Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor Trojan found


  • This topic is locked This topic is locked
61 replies to this topic

#1 Frazzled1

Frazzled1

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 22 September 2012 - 05:49 AM

Thank you in advance for looking at this. Please refer to the post by me on the "Am I Infected What do I do" forum link for the complete history of this problem. We worked paitently to try and solve this and I see that there is much more to do. I do not have any restore capabilities IE XP disk, so I am trying to solve this if at all possible. There is the MS restore console on the machine if that is of any help. Basically the computer pegs the cpu for extended periods of time whenever I try to do anything. After the checkdisk run I lost the color on the start button/taskbar and the computer is in a quasi safe mode, with some dervices loading and some not (for example I cannot run SFC /scannow). Msconfig was missing from the win32 directory so I expanded it from the I386 location and ran it, but to no avail. It seems that it does nothing in the way of changing my configuration. The f8 safe mode at bootup really does put me into safe mode but there is no fully normal mode. And of course, the computer is still really slow and bogging down. The required files are below.

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13
Run by Judy at 22:16:45 on 2012-09-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1503.955 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\eBoostr\eBoostrCP.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [SystemBoosterXP] c:\program files\disktrix\systembooster2\SystemBooster.exe
mRun: [ProcessLassoManagementConsole] c:\program files\process lasso\processlasso.exe
mRun: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eboost~1.lnk - c:\program files\eboostr\eBoostrCP.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - hxxp://www.trendmicro.com/spyware-scan/as4web.cab
DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3}
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{5DAF14F1-B2ED-4D5F-9BBB-6A9EE0EB3116} : DhcpNameServer = 192.168.15.1
Notify: AutorunsDisabled - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2009-12-23 144984]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-23 64288]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-9-15 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-15 116608]
R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\displaylinkmirrorport.sys [2007-3-9 23400]
S2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\displaylinkservice.exe [2007-12-13 439656]
S2 EBOOSTRSVC;eBoostr Service;c:\program files\eboostr\EBstrSvc.exe [2009-12-23 646272]
S2 gupdate;gupdate; [x]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\judy\locals~1\temp\alsysio.sys --> c:\docume~1\judy\locals~1\temp\ALSysIO.sys [?]
S3 cpuz128;cpuz128; [x]
S3 gupdatem;gupdatem; [x]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 12872]
S4 AntiVirSchedulerService;AntiVirSchedulerService; [x]
.
=============== Created Last 30 ================
.
2012-09-22 03:16:20 -------- d--h--w- c:\windows\PIF
2012-09-22 00:59:31 -------- d-----w- c:\program files\ACW
2012-09-19 10:19:41 145408 ----a-w- c:\windows\system32\msconfig.exe
2012-09-17 22:23:26 -------- d-----w- c:\windows\LastGood.Tmp
2012-09-16 11:47:19 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2627701a-1156-4353-8ffe-d91101c39495}\mpengine.dll
2012-09-16 06:41:05 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-13 04:28:39 -------- d-----w- c:\program files\Core Temp
2012-09-11 02:12:46 -------- d-----w- c:\program files\ESET
2012-08-31 11:39:53 -------- d-----w- C:\b7dda7297f98add60f5d09f787686383
2012-08-29 03:36:41 -------- d-----w- c:\windows\system32\URTTemp
2012-08-28 02:25:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-23 03:51:32 5 --sha-w- c:\windows\system32\faabaaadf2_s.dll
2012-08-23 03:51:07 -------- d-----w- c:\program files\jv16 PowerTools 2006
.
==================== Find3M ====================
.
2012-08-13 20:01:40 0 --sh--w- c:\windows\SBACD30FE.tmp
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 15:07:44 832512 ----a-w- c:\windows\system32\wininet.dll
2012-07-03 15:07:43 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-03 15:07:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-07-03 15:07:42 17408 ----a-w- c:\windows\system32\corpol.dll
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 22:20:44.84 ===============
Attached File  attach.txt   25.77KB   2 downloadsAttached File  Ark.txt   5.19KB   3 downloads

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 27 September 2012 - 05:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/469486 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 27 September 2012 - 10:02 PM

I was getting worried... OK
here is the deal. While I was waiting, I searched the internet for several days and found what I think was a fix for the "hybrid" safe mode problem I was having. The fix consisted of doing a simple registry edit. I hope this doesn't cause any problems down the road, but as of now it appears that I am able to boot in normal mode with all device drivers etc working. I will now run sfc /scannow just to make sure.
The edit was this:
HKLM\System\CurrentControlSet\Control\Safeboot\Option
I needed to change the DWORD from 2 to 0.

As for the 100% CPU usage, I am still having the problem. Certain websites are worse than others. For example, your site, though slow, is tolerable, but especially aol's Huffpost sites take between 3 and 5 minutes to load each page with my CPU pegged at 100% the whole time.
I ran the following scans and attached below are the log files as requested. A note was that Gmer utilized between 90 and 98% of my cpu the whole time it ran.

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Judy at 8:41:59 on 2012-09-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1503.801 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\eBoostr\EBstrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\eBoostr\eBoostrCP.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [SystemBoosterXP] c:\program files\disktrix\systembooster2\SystemBooster.exe
mRun: [ProcessLassoManagementConsole] c:\program files\process lasso\processlasso.exe
mRun: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eboost~1.lnk - c:\program files\eboostr\eBoostrCP.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - hxxp://www.trendmicro.com/spyware-scan/as4web.cab
DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3}
Notify: AutorunsDisabled - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2009-12-23 144984]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-23 64288]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-9-15 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-15 116608]
R2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\displaylinkservice.exe [2007-12-13 439656]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eboostr\EBstrSvc.exe [2009-12-23 646272]
R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\displaylinkmirrorport.sys [2007-3-9 23400]
S2 gupdate;gupdate; [x]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\judy\locals~1\temp\alsysio.sys --> c:\docume~1\judy\locals~1\temp\ALSysIO.sys [?]
S3 cpuz128;cpuz128; [x]
S3 gupdatem;gupdatem; [x]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 12872]
S4 AntiVirSchedulerService;AntiVirSchedulerService; [x]
.
=============== Created Last 30 ================
.
2012-09-27 12:01:26 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec68fca5-8162-49d6-90a9-601579638584}\mpengine.dll
2012-09-26 10:42:47 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-22 03:16:20 -------- d--h--w- c:\windows\PIF
2012-09-22 00:59:31 -------- d-----w- c:\program files\ACW
2012-09-19 10:19:41 145408 ----a-w- c:\windows\system32\msconfig.exe
2012-09-13 04:28:39 -------- d-----w- c:\program files\Core Temp
2012-09-11 02:12:46 -------- d-----w- c:\program files\ESET
2012-08-31 11:39:53 -------- d-----w- C:\b7dda7297f98add60f5d09f787686383
2012-08-29 03:36:41 -------- d-----w- c:\windows\system32\URTTemp
.
==================== Find3M ====================
.
2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12:36 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12:34 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-23 03:51:32 5 --sha-w- c:\windows\system32\faabaaadf2_s.dll
2012-08-13 20:01:40 0 --sh--w- c:\windows\SBACD30FE.tmp
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 8:42:26.92 ===============


Ark.Txt

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-27 21:40:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400EB-00CPF0 rev.06.04G06
Running: gmer.exe; Driver: C:\DOCUME~1\Judy\LOCALS~1\Temp\fxtdipog.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Judy\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eBoost.sys (eBoostr Filter Driver/eBoostr.com)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

---- EOF - GMER 1.0.15 ----

also I forgot to mention that I do NOT have a XP disk for this computer. I only have a damaged restore disk that will not read. That is why I am trying to fix this so desperately. On another note, Eboostr and system booster had run fine before the problem occured and caused me no trouble. They in fact did make a difference in my pc's preformance, so I would like to only disable them if need be so I can reactivate them once this problem is solved. Please check my previous post from which I was redirected to here on the "Am I infected" forum.
Thank you. Attached File  attach.zip   4.57KB   0 downloads

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 02 October 2012 - 05:55 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!


