStartupSvc - ok
16:38:14.0453 7272 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:38:14.0453 7272 Beep - ok
16:38:14.0484 7272 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:38:14.0500 7272 BITS - ok
16:38:14.0531 7272 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:38:14.0531 7272 Bonjour Service - ok
16:38:14.0578 7272 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:38:14.0578 7272 Browser - ok
16:38:14.0578 7272 catchme - ok
16:38:14.0625 7272 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:38:14.0625 7272 cbidf2k - ok
16:38:14.0640 7272 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:38:14.0640 7272 CCDECODE - ok
16:38:14.0656 7272 cd20xrnt - ok
16:38:14.0656 7272 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:38:14.0656 7272 Cdaudio - ok
16:38:14.0687 7272 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:38:14.0687 7272 Cdfs - ok
16:38:14.0703 7272 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:38:14.0703 7272 Cdrom - ok
16:38:14.0703 7272 Changer - ok
16:38:14.0734 7272 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:38:14.0734 7272 CiSvc - ok
16:38:14.0765 7272 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:38:14.0765 7272 ClipSrv - ok
16:38:14.0796 7272 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:38:14.0796 7272 clr_optimization_v2.0.50727_32 - ok
16:38:14.0828 7272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:38:14.0828 7272 clr_optimization_v4.0.30319_32 - ok
16:38:14.0828 7272 CmdIde - ok
16:38:14.0843 7272 COMSysApp - ok
16:38:14.0843 7272 Cpqarray - ok
16:38:14.0859 7272 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:38:14.0859 7272 CryptSvc - ok
16:38:14.0859 7272 dac2w2k - ok
16:38:14.0875 7272 dac960nt - ok
16:38:14.0906 7272 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:38:14.0906 7272 DcomLaunch - ok
16:38:14.0937 7272 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:38:14.0937 7272 Dhcp - ok
16:38:14.0953 7272 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:38:14.0953 7272 Disk - ok
16:38:14.0953 7272 dmadmin - ok
16:38:14.0984 7272 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:38:15.0000 7272 dmboot - ok
16:38:15.0000 7272 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:38:15.0000 7272 dmio - ok
16:38:15.0015 7272 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:38:15.0015 7272 dmload - ok
16:38:15.0031 7272 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:38:15.0031 7272 dmserver - ok
16:38:15.0062 7272 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:38:15.0062 7272 DMusic - ok
16:38:15.0078 7272 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:38:15.0078 7272 Dnscache - ok
16:38:15.0093 7272 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:38:15.0093 7272 Dot3svc - ok
16:38:15.0109 7272 dpti2o - ok
16:38:15.0109 7272 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:38:15.0109 7272 drmkaud - ok
16:38:15.0125 7272 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:38:15.0125 7272 EapHost - ok
16:38:15.0140 7272 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:38:15.0140 7272 ERSvc - ok
16:38:15.0171 7272 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:38:15.0171 7272 Eventlog - ok
16:38:15.0171 7272 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:38:15.0187 7272 EventSystem - ok
16:38:15.0218 7272 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:38:15.0218 7272 Fastfat - ok
16:38:15.0234 7272 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:38:15.0250 7272 FastUserSwitchingCompatibility - ok
16:38:15.0250 7272 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:38:15.0250 7272 Fdc - ok
16:38:15.0265 7272 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:38:15.0265 7272 Fips - ok
16:38:15.0281 7272 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:38:15.0281 7272 Flpydisk - ok
16:38:15.0296 7272 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:38:15.0296 7272 FltMgr - ok
16:38:15.0328 7272 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:38:15.0328 7272 FontCache3.0.0.0 - ok
16:38:15.0343 7272 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:38:15.0343 7272 Fs_Rec - ok
16:38:15.0343 7272 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:38:15.0343 7272 Ftdisk - ok
16:38:15.0390 7272 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:38:15.0390 7272 GEARAspiWDM - ok
16:38:15.0406 7272 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:38:15.0406 7272 Gpc - ok
16:38:15.0453 7272 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:38:15.0453 7272 gupdate - ok
16:38:15.0468 7272 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:38:15.0468 7272 gupdatem - ok
16:38:15.0500 7272 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:38:15.0500 7272 gusvc - ok
16:38:15.0546 7272 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:38:15.0546 7272 HDAudBus - ok
16:38:15.0578 7272 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:38:15.0578 7272 helpsvc - ok
16:38:15.0593 7272 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:38:15.0609 7272 HidServ - ok
16:38:15.0625 7272 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:38:15.0625 7272 hidusb - ok
16:38:15.0640 7272 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:38:15.0656 7272 hkmsvc - ok
16:38:15.0656 7272 hpn - ok
16:38:15.0687 7272 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:38:15.0687 7272 HTTP - ok