Mod Edit: Topic reopened per OP request - Hamluis.

Hello,
I have been working for some time to get my computer up and running. The last commmunication I had was with a robot on your site, whereby I followed directions and reposted some logs required. Today I recieved the case closed message. I was waiting for a reply from someone at your site..... Well here is the link to the topic.
Thank you in advance for looking at this.

http://www.bleepingcomputer.com/forums/topic469486.html/page__pid__2857865#entry2857865


Edited by hamluis, 02 October 2012 - 08:38 AM.
Reopened - Hamluis.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 27 October 2012 - 02:54 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 28 October 2012 - 05:59 AM

Hello And thank you Gringo.
here are the requested logfiles. One note. When running Security check, an error box opened at first,,, something about an object error. After me clicking the box closed everything seemed to run fine. After ADWcleaner, MSSE popped up and said that windows did not pass the validation test and MSSE would be disabled in 30 days. From what I can see, after restarting this morning, that seems to have went away. Will keep you posted.
Otherwise, here are the logs.

Security check:

Results of screen317's Security Check version 0.99.53
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
SpywareBlaster 4.4
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.65.1.1000
HijackThis 2.0.2
AppCleaner
CCleaner
AML Free Registry Cleaner 4.20
COMODO System Cleaner 1.1.64946.38(32bit)
Java™ 6 Update 19
Java version out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````




ADWcleaner :




# AdwCleaner v2.005 - Logfile created 10/27/2012 at 21:35:06
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Judy - T1600
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Judy\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Judy\Application Data\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2111 octets] - [27/10/2012 21:32:49]
AdwCleaner[R2].txt - [2171 octets] - [27/10/2012 21:34:18]
AdwCleaner[S1].txt - [1977 octets] - [27/10/2012 21:35:06]

########## EOF - C:\AdwCleaner[S1].txt - [2037 octets] ##########




and finally RogueKiller :

Initial log:

RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Judy [Admin rights]
Mode : Scan -- Date : 10/27/2012 21:42:41

Bad processes : 0

Registry Entries : 2
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

Particular Files / Folders:

Driver : [LOADED]

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


MBR Check:

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 230245d4a0efcbdd790c3f8160a948f4
[BSP] 9891c3d8d3dc96da38c6d78e8d961073 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38162 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



and the final report:


RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Judy [Admin rights]
Mode : Remove -- Date : 10/27/2012 21:43:23

Bad processes : 0

Registry Entries : 2
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

Particular Files / Folders:

Driver : [LOADED]

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


MBR Check:

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 230245d4a0efcbdd790c3f8160a948f4
[BSP] 9891c3d8d3dc96da38c6d78e8d961073 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38162 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 28 October 2012 - 12:22 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 28 October 2012 - 09:19 PM

Hello again Gringo,
OK combofix is done. Here is the log file:

ComboFix 12-10-26.05 - Judy 10/28/2012 20:46:11.1.1 - x86
Running from: c:\documents and settings\Judy\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Judy\MYDOCU~1\MYRECE~1\MC_TSD~1\TSDC.exe
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Judy\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\adsldpc.dll.bkup
c:\windows\system32\advapi32.dll.bkup
c:\windows\system32\apphelp.dll.bkup
c:\windows\system32\atl.dll.bkup
c:\windows\system32\audiosrv.dll.bkup
c:\windows\system32\basesrv.dll.bkup
c:\windows\system32\browseui.dll.bkup
c:\windows\system32\catsrv.dll.bkup
c:\windows\system32\catsrvut.dll.bkup
c:\windows\system32\certcli.dll.bkup
c:\windows\system32\cfgmgr32.dll.bkup
c:\windows\system32\clbcatq.dll.bkup
c:\windows\system32\clusapi.dll.bkup
c:\windows\system32\cnbjmon.dll.bkup
c:\windows\system32\colbact.dll.bkup
c:\windows\system32\comctl32.dll.bkup
c:\windows\system32\comsvcs.dll.bkup
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\crypt32.dll.bkup
c:\windows\system32\cscdll.dll.bkup
c:\windows\system32\cscui.dll.bkup
c:\windows\system32\dbghelp.dll.bkup
c:\windows\system32\dnsapi.dll.bkup
c:\windows\system32\dot3api.dll.bkup
c:\windows\system32\dsound.dll.bkup
c:\windows\system32\dssenh.dll.bkup
c:\windows\system32\duser.dll.bkup
c:\windows\system32\e_flbeka.dll.bkup
c:\windows\system32\eappcfg.dll.bkup
c:\windows\system32\eebapi.dll.bkup
c:\windows\system32\eebutil.dll.bkup
c:\windows\system32\enppmon.dll.bkup
c:\windows\system32\es.dll.bkup
c:\windows\system32\eventlog.dll.bkup
c:\windows\system32\faabaaadf2_s.dll
c:\windows\system32\faultrep.dll.bkup
c:\windows\system32\icm32.dll.bkup
c:\windows\system32\iertutil.dll.bkup
c:\windows\system32\iphlpapi.dll.bkup
c:\windows\system32\ipnathlp.dll.bkup
c:\windows\system32\ipsecsvc.dll.bkup
c:\windows\system32\itss.dll.bkup
c:\windows\system32\jscript.dll.bkup
c:\windows\system32\localspl.dll.bkup
c:\windows\system32\lsasrv.dll.bkup
c:\windows\system32\midimap.dll.bkup
c:\windows\system32\mlang.dll.bkup
c:\windows\system32\modemui.dll.bkup
c:\windows\system32\msacm32.dll.bkup
c:\windows\system32\mscoree.dll.bkup
c:\windows\system32\msprivs.dll.bkup
c:\windows\system32\mstask.dll.bkup
c:\windows\system32\mstlsapi.dll.bkup
c:\windows\system32\msv1_0.dll.bkup
c:\windows\system32\msvcp60.dll.bkup
c:\windows\system32\msvcrt.dll.bkup
c:\windows\system32\mswsock.dll.bkup
c:\windows\system32\mtxclu.dll.bkup
c:\windows\system32\mydocs.dll.bkup
c:\windows\system32\nddeapi.dll.bkup
c:\windows\system32\netapi32.dll.bkup
c:\windows\system32\netcfgx.dll.bkup
c:\windows\system32\netlogon.dll.bkup
c:\windows\system32\netmsg.dll.bkup
c:\windows\system32\netui2.dll.bkup
c:\windows\system32\newdev.dll.bkup
c:\windows\system32\ntdll.dll.bkup
c:\windows\system32\ntshrui.dll.bkup
c:\windows\system32\oakley.dll.bkup
c:\windows\system32\odbc32.dll.bkup
c:\windows\system32\odbcint.dll.bkup
c:\windows\system32\printui.dll.bkup
c:\windows\system32\pstorsvc.dll.bkup
c:\windows\system32\qmgr.dll.bkup
c:\windows\system32\qutil.dll.bkup
c:\windows\system32\rasapi32.dll.bkup
c:\windows\system32\rasdlg.dll.bkup
c:\windows\system32\rasppp.dll.bkup
c:\windows\system32\rastapi.dll.bkup
c:\windows\system32\regapi.dll.bkup
c:\windows\system32\riched20.dll.bkup
c:\windows\system32\rtutils.dll.bkup
c:\windows\system32\s3gnb.dll.bkup
c:\windows\system32\samlib.dll.bkup
c:\windows\system32\samsrv.dll.bkup
c:\windows\system32\scecli.dll.bkup
c:\windows\system32\scesrv.dll.bkup
c:\windows\system32\seclogon.dll.bkup
c:\windows\system32\shdoclc.dll.bkup
c:\windows\system32\shdocvw.dll.bkup
c:\windows\system32\shsvcs.dll.bkup
c:\windows\system32\srsvc.dll.bkup
c:\windows\system32\srvsvc.dll.bkup
c:\windows\system32\sti.dll.bkup
c:\windows\system32\stobject.dll.bkup
c:\windows\system32\sxs.dll.bkup
c:\windows\system32\tapi32.dll.bkup
c:\windows\system32\tapisrv.dll.bkup
c:\windows\system32\tcpmon.dll.bkup
c:\windows\system32\termsrv.dll.bkup
c:\windows\system32\themeui.dll.bkup
c:\windows\system32\trkwks.dll.bkup
c:\windows\system32\twext.dll.bkup
c:\windows\system32\umpnpmgr.dll.bkup
c:\windows\system32\upnp.dll.bkup
c:\windows\system32\upnphost.dll.bkup
c:\windows\system32\url.dll.bkup
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\usbui.dll.bkup
c:\windows\system32\user32.dll.bkup
c:\windows\system32\uxtheme.dll.bkup
c:\windows\system32\vssapi.dll.bkup
c:\windows\system32\wdigest.dll.bkup
c:\windows\system32\webcheck.dll.bkup
c:\windows\system32\wgalogon.dll.bkup
c:\windows\system32\wiaservc.dll.bkup
c:\windows\system32\win32spl.dll.bkup
c:\windows\system32\winhttp.dll.bkup
c:\windows\system32\wininet.dll.bkup
c:\windows\system32\winmm.dll.bkup
c:\windows\system32\winsrv.dll.bkup
c:\windows\system32\wintrust.dll.bkup
c:\windows\system32\wkssvc.dll.bkup
c:\windows\system32\wlnotify.dll.bkup
c:\windows\system32\wmasf.dll.bkup
c:\windows\system32\wpdshserviceobj.dll.bkup
c:\windows\system32\ws2help.dll.bkup
c:\windows\system32\wscsvc.dll.bkup
c:\windows\system32\wzcsapi.dll.bkup
c:\windows\system32\wzcsvc.dll.bkup
c:\windows\system32\xpsp2res.dll.bkup
c:\windows\system32\zipfldr.dll.bkup
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))
.
.
2012-10-29 01:32 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF37203F-932A-47B5-AD4C-F4EDC59F3BEF}\mpengine.dll
2012-10-28 01:29 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-24 11:06 . 2012-10-24 11:16 -------- d-----w- c:\program files\WhatsRunning
2012-10-23 12:44 . 2012-10-23 12:44 -------- d-----w- c:\program files\Trend Micro
2012-10-23 03:15 . 2012-10-23 03:15 53248 ----a-w- c:\windows\system32\zlib.dll
2012-10-23 03:15 . 2012-10-23 03:17 -------- d-----w- C:\Support
2012-10-23 03:06 . 2012-10-26 11:49 -------- d-----w- c:\documents and settings\Judy\Application Data\JAM Software
2012-10-22 12:10 . 2008-11-07 23:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-10-22 12:09 . 2011-08-01 20:56 40936 ----a-w- c:\windows\system32\drivers\point32.sys
2012-10-22 12:08 . 2012-10-22 12:09 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-10-22 12:05 . 2009-03-25 19:29 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2012-10-22 12:05 . 2009-03-04 01:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-10-22 12:04 . 2012-10-22 12:04 -------- d-----w- c:\program files\Realtek
2012-10-22 11:58 . 2006-08-01 20:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2012-10-22 11:48 . 2012-10-22 11:48 -------- d-----w- c:\program files\Realtek AC97
2012-10-22 11:48 . 2006-12-08 20:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2012-10-22 11:48 . 2006-10-18 07:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2012-10-22 11:47 . 2006-02-07 20:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-10-22 11:47 . 2006-02-07 20:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-10-22 11:47 . 2006-02-07 20:39 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-10-22 11:47 . 2006-02-07 20:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-10-22 11:47 . 2005-11-14 04:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-10-22 11:47 . 2006-02-07 20:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-10-22 11:47 . 2012-10-22 11:47 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-10-22 11:47 . 2012-10-22 11:47 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-10-22 11:37 . 2007-09-20 15:43 331184 ------w- c:\windows\system32\difxapi.dll
2012-10-22 11:37 . 2012-10-22 11:37 -------- d-----w- c:\program files\VIA
2012-10-21 15:04 . 2011-08-01 20:56 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2012-10-21 14:59 . 2012-10-21 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\inf
2012-10-21 11:09 . 2012-10-21 11:09 -------- d-----w- c:\documents and settings\Judy\Application Data\Wise Registry Cleaner
2012-10-20 11:41 . 2012-10-20 11:44 -------- d-----w- c:\program files\AppCleaner
2012-10-19 12:21 . 2012-10-19 12:21 -------- d-----w- c:\documents and settings\Judy\Application Data\ImgBurn
2012-10-19 11:57 . 2012-10-19 11:58 -------- d-----w- c:\program files\ImgBurn
2012-10-18 12:36 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2012-10-18 12:36 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2012-10-18 12:36 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2012-10-18 12:36 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2012-10-04 03:54 . 2012-10-04 03:54 -------- d-----w- c:\program files\WinMend
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 00:54 . 2010-09-19 12:16 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 03:03 . 2012-03-21 01:44 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-27 19:12 . 2005-10-21 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2006-03-27 04:38 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2009-10-05 04:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2002-01-08 12:04 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-24 13:53 . 2002-01-08 12:05 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2002-01-08 12:05 2192896 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2001-08-17 13:48 2069632 ------w- c:\windows\system32\ntkrnlpa.exe
2012-08-13 20:01 . 2010-09-25 10:55 0 --sh--w- c:\windows\SBACD30FE.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemBoosterXP"="c:\program files\DiskTrix\SystemBooster2\SystemBooster.exe" [2006-03-21 577536]
"ProcessLassoManagementConsole"="c:\program files\Process Lasso\processlasso.exe" [2010-07-28 417296]
"ProcessGovernor"="c:\program files\Process Lasso\processgovernor.exe" [2010-07-28 232464]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - c:\program files\eBoostr\eBoostrCP.exe [2009-12-23 1590400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-09-14 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2012-09-14 11:33 549760 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 gupdate;gupdate; [x]
R3 ALSysIO;ALSysIO;c:\docume~1\Judy\LOCALS~1\Temp\ALSysIO.sys [x]
R3 cpuz128;cpuz128; [x]
R3 gupdatem;gupdatem; [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\documents and settings\Judy\My Documents\My Received Files\Moo0_SystemMonitor_1.64_Portable\Moo0 SystemMonitor 1.64 Portable\WinRing0.sys [x]
R4 AntiVirSchedulerService;AntiVirSchedulerService; [x]
S0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [x]
S2 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [x]
S3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\DRIVERS\DisplayLinkmirrorport.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-03 c:\windows\Tasks\DefragExpress.job
- c:\program files\DiskTrix\DefragExpress\DefragExpress.exe [2009-03-29 14:40]
.
2012-10-29 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
.
2012-10-29 c:\windows\Tasks\User_Feed_Synchronization-{E06C0C21-9DDB-4D7D-9585-0F160AD32BFB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
TCP: DhcpNameServer = 192.168.15.1
DPF: Microsoft XML Parser for Java
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-75130306.sys
SafeBoot-Wdf01000.sys
SafeBoot-Lavasoft Ad-Aware Service
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-28 20:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-10-28 20:59:29
ComboFix-quarantined-files.txt 2012-10-29 01:59
.
Pre-Run: 7,893,516,288 bytes free
Post-Run: 8,228,192,256 bytes free
.
- - End Of File - - BA346ABCA5939B24E54BBF48D1333AB1