16:38:15.0718 7272 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:38:15.0718 7272 HTTPFilter - ok
16:38:15.0734 7272 i2omgmt - ok
16:38:15.0734 7272 i2omp - ok
16:38:15.0750 7272 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
16:38:15.0750 7272 i8042prt - ok
16:38:15.0828 7272 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:38:15.0859 7272 idsvc - ok
16:38:15.0875 7272 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:38:15.0875 7272 Imapi - ok
16:38:15.0906 7272 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:38:15.0906 7272 ImapiService - ok
16:38:15.0921 7272 ini910u - ok
16:38:15.0921 7272 IntelIde - ok
16:38:15.0953 7272 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:38:15.0953 7272 Ip6Fw - ok
16:38:15.0968 7272 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:38:15.0968 7272 IpFilterDriver - ok
16:38:15.0968 7272 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:38:15.0968 7272 IpInIp - ok
16:38:15.0984 7272 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:38:16.0000 7272 IpNat - ok
16:38:16.0046 7272 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:38:16.0062 7272 iPod Service - ok
16:38:16.0093 7272 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:38:16.0093 7272 IPSec - ok
16:38:16.0125 7272 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:38:16.0125 7272 IRENUM - ok
16:38:16.0140 7272 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:38:16.0140 7272 isapnp - ok
16:38:16.0171 7272 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:38:16.0171 7272 JavaQuickStarterService - ok
16:38:16.0187 7272 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:38:16.0187 7272 Kbdclass - ok
16:38:16.0203 7272 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:38:16.0203 7272 kbdhid - ok
16:38:16.0203 7272 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:38:16.0203 7272 kmixer - ok
16:38:16.0218 7272 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:38:16.0218 7272 KSecDD - ok
16:38:16.0250 7272 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
16:38:16.0250 7272 LanmanServer - ok
16:38:16.0281 7272 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:38:16.0281 7272 lanmanworkstation - ok
16:38:16.0281 7272 lbrtfdc - ok
16:38:16.0312 7272 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:38:16.0312 7272 LmHosts - ok
16:38:16.0343 7272 [ C5EFBD05A5195402121711A6EBBB271F ] LVUSBSta C:\WINDOWS\system32\drivers\lvusbsta.sys
16:38:16.0343 7272 LVUSBSta - ok
16:38:16.0359 7272 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:38:16.0359 7272 Messenger - ok
16:38:16.0421 7272 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:38:16.0421 7272 Microsoft Office Groove Audit Service - ok
16:38:16.0468 7272 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:38:16.0468 7272 mnmdd - ok
16:38:16.0484 7272 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:38:16.0484 7272 mnmsrvc - ok
16:38:16.0500 7272 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:38:16.0500 7272 Modem - ok
16:38:16.0515 7272 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:38:16.0515 7272 Mouclass - ok
16:38:16.0531 7272 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:38:16.0531 7272 mouhid - ok
16:38:16.0546 7272 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:38:16.0546 7272 MountMgr - ok
16:38:16.0578 7272 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:38:16.0578 7272 MozillaMaintenance - ok
16:38:16.0609 7272 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
16:38:16.0609 7272 MPE - ok
16:38:16.0609 7272 mraid35x - ok
16:38:16.0640 7272 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:38:16.0640 7272 MRxDAV - ok
16:38:16.0687 7272 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:38:16.0687 7272 MRxSmb - ok
16:38:16.0718 7272 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:38:16.0718 7272 MSDTC - ok
16:38:16.0734 7272 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:38:16.0734 7272 Msfs - ok
16:38:16.0734 7272 MSIServer - ok
16:38:16.0750 7272 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:38:16.0750 7272 MSKSSRV - ok
16:38:16.0796 7272 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:38:16.0796 7272 MSPCLOCK - ok
16:38:16.0812 7272 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:38:16.0812 7272 MSPQM - ok
16:38:16.0859 7272 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:38:16.0859 7272 mssmbios - ok
16:38:16.0921 7272 MSSQL$MSSMLBIZ - ok
16:38:16.0953 7272 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:38:16.0953 7272 MSSQLServerADHelper - ok
16:38:16.0984 7272 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:38:16.0984 7272 MSTEE - ok
16:38:17.0015 7272 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:38:17.0015 7272 Mup - ok
16:38:17.0031 7272 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:38:17.0031 7272 NABTSFEC - ok
16:38:17.0062 7272 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:38:17.0062 7272 napagent - ok
16:38:17.0062 7272 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:38:17.0078 7272 NDIS - ok
16:38:17.0093 7272 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:38:17.0093 7272 NdisIP - ok
16:38:17.0109 7272 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:38:17.0109 7272 NdisTapi - ok
16:38:17.0140 7272 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:38:17.0140 7272 Ndisuio - ok
16:38:17.0156 7272 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:38:17.0156 7272 NdisWan - ok
16:38:17.0171 7272 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:38:17.0171 7272 NDProxy - ok
16:38:17.0218 7272 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys
16:38:17.0218 7272 Netaapl - ok
16:38:17.0218 7272 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:38:17.0218 7272 NetBIOS - ok
16:38:17.0250 7272 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:38:17.0250 7272 NetBT - ok
16:38:17.0265 7272 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:38:17.0265 7272 NetDDE - ok
16:38:17.0265 7272 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:38:17.0281 7272 NetDDEdsdm - ok
16:38:17.0296 7272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:38:17.0296 7272 Netlogon - ok
16:38:17.0296 7272 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:38:17.0312 7272 Netman - ok
16:38:17.0343 7272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:38:17.0343 7272 NetTcpPortSharing - ok
16:38:17.0375 7272 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:38:17.0375 7272 Nla - ok
16:38:17.0375 7272 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:38:17.0375 7272 Npfs - ok
16:38:17.0421 7272 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:38:17.0421 7272 Ntfs - ok
16:38:17.0437 7272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:38:17.0437 7272 NtLmSsp - ok
16:38:17.0453 7272 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:38:17.0468 7272 NtmsSvc - ok
16:38:17.0484 7272 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:38:17.0484 7272 Null - ok
16:38:17.0765 7272 [ 4B54DCD6ADEE535DF80F07C59DDD8F14 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:38:17.0843 7272 nv - ok
16:38:17.0890 7272 [ 0573C75A2895D973EA6EF2495620BA49 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
16:38:17.0890 7272 NVSvc - ok
16:38:17.0968 7272 [ 9C84945FEEE40EA42D3BCA5C22250D47 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:38:18.0031 7272 nvUpdatusService - ok
16:38:18.0046 7272 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:38:18.0062 7272 NwlnkFlt - ok
16:38:18.0062 7272 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:38:18.0062 7272 NwlnkFwd - ok
16:38:18.0078 7272 [ E65FA3C044833D0B9CE6B04C8FBC0AA0 ] NxDrv C:\WINDOWS\system32\DRIVERS\NxDrv.sys
16:38:18.0078 7272 NxDrv - ok
16:38:18.0156 7272 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:38:18.0156 7272 odserv - ok
16:38:18.0218 7272 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:38:18.0218 7272 ose - ok
16:38:18.0234 7272 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
16:38:18.0234 7272 Parport - ok
16:38:18.0250 7272 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:38:18.0250 7272 PartMgr - ok
16:38:18.0265 7272 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:38:18.0281 7272 ParVdm - ok
16:38:18.0281 7272 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:38:18.0281 7272 PCI - ok
16:38:18.0281 7272 PCIDump - ok
16:38:18.0296 7272 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:38:18.0296 7272 PCIIde - ok
16:38:18.0312 7272 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:38:18.0328 7272 Pcmcia - ok
16:38:18.0328 7272 PDCOMP - ok
16:38:18.0328 7272 PDFRAME - ok
16:38:18.0343 7272 PDRELI - ok
16:38:18.0343 7272 PDRFRAME - ok
16:38:18.0359 7272 perc2 - ok
16:38:18.0359 7272 perc2hib - ok
16:38:18.0406 7272 [ EFA2D613159616929AE2C17A1D43CC4B ] PinnacleRoyalTS C:\WINDOWS\system32\DRIVERS\RoyalTS.sys
16:38:18.0406 7272 PinnacleRoyalTS - ok
16:38:18.0421 7272 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:38:18.0421 7272 PlugPlay - ok
16:38:18.0437 7272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:38:18.0437 7272 PolicyAgent - ok
16:38:18.0437 7272 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:38:18.0437 7272 PptpMiniport - ok
16:38:18.0468 7272 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:38:18.0468 7272 Processor - ok
16:38:18.0484 7272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:38:18.0484 7272 ProtectedStorage - ok
16:38:18.0484 7272 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:38:18.0500 7272 PSched - ok
16:38:18.0500 7272 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:38:18.0500 7272 Ptilink - ok
16:38:18.0578 7272 [ 9A155D31B8E52F41B258282092CC93A7 ] QCMerced C:\WINDOWS\system32\DRIVERS\LVCM.sys
16:38:18.0593 7272 QCMerced - ok
16:38:18.0593 7272 ql1080 - ok
16:38:18.0609 7272 Ql10wnt - ok
16:38:18.0609 7272 ql12160 - ok
16:38:18.0609 7272 ql1240 - ok
16:38:18.0625 7272 ql1280 - ok
16:38:18.0640 7272 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:38:18.0640 7272 RasAcd - ok
16:38:18.0671 7272 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:38:18.0671 7272 RasAuto - ok
16:38:18.0687 7272 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:38:18.0687 7272 Rasl2tp - ok
16:38:18.0703 7272 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:38:18.0703 7272 RasMan - ok
16:38:18.0718 7272 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:38:18.0718 7272 RasPppoe - ok
16:38:18.0718 7272 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:38:18.0718 7272 Raspti - ok
16:38:18.0750 7272 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:38:18.0750 7272 Rdbss - ok
16:38:18.0750 7272 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:38:18.0750 7272 RDPCDD - ok
16:38:18.0781 7272 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:38:18.0781 7272 rdpdr - ok