How is my computer running.... funny you should ask... I noticed that in the log file there are two entries that I find unusual. gupdate and AntiVir Scheduler. I should not have either of those on my machine.
I inadvertantly forgot to reenable MSSE before I ran IE and went to reply to your post. I couldn't believe how fast the computer ran. I immediately enabled it so as not get a virus and now my computer is right back to it's draggy ass old self. Well, at least I know which program is slowing me down. Now what to do about it. I wonder if the AntiVir Scheduler has something to do with the problem? I had all kinds of trouble tyring to get MSSE to install initialy as I had run several other AV programs in the past looking for a good one to replace the one that came with AOL 9.0.
One thing I just noticed.... I have two folders with Microsoft security client in my program files folder
That may be a problem do you think?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 28 October 2012 - 09:29 PM

I find MSE to be very good so lets uninstall it restart the computer and reinstall it and see if it acks any better



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 29 October 2012 - 04:11 PM

Hello Gringo,
OK, I uninstalled MSE AFTER I disconnected my network cable. :-)
Actually I used Revo uninstaller, and found quite a bit of junk left behind. I also checked and removed the C:\program Files\Microsoft Security Client(2) folder and contents as well. Rebooted and WOW!! Could not believe the difference in speed. I forgot the computer could run so fast. Ok now before I reinstall MSE, I noticed that there are a few references to it in the Application data folder. Should I remove these also? They are not in any of my other xp machines.
Just wondering.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 29 October 2012 - 09:16 PM

no you should not have to do that much just go ahead and reinstall now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 30 October 2012 - 06:24 AM

Hello Gringo,
I hope that storm passed you by w/o much damage.
OK, I reinstalled MSE which went smoothly, and as soon as I opened my browser, to the aol homepage, my cpu pegged at 100% and stayed there for a minute or so while the page loaded. The cpu cycled between iexplore.exe and MsMpEng.exe in taking up the resources. Now I DO understand that I need to reinstall several plugins like Adobe reader, and flash for IE, but I am trying to get the preformance issues resolved B4 I start adding resource overhead. Currently I am scanning as I type, and my cpu is still at 100% just from MsMpEng.exe minus a few % from some ancillary processes. This won't allow me to be able to do anything else.
I have read various posts that there are a few settings in MSE that with process priority changes and folder/file exclusions that should help this problem. They are conflicting though so I am hesitant to try them. I do NOT want to comprimise my security settings as malware is a huge problem evidenced by the huge number of posts on your site.

CRAP!!! MSE just finished scanning and found/quarantined a trojan:win32/Sirefef.P

That item was in my old scan log scans a few times also.... I guess there is more work to do here....

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 30 October 2012 - 11:20 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Frazzled1

Frazzled1
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 31 October 2012 - 06:29 AM

The aswMBR took a long time to run so I ran it overnight. Here are the logs.

Tdsskiller:

22:55:54.0046 1588 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
22:55:54.0671 1588 ============================================================
22:55:54.0671 1588 Current date / time: 2012/10/30 22:55:54.0671
22:55:54.0671 1588 SystemInfo:
22:55:54.0671 1588
22:55:54.0671 1588 OS Version: 5.1.2600 ServicePack: 3.0
22:55:54.0671 1588 Product type: Workstation
22:55:54.0671 1588 ComputerName: T1600
22:55:54.0671 1588 UserName: Judy
22:55:54.0671 1588 Windows directory: C:\WINDOWS
22:55:54.0671 1588 System windows directory: C:\WINDOWS
22:55:54.0671 1588 Processor architecture: Intel x86
22:55:54.0671 1588 Number of processors: 1
22:55:54.0671 1588 Page size: 0x1000
22:55:54.0671 1588 Boot type: Normal boot
22:55:54.0671 1588 ============================================================
22:55:57.0890 1588 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:55:57.0890 1588 ============================================================
22:55:57.0890 1588 \Device\Harddisk0\DR0:
22:55:57.0890 1588 MBR partitions:
22:55:57.0890 1588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A89182
22:55:57.0890 1588 ============================================================
22:55:57.0953 1588 C: <-> \Device\Harddisk0\DR0\Partition1
22:55:57.0953 1588 ============================================================
22:55:57.0953 1588 Initialize success
22:55:57.0953 1588 ============================================================
22:56:08.0171 0524 ============================================================
22:56:08.0171 0524 Scan started
22:56:08.0171 0524 Mode: Manual;
22:56:08.0171 0524 ============================================================
22:56:09.0906 0524 ================ Scan system memory ========================
22:56:11.0750 0524 System memory - ok
22:56:11.0765 0524 ================ Scan services =============================
22:56:11.0921 0524 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:56:11.0921 0524 !SASCORE - ok
22:56:12.0781 0524 Abiosdsk - ok
22:56:12.0828 0524 abp480n5 - ok
22:56:12.0968 0524 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:56:13.0031 0524 ACPI - ok
22:56:13.0125 0524 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:56:13.0140 0524 ACPIEC - ok
22:56:13.0203 0524 adpu160m - ok
22:56:13.0312 0524 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:56:13.0328 0524 aec - ok
22:56:13.0406 0524 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:56:13.0406 0524 AFD - ok
22:56:13.0500 0524 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
22:56:13.0515 0524 AFS2K - ok
22:56:13.0531 0524 Aha154x - ok
22:56:13.0578 0524 aic78u2 - ok
22:56:13.0625 0524 aic78xx - ok
22:56:14.0500 0524 [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
22:56:14.0812 0524 ALCXWDM - ok
22:56:14.0921 0524 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:56:14.0937 0524 Alerter - ok
22:56:15.0000 0524 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
22:56:15.0000 0524 ALG - ok
22:56:15.0046 0524 AliIde - ok
22:56:15.0218 0524 ALSysIO - ok
22:56:15.0281 0524 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
22:56:15.0281 0524 AmdK7 - ok
22:56:15.0328 0524 amsint - ok
22:56:15.0406 0524 AppMgmt - ok
22:56:15.0453 0524 asc - ok
22:56:15.0500 0524 asc3350p - ok
22:56:15.0546 0524 asc3550 - ok
22:56:15.0625 0524 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
22:56:15.0687 0524 ASCTRM - ok
22:56:16.0000 0524 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:56:16.0000 0524 aspnet_state - ok
22:56:16.0109 0524 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:56:16.0109 0524 AsyncMac - ok
22:56:16.0156 0524 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:56:16.0156 0524 atapi - ok
22:56:16.0187 0524 Atdisk - ok
22:56:16.0234 0524 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:56:16.0250 0524 Atmarpc - ok
22:56:16.0328 0524 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:56:16.0328 0524 AudioSrv - ok
22:56:16.0421 0524 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:56:16.0437 0524 audstub - ok
22:56:16.0500 0524 [ 565193073892B2C12D22C22A0F77400D ] basic2 C:\WINDOWS\system32\DRIVERS\basic2.sys
22:56:16.0500 0524 basic2 - ok
22:56:16.0593 0524 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:56:16.0593 0524 Beep - ok
22:56:16.0781 0524 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
22:56:16.0812 0524 BITS - ok
22:56:16.0906 0524 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
22:56:16.0906 0524 Browser - ok
22:56:16.0937 0524 catchme - ok
22:56:17.0015 0524 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:56:17.0015 0524 cbidf2k - ok
22:56:17.0062 0524 cd20xrnt - ok
22:56:17.0140 0524 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:56:17.0140 0524 Cdaudio - ok
22:56:17.0218 0524 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:56:17.0218 0524 Cdfs - ok
22:56:17.0296 0524 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:56:17.0390 0524 Cdrom - ok
22:56:17.0437 0524 Changer - ok
22:56:17.0531 0524 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe
22:56:17.0546 0524 cisvc - ok
22:56:17.0640 0524 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:56:17.0671 0524 ClipSrv - ok
22:56:17.0750 0524 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:56:17.0750 0524 clr_optimization_v2.0.50727_32 - ok
22:56:17.0796 0524 CmdIde - ok
22:56:17.0875 0524 [ 152DF881731439107A889FBE1DF5AF6A ] Cnxtdiag C:\WINDOWS\system32\DRIVERS\cnxtdiag.sys
22:56:17.0875 0524 Cnxtdiag - ok
22:56:17.0921 0524 COMSysApp - ok
22:56:18.0015 0524 Cpqarray - ok
22:56:18.0078 0524 cpuz128 - ok
22:56:18.0171 0524 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:56:18.0187 0524 CryptSvc - ok
22:56:18.0234 0524 dac2w2k - ok
22:56:18.0265 0524 dac960nt - ok
22:56:18.0421 0524 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:56:18.0437 0524 DcomLaunch - ok
22:56:18.0515 0524 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:56:18.0515 0524 Dhcp - ok
22:56:18.0625 0524 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:56:18.0625 0524 Disk - ok
22:56:18.0703 0524 [ B1D85EA325C796374BDB4CF59F07BBFD ] DisplayLinkmirror C:\WINDOWS\system32\DRIVERS\DisplayLinkmirrorport.sys
22:56:18.0703 0524 DisplayLinkmirror - ok
22:56:18.0859 0524 [ B3DB43D8A8E4A574BE1E3F66E5434353 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
22:56:19.0453 0524 DisplayLinkService - ok
22:56:19.0500 0524 dmadmin - ok
22:56:19.0593 0524 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:56:19.0640 0524 dmboot - ok
22:56:19.0750 0524 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:56:19.0765 0524 dmio - ok
22:56:19.0843 0524 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:56:19.0843 0524 dmload - ok
22:56:19.0953 0524 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:56:19.0953 0524 dmserver - ok
22:56:20.0015 0524 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:56:20.0031 0524 DMusic - ok
22:56:20.0093 0524 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:56:20.0093 0524 Dnscache - ok
22:56:20.0171 0524 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:56:20.0187 0524 Dot3svc - ok
22:56:20.0250 0524 dpti2o - ok
22:56:20.0312 0524 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:56:20.0312 0524 drmkaud - ok
22:56:20.0359 0524 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:56:20.0359 0524 EapHost - ok
22:56:20.0421 0524 [ 577DC4BEE3F8E54DCCDB9AD02ADC9A33 ] eBoost C:\WINDOWS\system32\drivers\eBoost.sys
22:56:20.0421 0524 eBoost - ok
22:56:20.0609 0524 [ 5F11E9C49B9C94213F67F6E7AA191DEE ] EBOOSTRSVC C:\Program Files\eBoostr\EBstrSvc.exe
22:56:20.0937 0524 EBOOSTRSVC - ok
22:56:21.0031 0524 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
22:56:21.0031 0524 ElbyCDFL - ok
22:56:21.0093 0524 [ AAA8999A169E39FB8B48AE49CD6AC30A ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
22:56:21.0093 0524 ElbyCDIO - ok
22:56:21.0187 0524 [ 4FC527253A40486E39046E2B7B75A8CA ] EntDrv51 C:\WINDOWS\system32\drivers\EntDrv51.sys
22:56:21.0187 0524 EntDrv51 - ok
22:56:21.0281 0524 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:56:21.0281 0524 ERSvc - ok
22:56:21.0375 0524 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
22:56:21.0375 0524 Eventlog - ok
22:56:21.0468 0524 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
22:56:21.0500 0524 EventSystem - ok
22:56:21.0609 0524 [ D0ABA5CE65AB5F1DD898F1EF3696A81F ] Fallback C:\WINDOWS\system32\DRIVERS\fallback.sys
22:56:21.0609 0524 Fallback - ok
22:56:21.0718 0524 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:56:21.0734 0524 Fastfat - ok
22:56:21.0828 0524 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:56:21.0828 0524 FastUserSwitchingCompatibility - ok
22:56:21.0921 0524 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:56:21.0937 0524 Fdc - ok
22:56:22.0015 0524 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:56:22.0015 0524 Fips - ok
22:56:22.0093 0524 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:56:22.0109 0524 Flpydisk - ok
22:56:22.0171 0524 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:56:22.0171 0524 FltMgr - ok
22:56:22.0281 0524 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:56:22.0312 0524 FontCache3.0.0.0 - ok
22:56:22.0359 0524 [ A057E6686C22D2101CC650208096F153 ] Fsks C:\WINDOWS\system32\DRIVERS\fsksnt.sys
22:56:22.0375 0524 Fsks - ok
22:56:22.0453 0524 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:56:22.0468 0524 Fs_Rec - ok
22:56:22.0546 0524 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:56:22.0562 0524 Ftdisk - ok
22:56:22.0656 0524 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:56:22.0656 0524 gameenum - ok
22:56:22.0718 0524 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:56:22.0734 0524 Gpc - ok
22:56:22.0859 0524 HidServ - ok
22:56:22.0906 0524 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:56:22.0921 0524 HidUsb - ok
22:56:23.0000 0524 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:56:23.0015 0524 hkmsvc - ok
22:56:23.0062 0524 hpn - ok
22:56:23.0109 0524 hpt3xx - ok
22:56:23.0343 0524 [ 74E379857D4C0DFB56DE2D19B8F4C434 ] hsf_msft C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