16:38:18.0812 7272 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:38:18.0812 7272 RDPWD - ok
16:38:18.0843 7272 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:38:18.0843 7272 RDSessMgr - ok
16:38:18.0859 7272 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:38:18.0875 7272 redbook - ok
16:38:18.0906 7272 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:38:18.0906 7272 RemoteAccess - ok
16:38:18.0937 7272 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:38:18.0937 7272 RemoteRegistry - ok
16:38:18.0968 7272 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:38:18.0968 7272 RpcLocator - ok
16:38:18.0984 7272 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:38:18.0984 7272 RpcSs - ok
16:38:19.0015 7272 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:38:19.0015 7272 RSVP - ok
16:38:19.0046 7272 [ 4675F86AE73D97ACC2263CD23AC6D0E1 ] RTL8192se C:\WINDOWS\system32\DRIVERS\rtl8192se.sys
16:38:19.0046 7272 RTL8192se - ok
16:38:19.0078 7272 [ 1C5C2CB892553D2CF3F45A4BB323FCD6 ] s1018bus C:\WINDOWS\system32\DRIVERS\s1018bus.sys
16:38:19.0078 7272 s1018bus - ok
16:38:19.0093 7272 [ 38F5EA219593F19B6B3A1B9C169E3B61 ] s1018mdfl C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
16:38:19.0093 7272 s1018mdfl - ok
16:38:19.0125 7272 [ 666AF6B64FC7DF92D3CA4819EA91631D ] s1018mdm C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
16:38:19.0140 7272 s1018mdm - ok
16:38:19.0156 7272 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:38:19.0156 7272 SamSs - ok
16:38:19.0187 7272 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:38:19.0187 7272 SCardSvr - ok
16:38:19.0218 7272 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:38:19.0218 7272 Schedule - ok
16:38:19.0234 7272 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:38:19.0234 7272 Secdrv - ok
16:38:19.0250 7272 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:38:19.0250 7272 seclogon - ok
16:38:19.0281 7272 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:38:19.0281 7272 SENS - ok
16:38:19.0296 7272 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
16:38:19.0296 7272 Serial - ok
16:38:19.0328 7272 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:38:19.0328 7272 Sfloppy - ok
16:38:19.0343 7272 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:38:19.0359 7272 SharedAccess - ok
16:38:19.0390 7272 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:38:19.0390 7272 ShellHWDetection - ok
16:38:19.0390 7272 Simbad - ok
16:38:19.0531 7272 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:38:19.0546 7272 Skype C2C Service - ok
16:38:19.0578 7272 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:38:19.0578 7272 SkypeUpdate - ok
16:38:19.0609 7272 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:38:19.0609 7272 SLIP - ok
16:38:19.0671 7272 [ 44BE1212DC0BA5E72BFD6BF6691B7540 ] SONICWALL_NetExtender C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
16:38:19.0671 7272 SONICWALL_NetExtender - ok
16:38:19.0671 7272 Sparrow - ok
16:38:19.0703 7272 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:38:19.0703 7272 splitter - ok
16:38:19.0734 7272 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:38:19.0734 7272 Spooler - ok
16:38:19.0765 7272 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:38:19.0765 7272 SQLBrowser - ok
16:38:19.0765 7272 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:38:19.0765 7272 SQLWriter - ok
16:38:19.0828 7272 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:38:19.0828 7272 sr - ok
16:38:19.0828 7272 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:38:19.0843 7272 srservice - ok
16:38:19.0859 7272 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:38:19.0859 7272 Srv - ok
16:38:19.0890 7272 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:38:19.0890 7272 SSDPSRV - ok
16:38:19.0953 7272 [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
16:38:19.0953 7272 STHDA - ok
16:38:19.0968 7272 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:38:19.0984 7272 stisvc - ok
16:38:20.0000 7272 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:38:20.0000 7272 streamip - ok
16:38:20.0015 7272 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:38:20.0015 7272 swenum - ok
16:38:20.0015 7272 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:38:20.0015 7272 swmidi - ok
16:38:20.0031 7272 SwPrv - ok
16:38:20.0031 7272 symc810 - ok
16:38:20.0046 7272 symc8xx - ok
16:38:20.0046 7272 sym_hi - ok
16:38:20.0046 7272 sym_u3 - ok
16:38:20.0062 7272 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:38:20.0062 7272 sysaudio - ok
16:38:20.0093 7272 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:38:20.0093 7272 SysmonLog - ok
16:38:20.0125 7272 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:38:20.0125 7272 TapiSrv - ok
16:38:20.0140 7272 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:38:20.0140 7272 Tcpip - ok
16:38:20.0171 7272 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:38:20.0171 7272 TDPIPE - ok
16:38:20.0187 7272 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:38:20.0187 7272 TDTCP - ok
16:38:20.0265 7272 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
16:38:20.0281 7272 TeamViewer7 - ok
16:38:20.0296 7272 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:38:20.0296 7272 TermDD - ok
16:38:20.0312 7272 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:38:20.0328 7272 TermService - ok
16:38:20.0343 7272 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:38:20.0343 7272 Themes - ok
16:38:20.0359 7272 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:38:20.0359 7272 TlntSvr - ok
16:38:20.0359 7272 TosIde - ok
16:38:20.0390 7272 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:38:20.0390 7272 TrkWks - ok
16:38:20.0421 7272 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:38:20.0421 7272 Udfs - ok
16:38:20.0437 7272 ultra - ok
16:38:20.0468 7272 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:38:20.0468 7272 Update - ok
16:38:20.0500 7272 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:38:20.0500 7272 upnphost - ok
16:38:20.0531 7272 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:38:20.0531 7272 UPS - ok
16:38:20.0562 7272 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
16:38:20.0562 7272 USBAAPL - ok
16:38:20.0609 7272 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
16:38:20.0609 7272 usbaudio - ok
16:38:20.0640 7272 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:38:20.0640 7272 usbccgp - ok
16:38:20.0656 7272 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:38:20.0656 7272 usbehci - ok
16:38:20.0671 7272 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:38:20.0671 7272 usbhub - ok
16:38:20.0671 7272 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:38:20.0671 7272 usbohci - ok
16:38:20.0703 7272 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:38:20.0703 7272 usbprint - ok
16:38:20.0703 7272 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:38:20.0703 7272 usbscan - ok
16:38:20.0718 7272 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:38:20.0718 7272 usbstor - ok
16:38:20.0718 7272 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:38:20.0718 7272 VgaSave - ok
16:38:20.0734 7272 ViaIde - ok
16:38:20.0750 7272 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:38:20.0750 7272 VolSnap - ok
16:38:20.0765 7272 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:38:20.0781 7272 VSS - ok
16:38:20.0796 7272 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:38:20.0812 7272 W32Time - ok
16:38:20.0812 7272 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:38:20.0812 7272 Wanarp - ok
16:38:20.0859 7272 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
16:38:20.0859 7272 Wdf01000 - ok
16:38:20.0875 7272 WDICA - ok
16:38:20.0906 7272 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:38:20.0906 7272 wdmaud - ok
16:38:20.0937 7272 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:38:20.0937 7272 WebClient - ok
16:38:21.0015 7272 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:38:21.0015 7272 winmgmt - ok
16:38:21.0062 7272 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
16:38:21.0109 7272 WinRM - ok
16:38:21.0156 7272 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:38:21.0156 7272 WmdmPmSN - ok
16:38:21.0203 7272 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:38:21.0218 7272 Wmi - ok
16:38:21.0250 7272 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:38:21.0250 7272 WmiApSrv - ok
16:38:21.0343 7272 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:38:21.0375 7272 WMPNetworkSvc - ok
16:38:21.0484 7272 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:38:21.0484 7272 WPFFontCache_v0400 - ok
16:38:21.0515 7272 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:38:21.0515 7272 WS2IFSL - ok
16:38:21.0546 7272 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:38:21.0546 7272 wscsvc - ok
16:38:21.0546 7272 WSearch - ok
16:38:21.0578 7272 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:38:21.0578 7272 WSTCODEC - ok
16:38:21.0609 7272 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:38:21.0609 7272 wuauserv - ok
16:38:21.0687 7272 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:38:21.0687 7272 WudfPf - ok
16:38:21.0703 7272 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:38:21.0703 7272 WudfRd - ok
16:38:21.0718 7272 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:38:21.0734 7272 WudfSvc - ok
16:38:21.0750 7272 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:38:21.0765 7272 WZCSVC - ok
16:38:21.0796 7272 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:38:21.0796 7272 xmlprov - ok
16:38:21.0812 7272 ================ Scan global ===============================
16:38:21.0843 7272 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:38:21.0859 7272 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:38:21.0875 7272 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:38:21.0890 7272 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:38:21.0906 7272 [Global] - ok
16:38:21.0906 7272 ================ Scan MBR ==================================
16:38:21.0906 7272 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:38:22.0093 7272 \Device\Harddisk0\DR0 - ok
16:38:22.0093 7272 ================ Scan VBR ==================================
16:38:22.0093 7272 [ 10E663EAAD5DA57590EE469D0EF2D810 ] \Device\Harddisk0\DR0\Partition1
16:38:22.0093 7272 \Device\Harddisk0\DR0\Partition1 - ok
16:38:22.0109 7272 ============================================================
16:38:22.0109 7272 Scan finished
16:38:22.0109 7272 ============================================================
16:38:22.0109 5696 Detected object count: 0
16:38:22.0109 5696 Actual detected object count: 0
16:40:13.0343 3464 Deinitialize success