22:56:23.0390 0524 hsf_msft - ok
22:56:23.0515 0524 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:56:23.0531 0524 HTTP - ok
22:56:23.0609 0524 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:56:23.0625 0524 HTTPFilter - ok
22:56:23.0671 0524 i2omgmt - ok
22:56:23.0718 0524 i2omp - ok
22:56:23.0781 0524 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:56:23.0781 0524 i8042prt - ok
22:56:24.0328 0524 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:56:24.0703 0524 idsvc - ok
22:56:24.0781 0524 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\drivers\Imapi.sys
22:56:24.0796 0524 Imapi - ok
22:56:24.0953 0524 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:56:24.0984 0524 ImapiService - ok
22:56:25.0062 0524 ini910u - ok
22:56:25.0125 0524 IntelIde - ok
22:56:25.0187 0524 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:56:25.0203 0524 ip6fw - ok
22:56:25.0281 0524 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:56:25.0296 0524 IpFilterDriver - ok
22:56:25.0359 0524 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:56:25.0359 0524 IpInIp - ok
22:56:25.0421 0524 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:56:25.0437 0524 IpNat - ok
22:56:25.0515 0524 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:56:25.0531 0524 IPSec - ok
22:56:25.0593 0524 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:56:25.0609 0524 IRENUM - ok
22:56:25.0703 0524 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:56:25.0703 0524 isapnp - ok
22:56:25.0875 0524 [ 02B68EFFE84A5D5E9A35FC23134CF850 ] K56 C:\WINDOWS\system32\DRIVERS\k56nt.sys
22:56:25.0875 0524 K56 - ok
22:56:25.0937 0524 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:56:25.0953 0524 Kbdclass - ok
22:56:26.0062 0524 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:56:26.0062 0524 kmixer - ok
22:56:26.0140 0524 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:56:26.0140 0524 KSecDD - ok
22:56:26.0218 0524 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:56:26.0234 0524 lanmanserver - ok
22:56:26.0296 0524 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:56:26.0328 0524 lanmanworkstation - ok
22:56:26.0390 0524 [ 713CD5267ABFB86FE90A72E384E82A38 ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
22:56:26.0390 0524 Lbd - ok
22:56:26.0437 0524 lbrtfdc - ok
22:56:26.0578 0524 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:56:26.0593 0524 LmHosts - ok
22:56:26.0937 0524 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
22:56:27.0015 0524 MatSvc - ok
22:56:27.0093 0524 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:56:27.0109 0524 Messenger - ok
22:56:27.0171 0524 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:56:27.0171 0524 mnmdd - ok
22:56:27.0265 0524 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
22:56:27.0265 0524 mnmsrvc - ok
22:56:27.0343 0524 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:56:27.0343 0524 Modem - ok
22:56:27.0421 0524 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:56:27.0484 0524 Mouclass - ok
22:56:27.0546 0524 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:56:27.0578 0524 mouhid - ok
22:56:27.0656 0524 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:56:27.0671 0524 MountMgr - ok
22:56:27.0781 0524 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:56:27.0796 0524 MpFilter - ok
22:56:28.0156 0524 [ A69630D039C38018689190234F866D77 ] MpKslcf126ff5 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC4B10CE-A7F4-4C9D-80D4-D6703644587B}\MpKslcf126ff5.sys
22:56:28.0156 0524 MpKslcf126ff5 - ok
22:56:28.0203 0524 mraid35x - ok
22:56:28.0281 0524 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:56:28.0343 0524 MRxDAV - ok
22:56:28.0484 0524 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:56:28.0500 0524 MRxSmb - ok
22:56:28.0562 0524 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
22:56:28.0562 0524 MSDTC - ok
22:56:28.0656 0524 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:56:28.0656 0524 Msfs - ok
22:56:28.0718 0524 MSIServer - ok
22:56:28.0781 0524 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:56:28.0781 0524 MSKSSRV - ok
22:56:28.0890 0524 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:56:28.0906 0524 MsMpSvc - ok
22:56:29.0015 0524 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:56:29.0031 0524 MSPCLOCK - ok
22:56:29.0093 0524 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:56:29.0109 0524 MSPQM - ok
22:56:29.0171 0524 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:56:29.0203 0524 mssmbios - ok
22:56:29.0281 0524 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
22:56:29.0281 0524 ms_mpu401 - ok
22:56:29.0343 0524 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:56:29.0359 0524 Mup - ok
22:56:29.0421 0524 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:56:29.0453 0524 napagent - ok
22:56:29.0531 0524 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:56:29.0562 0524 NDIS - ok
22:56:29.0625 0524 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:56:29.0625 0524 NdisTapi - ok
22:56:29.0687 0524 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:56:29.0703 0524 Ndisuio - ok
22:56:29.0765 0524 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:56:29.0781 0524 NdisWan - ok
22:56:29.0843 0524 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:56:29.0843 0524 NDProxy - ok
22:56:29.0921 0524 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:56:29.0921 0524 NetBIOS - ok
22:56:29.0984 0524 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:56:30.0015 0524 NetBT - ok
22:56:30.0109 0524 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
22:56:30.0109 0524 NetDDE - ok
22:56:30.0156 0524 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:56:30.0171 0524 NetDDEdsdm - ok
22:56:30.0234 0524 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:56:30.0234 0524 Netlogon - ok
22:56:30.0343 0524 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
22:56:30.0343 0524 Netman - ok
22:56:30.0406 0524 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:56:30.0421 0524 NetTcpPortSharing - ok
22:56:30.0515 0524 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
22:56:30.0546 0524 Nla - ok
22:56:30.0609 0524 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
22:56:30.0625 0524 nm - ok
22:56:30.0703 0524 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:56:30.0703 0524 Npfs - ok
22:56:30.0781 0524 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:56:30.0828 0524 Ntfs - ok
22:56:30.0875 0524 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
22:56:30.0890 0524 NtLmSsp - ok
22:56:30.0984 0524 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:56:31.0015 0524 NtmsSvc - ok
22:56:31.0078 0524 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:56:31.0078 0524 Null - ok
22:56:31.0187 0524 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:56:31.0187 0524 NwlnkFlt - ok
22:56:31.0234 0524 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:56:31.0234 0524 NwlnkFwd - ok
22:56:31.0328 0524 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:56:31.0343 0524 Parport - ok
22:56:31.0375 0524 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:56:31.0375 0524 PartMgr - ok
22:56:31.0437 0524 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:56:31.0437 0524 ParVdm - ok
22:56:31.0515 0524 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:56:31.0515 0524 PCI - ok
22:56:31.0562 0524 PCIDump - ok
22:56:31.0609 0524 PCIIde - ok
22:56:31.0703 0524 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:56:31.0703 0524 Pcmcia - ok
22:56:31.0750 0524 PDCOMP - ok
22:56:31.0796 0524 PDFRAME - ok
22:56:31.0843 0524 PDRELI - ok
22:56:31.0906 0524 PDRFRAME - ok
22:56:31.0953 0524 perc2 - ok
22:56:32.0015 0524 perc2hib - ok
22:56:32.0156 0524 [ 6C1618A07B49E3873582B6449E744088 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
22:56:32.0203 0524 pfc - ok
22:56:32.0296 0524 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
22:56:32.0296 0524 PlugPlay - ok
22:56:32.0390 0524 [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
22:56:32.0390 0524 Point32 - ok
22:56:32.0453 0524 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:56:32.0453 0524 PolicyAgent - ok
22:56:32.0531 0524 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:56:32.0531 0524 PptpMiniport - ok
22:56:32.0593 0524 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
22:56:32.0593 0524 Processor - ok
22:56:32.0640 0524 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:56:32.0656 0524 ProtectedStorage - ok
22:56:32.0703 0524 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:56:32.0718 0524 PSched - ok
22:56:32.0796 0524 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:56:32.0796 0524 Ptilink - ok
22:56:32.0843 0524 ql1080 - ok
22:56:32.0890 0524 Ql10wnt - ok
22:56:32.0937 0524 ql12160 - ok
22:56:32.0984 0524 ql1240 - ok
22:56:33.0031 0524 ql1280 - ok
22:56:33.0093 0524 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:56:33.0109 0524 RasAcd - ok
22:56:33.0187 0524 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:56:33.0187 0524 RasAuto - ok
22:56:33.0234 0524 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:56:33.0234 0524 Rasl2tp - ok
22:56:33.0328 0524 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:56:33.0343 0524 RasMan - ok
22:56:33.0390 0524 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:56:33.0390 0524 RasPppoe - ok
22:56:33.0468 0524 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:56:33.0468 0524 Raspti - ok
22:56:33.0515 0524 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:56:33.0531 0524 Rdbss - ok
22:56:33.0578 0524 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:56:33.0593 0524 RDPCDD - ok
22:56:33.0671 0524 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:56:33.0687 0524 RDPWD - ok
22:56:33.0781 0524 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:56:33.0781 0524 RDSessMgr - ok
22:56:33.0875 0524 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:56:33.0890 0524 redbook - ok
22:56:33.0984 0524 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:56:33.0984 0524 RemoteAccess - ok