Thanks in advance

Chris (Zestylemons)Attached File  attach.zip   5.14KB   0 downloads

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 AM

Posted 22 September 2012 - 10:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
===

Please post the logs and let me know if the problem persists.

#3 zestylemons

zestylemons
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North West, UK
  • Local time:01:20 PM

Posted 26 September 2012 - 06:43 AM

Hi

I did as instructed and reinstalled chrome. When I open a new tab the following page appears still.

http://mystart.incredibar.com/mb174?a=6R8FpocSkU&loc=CH_NT

What now?

Thanks in advance



logs below

ComboFix 12-09-24.03 - Chris 26/09/2012 11:43:21.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1184 [GMT 1:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\_ctypes.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\_elementtree.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\_hashlib.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\_socket.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\_ssl.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\pyexpat.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\pysqlite2._sqlite.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\python26.dll
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\pythoncom26.dll
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\pywintypes26.dll
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\select.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\unicodedata.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\win32api.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\win32com.shell.shell.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\win32crypt.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\win32event.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\win32file.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\win32inet.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\win32pdh.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\win32process.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\win32security.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\windows._cacheinvalidation.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\wx._controls_.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\wx._core_.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\wx._gdi_.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\wx._html2.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\wx._misc_.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\wx._windows_.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\wx._wizard.pyd
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\wxbase293u_net_vc.dll
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\wxbase293u_vc.dll
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\wxmsw293u_adv_vc.dll
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\wxmsw293u_core_vc.dll
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\wxmsw293u_html_vc.dll
c:\docume~1\Chris\LOCALS~1\Temp\_MEI38682\wxmsw293u_webview_vc.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\_ctypes.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\_elementtree.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\_hashlib.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\_socket.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\_ssl.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\pyexpat.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\pysqlite2._sqlite.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\python26.dll
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\pythoncom26.dll
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\pywintypes26.dll
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\select.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\unicodedata.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\win32api.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\win32com.shell.shell.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\win32crypt.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\win32event.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\win32file.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\win32inet.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\win32pdh.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\win32process.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\win32security.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\windows._cacheinvalidation.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\wx._controls_.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\wx._core_.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\wx._gdi_.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\wx._html2.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\wx._misc_.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\wx._windows_.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\wx._wizard.pyd
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\wxbase293u_net_vc.dll
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\wxbase293u_vc.dll
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\wxmsw293u_adv_vc.dll
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\wxmsw293u_core_vc.dll
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\wxmsw293u_html_vc.dll
c:\documents and settings\Chris\Local Settings\Temp\_MEI38682\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 )))))))))))))))))))))))))))))))
.
.
2012-09-26 08:59 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F831E3FD-1EF9-4960-B709-CDDA58B05224}\mpengine.dll
2012-09-25 08:58 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-24 09:12 . 2012-09-24 09:12 -------- d-----w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com
2012-09-24 09:12 . 2012-09-24 09:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-24 09:12 . 2012-09-24 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-09-21 09:32 . 2012-09-21 09:32 -------- d-----w- c:\program files\Tracker Software
2012-09-20 17:20 . 2012-09-20 17:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-09-19 17:32 . 2012-09-24 08:47 -------- d-----w- c:\program files\PestPatrol
2012-09-19 17:17 . 2012-09-19 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-09-19 17:17 . 2012-09-19 17:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-19 17:03 . 2012-09-20 16:55 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-19 15:23 . 2012-09-19 15:23 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-19 12:24 . 2012-09-19 12:24 -------- d-----w- c:\program files\iPod
2012-09-19 12:23 . 2012-09-19 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-19 12:23 . 2012-09-19 12:26 -------- d-----w- c:\program files\iTunes
2012-09-19 08:32 . 2012-09-19 08:32 -------- d-----w- c:\program files\CCleaner
2012-09-18 16:51 . 2012-09-18 16:51 -------- d-----w- c:\program files\ESET
2012-09-17 04:09 . 2012-09-19 13:33 -------- d-----w- c:\program files\7-Zip
2012-09-17 04:09 . 2012-09-17 04:09 -------- d-----w- c:\program files\Perion
2012-09-13 09:17 . 2012-09-13 09:17 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Deployment
2012-09-13 08:24 . 2012-09-13 08:24 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-09-13 08:24 . 2012-09-13 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2012-09-13 08:24 . 2012-09-13 08:24 -------- d-----w- c:\documents and settings\Chris\Application Data\iolo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 17:20 . 2012-03-31 08:18 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 17:20 . 2011-05-26 12:12 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 16:04 . 2012-08-15 13:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-08-21 12:01 . 2011-10-21 14:53 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 12:01 . 2011-10-21 14:53 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-05-26 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-09-06 01:27 . 2012-09-19 15:23 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 14:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 14:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 14:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 14:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-09-06 15668432]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABBYY Screenshot Reader Retail"="c:\program files\ABBYY Screenshot Reader\ScreenShotReader.exe" [2008-10-16 959776]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2012-04-13 1244192]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"Pinnacle WebUpdater"="c:\program files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" [2006-08-24 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"PestPatrol Control Center"="c:\progra~1\PESTPA~1\PPControl.exe" [2004-11-15 98304]
"PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480]
"CookiePatrol"="c:\progra~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 73728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Chris\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Edimax EW-7612PIn Wireless LAN Utility.lnk - c:\program files\Edimax\PCIE Wireless LAN\RtWLan.exe [2011-5-26 946176]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-08-10 17:59 4440896 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 18:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 22:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-06-08 13:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
2006-07-25 10:12 65536 ----a-w- c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 13:18 17420464 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-12-04 16:58 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Edimax\\PCIE Wireless LAN\\RtWLan.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\AirPrint\\airprint.exe"=
"c:\\Documents and Settings\\Chris\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"1080:TCP"= 1080:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 19:54 116608]
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [16/10/2008 17:18 759072]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [31/03/2012 13:02 913792]
R2 AirPrint;AirPrint;c:\program files\AirPrint\airprint.exe -s --> c:\program files\AirPrint\airprint.exe -s [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [22/01/2012 18:30 2253120]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13:33 3064000]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [31/08/2012 15:02 2754984]
R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [13/04/2012 06:41 22600]
R3 PinnacleRoyalTS;Pinnacle Systems RoyalTS Device;c:\windows\system32\drivers\RoyalTS.sys [17/06/2012 11:14 124544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/07/2011 13:50 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 14:14 160944]
S3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [26/05/2011 10:45 24424]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31/03/2012 09:18 250288]
S3 Ccdstlay;Ccdstlay; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/07/2011 13:50 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [19/09/2012 16:23 114144]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [21/10/2011 15:51 18432]
S3 RTL8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [26/05/2011 12:20 574880]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [07/06/2011 20:32 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [07/06/2011 20:32 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [07/06/2011 20:32 114728]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:20]
.
2012-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-07-01 c:\windows\Tasks\fba_OFF SITE 01.job
- c:\program files\Softland\FBackup 4\fbaSchedStarter.exe [2011-06-01 16:25]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-02 12:49]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-02 12:49]
.
2012-09-24 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
2012-09-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1580818891-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]
.
2012-09-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1580818891-1417001333-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]
.
2012-09-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1580818891-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]
.
2012-09-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1580818891-1417001333-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: landmarkinfo.co.uk
Trusted Zone: promap.co.uk
Trusted Zone: promapserver.co.uk
TCP: DhcpNameServer = 192.168.1.1
DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} - hxxps://www.promapserver.co.uk/controls/latest/promap.cab
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lseezo3d.default\
FF - prefs.js: browser.startup.homepage - WWW.GOOGLE.CO.UK
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-PestPatrolCL - (no file)
AddRemove-HijackThis - d:\adaware removal tools\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-26 12:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1520)
c:\windows\system32\WININET.dll
c:\program files\TeamViewer\Version7\tv_w32.dll
c:\windows\system32\AcSignIcon.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\AirPrint\airprint.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\windows\system32\wscntfy.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-09-26 12:24:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-26 11:24
ComboFix2.txt 2012-09-17 13:37
ComboFix3.txt 2012-09-17 12:18
.
Pre-Run: 106,189,889,536 bytes free
Post-Run: 106,301,407,232 bytes free
.
- - End Of File - - 3B0E7DB235BD05D2739886631EE5D6C0


Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
ESET NOD32 Antivirus egui.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
PESTPA~1 CookiePatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````


# AdwCleaner v2.002 - Logfile created 09/26/2012 at 12:33:21
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Chris - PWL-5D9C3A86B12
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Chris\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\lseezo3d.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Sue Warwick\Application Data\Mozilla\Firefox\Profiles\tviycye0.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [37066 octets] - [17/09/2012 13:57:05]
AdwCleaner[R2].txt - [37127 octets] - [17/09/2012 14:00:15]
AdwCleaner[S1].txt - [38228 octets] - [17/09/2012 14:01:04]
AdwCleaner[R3].txt - [1210 octets] - [20/09/2012 09:25:12]
AdwCleaner[R4].txt - [1141 octets] - [26/09/2012 12:33:21]

########## EOF - C:\AdwCleaner[R4].txt - [1201 octets] ##########

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 AM

Posted 26 September 2012 - 08:18 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 29


===

Remove Incredibar... Look at the Chrome section on this page.

http://www.im-infected.com/hijacker/mystart-by-incredibar-mystart-incredibar-com.html

Keep me posted.