22:56:34.0093 0524 [ 72DEC8652E747CBF22A81ED4BA5AE969 ] Rksample C:\WINDOWS\system32\DRIVERS\rksample.sys
22:56:34.0093 0524 Rksample - ok
22:56:34.0187 0524 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
22:56:34.0187 0524 RpcLocator - ok
22:56:34.0281 0524 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
22:56:34.0296 0524 RpcSs - ok
22:56:34.0406 0524 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
22:56:34.0406 0524 RSVP - ok
22:56:34.0484 0524 [ CF84B1F0E8B14D4120AAF9CF35CBB265 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
22:56:34.0625 0524 RTL8023xp - ok
22:56:34.0687 0524 [ 8BE348F9AEEB4DA0005B7F500F46F6AD ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:56:34.0687 0524 rtl8139 - ok
22:56:34.0765 0524 [ F5C5903C601A193E659485CD8258FCB3 ] S3Psddr C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
22:56:34.0781 0524 S3Psddr - ok
22:56:34.0843 0524 SABProcEnum - ok
22:56:34.0906 0524 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
22:56:34.0906 0524 SamSs - ok
22:56:34.0984 0524 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:56:34.0984 0524 SASDIFSV - ok
22:56:35.0046 0524 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
22:56:35.0046 0524 SASENUM - ok
22:56:35.0093 0524 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
22:56:35.0093 0524 SASKUTIL - ok
22:56:35.0187 0524 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:56:35.0203 0524 SCardSvr - ok
22:56:35.0281 0524 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:56:35.0281 0524 Schedule - ok
22:56:35.0375 0524 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:56:35.0390 0524 Secdrv - ok
22:56:35.0468 0524 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:56:35.0468 0524 seclogon - ok
22:56:35.0531 0524 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
22:56:35.0531 0524 SENS - ok
22:56:35.0593 0524 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:56:35.0593 0524 serenum - ok
22:56:35.0640 0524 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:56:35.0656 0524 Serial - ok
22:56:35.0750 0524 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:56:35.0750 0524 Sfloppy - ok
22:56:35.0828 0524 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:56:35.0859 0524 SharedAccess - ok
22:56:35.0921 0524 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:56:35.0921 0524 ShellHWDetection - ok
22:56:36.0000 0524 Simbad - ok
22:56:36.0093 0524 [ F91A2526C4162542F99FE3F95676C45E ] SoftFax C:\WINDOWS\system32\DRIVERS\faxnt.sys
22:56:36.0093 0524 SoftFax - ok
22:56:36.0156 0524 Sparrow - ok
22:56:36.0203 0524 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:56:36.0203 0524 splitter - ok
22:56:36.0265 0524 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:56:36.0281 0524 Spooler - ok
22:56:36.0328 0524 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:56:36.0328 0524 sr - ok
22:56:36.0375 0524 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
22:56:36.0390 0524 srservice - ok
22:56:36.0484 0524 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:56:36.0500 0524 Srv - ok
22:56:36.0593 0524 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:56:36.0625 0524 SSDPSRV - ok
22:56:36.0718 0524 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:56:36.0734 0524 stisvc - ok
22:56:36.0828 0524 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:56:36.0828 0524 swenum - ok
22:56:36.0875 0524 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:56:36.0890 0524 swmidi - ok
22:56:36.0906 0524 SwPrv - ok
22:56:36.0984 0524 symc810 - ok
22:56:37.0031 0524 symc8xx - ok
22:56:37.0093 0524 sym_hi - ok
22:56:37.0140 0524 sym_u3 - ok
22:56:37.0187 0524 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:56:37.0203 0524 sysaudio - ok
22:56:37.0281 0524 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:56:37.0281 0524 SysmonLog - ok
22:56:37.0359 0524 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:56:37.0375 0524 TapiSrv - ok
22:56:37.0609 0524 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:56:37.0640 0524 Tcpip - ok
22:56:37.0734 0524 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:56:37.0734 0524 TDPIPE - ok
22:56:37.0812 0524 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:56:37.0828 0524 TDTCP - ok
22:56:37.0890 0524 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:56:37.0906 0524 TermDD - ok
22:56:38.0015 0524 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
22:56:38.0046 0524 TermService - ok
22:56:38.0125 0524 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
22:56:38.0125 0524 Themes - ok
22:56:38.0218 0524 [ 165231B2C9A0C1B539EAC4D73CF80A5D ] Tones C:\WINDOWS\system32\DRIVERS\tonesnt.sys
22:56:38.0234 0524 Tones - ok
22:56:38.0281 0524 TosIde - ok
22:56:38.0359 0524 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:56:38.0375 0524 TrkWks - ok
22:56:38.0453 0524 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:56:38.0453 0524 Udfs - ok
22:56:38.0500 0524 ultra - ok
22:56:38.0609 0524 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:56:38.0625 0524 Update - ok
22:56:38.0718 0524 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:56:38.0750 0524 upnphost - ok
22:56:38.0812 0524 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
22:56:38.0953 0524 UPS - ok
22:56:39.0015 0524 USBAAPL - ok
22:56:39.0078 0524 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:56:39.0078 0524 usbhub - ok
22:56:39.0125 0524 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:56:39.0125 0524 usbprint - ok
22:56:39.0187 0524 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:56:39.0187 0524 usbscan - ok
22:56:39.0265 0524 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:56:39.0265 0524 USBSTOR - ok
22:56:39.0328 0524 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:56:39.0328 0524 usbuhci - ok
22:56:39.0421 0524 [ 315733C3978076652F4338743EBB6B9D ] V124 C:\WINDOWS\system32\DRIVERS\v124nt.sys
22:56:39.0421 0524 V124 - ok
22:56:39.0484 0524 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:56:39.0500 0524 VgaSave - ok
22:56:39.0578 0524 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:56:39.0578 0524 viaagp - ok
22:56:39.0640 0524 [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
22:56:39.0656 0524 viaagp1 - ok
22:56:39.0703 0524 [ A5D8B6C8D43786D4215C1DF6FAB0AAE0 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaidexp.sys
22:56:39.0703 0524 ViaIde - ok
22:56:39.0781 0524 [ 662626BCCF060F2F4B6D5AF7AC121FF5 ] VIAPFD C:\WINDOWS\System32\Drivers\VIAPFD.SYS
22:56:39.0812 0524 VIAPFD - ok
22:56:39.0906 0524 [ C147AFA614B9925479D47CD173329789 ] videX32 C:\WINDOWS\system32\DRIVERS\videX32.sys
22:56:39.0906 0524 videX32 - ok
22:56:39.0968 0524 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:56:39.0968 0524 VolSnap - ok
22:56:40.0078 0524 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
22:56:40.0093 0524 VSS - ok
22:56:40.0187 0524 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
22:56:40.0187 0524 W32Time - ok
22:56:40.0296 0524 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:56:40.0296 0524 Wanarp - ok
22:56:40.0421 0524 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
22:56:40.0437 0524 Wdf01000 - ok
22:56:40.0468 0524 WDICA - ok
22:56:40.0578 0524 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:56:40.0578 0524 wdmaud - ok
22:56:40.0656 0524 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:56:40.0656 0524 WebClient - ok
22:56:40.0765 0524 [ 93FD9BAA77E12E668D4FB4D773BC8D45 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:56:40.0796 0524 winachsf - ok
22:56:40.0937 0524 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:56:40.0953 0524 winmgmt - ok
22:56:41.0343 0524 [ 845AF1BA23C8D5E64DEF61BCC441604C ] WinRing0_1_2_0 C:\Documents and Settings\Judy\My Documents\My Received Files\Moo0_SystemMonitor_1.64_Portable\Moo0 SystemMonitor 1.64 Portable\WinRing0.sys
22:56:41.0375 0524 WinRing0_1_2_0 - ok
22:56:41.0531 0524 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:56:41.0531 0524 WmdmPmSN - ok
22:56:41.0671 0524 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:56:41.0687 0524 WmiApSrv - ok
22:56:41.0828 0524 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:56:41.0890 0524 WMPNetworkSvc - ok
22:56:41.0984 0524 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:56:41.0984 0524 WS2IFSL - ok
22:56:42.0062 0524 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:56:42.0062 0524 wscsvc - ok
22:56:42.0156 0524 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:56:42.0156 0524 wuauserv - ok
22:56:42.0250 0524 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:56:42.0250 0524 WudfPf - ok
22:56:42.0312 0524 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:56:42.0312 0524 WudfRd - ok
22:56:42.0406 0524 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:56:42.0421 0524 WudfSvc - ok
22:56:42.0531 0524 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:56:42.0546 0524 WZCSVC - ok
22:56:42.0656 0524 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:56:42.0656 0524 xmlprov - ok
22:56:42.0703 0524 ================ Scan global ===============================
22:56:42.0765 0524 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:56:42.0828 0524 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:56:42.0906 0524 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:56:42.0968 0524 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:56:42.0968 0524 [Global] - ok
22:56:43.0000 0524 ================ Scan MBR ==================================
22:56:43.0046 0524 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:56:43.0250 0524 \Device\Harddisk0\DR0 - ok
22:56:43.0265 0524 ================ Scan VBR ==================================
22:56:43.0281 0524 [ 1888B106270A1BF06603DFBC3D0097B2 ] \Device\Harddisk0\DR0\Partition1
22:56:43.0296 0524 \Device\Harddisk0\DR0\Partition1 - ok
22:56:43.0296 0524 ============================================================
22:56:43.0296 0524 Scan finished
22:56:43.0296 0524 ============================================================
22:56:43.0375 0496 Detected object count: 0
22:56:43.0375 0496 Actual detected object count: 0
22:57:34.0453 1828 Deinitialize success




AswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-30 22:58:06
-----------------------------
22:58:06.421 OS Version: Windows 5.1.2600 Service Pack 3
22:58:06.421 Number of processors: 1 586 0x602
22:58:06.421 ComputerName: T1600 UserName: Judy
22:58:07.125 Initialize success
23:02:49.484 AVAST engine defs: 12103001
23:03:07.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:03:07.265 Disk 0 Vendor: WDC_WD400EB-00CPF0 06.04G06 Size: 38166MB BusType: 3
23:03:07.281 Disk 0 MBR read successfully
23:03:07.296 Disk 0 MBR scan
23:03:07.328 Disk 0 Windows XP default MBR code
23:03:07.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
23:03:07.359 Disk 0 scanning sectors +78156225
23:03:07.453 Disk 0 scanning C:\WINDOWS\system32\drivers
23:03:47.406 Service scanning
23:04:05.781 Service MpKslcf126ff5 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC4B10CE-A7F4-4C9D-80D4-D6703644587B}\MpKslcf126ff5.sys **LOCKED** 32
23:04:28.656 Modules scanning
23:04:37.390 Disk 0 trace - called modules:
23:04:37.437 ntoskrnl.exe hal.dll CLASSPNP.SYS disk.sys ACPI.sys atapi.sys videX32.sys PCIIDEX.SYS
23:04:37.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a340ab8]
23:04:37.953 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a3169e8]
23:04:37.968 5 ACPI.sys[ba7b7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a316d98]
23:04:38.328 AVAST engine scan C:\WINDOWS
23:04:59.765 AVAST engine scan C:\WINDOWS\system32
23:13:51.578 AVAST engine scan C:\WINDOWS\system32\drivers
23:14:38.390 AVAST engine scan C:\Documents and Settings\Judy
01:10:20.484 AVAST engine scan C:\Documents and Settings\All Users
01:12:14.890 Scan finished successfully
06:20:50.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Judy\Desktop\MBR.dat"
06:20:50.531 The log file has been saved successfully to "C:\Documents and Settings\Judy\Desktop\aswMBR.txt"


Thank you for the time you are spending.... You guys/gals here are Godsends.... I am amazed at the amount of infected computers out there....

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 31 October 2012 - 08:03 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

Driver::
gupdatem
AntiVirSchedulerService

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users