#5 zestylemons

zestylemons
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North West, UK
  • Local time:01:20 PM

Posted 26 September 2012 - 08:27 AM

Ok I will give it whirl and let you know - thanks for your time on this BTW

I am trying to get a couple of jobs finished and issue some drawings for builders and this is proving a pain in the neck!

#6 zestylemons

zestylemons
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North West, UK
  • Local time:01:20 PM

Posted 26 September 2012 - 09:01 AM

Hi Nasdaq

My machine was dragging it's heals doing something so I hit control alt delete to see what was soaking up my RAM and I noticed a process I didn't recognise called webtracker or something like that. I ended the process and now my new tabs on chrome are fine!

Thanks very much for your help and if it comes back I will keep you posted.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 AM

Posted 26 September 2012 - 09:48 AM

Was this the culprit?
http://statcounter.com/free-invisible-web-tracker/

===


If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#8 zestylemons

zestylemons
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North West, UK
  • Local time:01:20 PM

Posted 26 September 2012 - 10:41 AM

Hi

House keeping done.

I don't think it was stat counter - I think I picked it up by clicking on a bad banner when trying to download some software to unzip a 3.5Gb .7z archive which contained the Blackmesa game. I have never seen a 7z file and was unaware that winrar would uncompress it so I clicked on a banner that I thought installed the decompressor and then the problems began. Weirdly before I realised I had an 'issue' I also downloaded on to my other pc (vista) as it dawned on me this one is my work machine not gaming one (side by side) and I got rid of the problem easily myself on vista.

Ho hum and point taken on prevention

Many thanks

Hi

House keeping done.

I don't think it was stat counter - I think I picked it up by clicking on a bad banner when trying to download some software to unzip a 3.5Gb .7z archive which contained the Blackmesa game. I have never seen a 7z file and was unaware that winrar would uncompress it so I clicked on a banner that I thought installed the decompressor and then the problems began. Weirdly before I realised I had an 'issue' I also downloaded on to my other pc (vista) as it dawned on me this one is my work machine not gaming one (side by side) and I got rid of the problem easily myself on vista.

Ho hum and point taken on prevention

Many thanks

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 AM

Posted 26 September 2012 - 10:53 AM

Thank you for the feedback.

#10 zestylemons

zestylemons
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North West, UK
  • Local time:01:20 PM

Posted 30 September 2012 - 09:51 AM

Nasdaq

I have uninstalled chrome today as it came back this afternoon after being free for days - I haven't downloaded a sausage - there doesn't appear to be any suspicious processes unless it has renamed itself as something else.

IE unaffected and firefox unaffected - for now.............. :-(

Please help - thanks in advance

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 AM

Posted 30 September 2012 - 12:24 PM

1. Open Google Chrome.
2. Click on the 3 HORIZONTSL BARS icon on top right corner of the browser.
3. Choose “Settings” from the drop down list.
4. Select “Basics.”
5. Click on “Manage search engines” under SEARCH settings area.
6. Hover your mouse to a preferred search engine and click “Make default.”
7. You can now remove MyStart by Incredibar search by clicking on the X mark.

#12 zestylemons

zestylemons
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North West, UK
  • Local time:01:20 PM

Posted 01 October 2012 - 01:58 AM

Nasdaq

I had to reinstall google to carry out your request. There was no drop down list to choose basics, it went straight to a page that had manage search engines. I deleted all but google which was already default and none of which were mystart by incredibar. When I select open new tab it still does it.

When I uninstalled chrome I also made sure the folder in local settings data chrome was deleted and used ccleaner to manage the uninstall, clean the drive and clean the registry which there was nothing to clean.

I have left this installation of chrome on my machine in case you require it for the next step.

:-(

Thanks

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 AM

Posted 01 October 2012 - 07:27 AM

Lets check the registry.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :regfind
    incerdibar

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#14 zestylemons

zestylemons
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North West, UK
  • Local time:01:20 PM

Posted 02 October 2012 - 11:04 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 17:00 on 02/10/2012 by Chris
Administrator - Elevation successful

========== regfind ==========

Searching for "incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]
[HKEY_USERS\S-1-5-21-1229272821-1580818891-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[HKEY_USERS\S-1-5-21-1229272821-1580818891-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]
[HKEY_USERS\S-1-5-21-1229272821-1580818891-1417001333-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[HKEY_USERS\S-1-5-21-1229272821-1580818891-1417001333-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]

-= EOF =-

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:20 AM

Posted 02 October 2012 - 12:06 PM

This should take care of it.

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users