Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MyWayWebSearch / Vundo Trojan


  • This topic is locked This topic is locked
34 replies to this topic

#1 sh4rkbyt3

sh4rkbyt3

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 29 September 2012 - 09:47 PM

Recieved a very slow system that refuses to connect to the Internet. First used SAS which located nothing and followed that up with MBAM which located 30 infections, of the 30 found 29 were all listed as PUPS MyWayWebSearch, the odd 1 was Vundo Trojan. All were allegedly captured and removed. Upon trying to connect to the Internet I get a message of cable disconnected (despite it being connected properly) and I'm not totally sure the Vundo Trojan is completely removed yet. Scanned again in Safe Mode with MBAM and located 2 more infections which were allegedly removed as well. Also hit it with ComboFix which I believe removed 4 files. Tried DNS Flush, ipconfig, Winsock repair and it will still not hook up through DSL.

Here is my DDS.txt log as well as my dds.attach file connected below:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
Run by Cathy at 22:34:09 on 2012-09-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.687 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxeacoms.exe
C:\WINDOWS\system32\lxebcoms.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Microsoft Internet Explorer presented by Comcast
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"
mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"
mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137382467082
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: Interfaces\{5C2E6527-4F18-47E0-AFED-00A944404663} : DhcpNameServer = 68.87.75.194 68.87.64.146 68.87.72.130
TCP: Interfaces\{B213D03F-1873-47DD-9C75-28578E9ACB5B} : DhcpNameServer = 68.87.75.194 68.87.64.146
TCP: Interfaces\{BD293978-22DF-489C-988F-908D6F12126E} : DhcpNameServer = 75.75.75.75 75.75.76.76
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-10-25 193192]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-3-5 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-3-5 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-3-5 166384]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-3-5 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-3-5 1120752]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-11 250056]
S4 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\3.0.207\mcchsvc.exe" --> c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [?]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-9-18 114144]
.
=============== Created Last 30 ================
.
2012-09-28 20:31:30 -------- d-sh--w- c:\documents and settings\cathy.fuscofamily\IECompatCache
2012-09-28 20:29:21 -------- d-sh--w- c:\documents and settings\cathy.fuscofamily\PrivacIE
2012-09-27 03:51:14 -------- d-----w- c:\documents and settings\cathy.fuscofamily\application data\SUPERAntiSpyware.com
2012-09-27 03:49:36 -------- d-----w- c:\documents and settings\cathy.fuscofamily\application data\Malwarebytes
2012-09-27 03:47:38 -------- d-sh--w- c:\documents and settings\cathy.fuscofamily\IETldCache
2012-09-27 03:43:54 -------- dc-h--w- c:\windows\ie8
2012-09-27 03:15:36 388096 ----a-r- c:\documents and settings\cathy.fuscofamily\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-09-27 03:15:35 -------- d-----w- c:\program files\Trend Micro
2012-09-27 03:12:44 -------- d-----w- c:\documents and settings\cathy.fuscofamily\local settings\application data\BVRP Software
2012-09-27 02:37:14 -------- d-----w- c:\windows\pss
2012-09-27 02:34:28 -------- d-----w- c:\documents and settings\cathy.fuscofamily\local settings\application data\SupportSoft
2012-09-27 01:49:27 98816 ----a-w- c:\windows\sed.exe
2012-09-27 01:49:27 518144 ----a-w- c:\windows\SWREG.exe
2012-09-27 01:49:27 256000 ----a-w- c:\windows\PEV.exe
2012-09-27 01:49:27 208896 ----a-w- c:\windows\MBR.exe
2012-09-27 01:07:22 -------- d-----w- c:\program files\VS Revo Group
2012-09-27 01:05:45 -------- d-----w- C:\FRST
2012-09-27 00:45:14 -------- d-----w- c:\program files\Defraggler
2012-09-19 00:31:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-19 00:31:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-19 00:31:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-18 22:23:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-18 22:23:26 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-09-18 21:10:56 -------- d-----w- c:\program files\TeamViewer
2012-09-08 18:58:26 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-09-08 18:58:26 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-08 18:55:08 -------- d-----w- c:\program files\CCleaner
2012-09-08 18:51:50 -------- d-----w- c:\program files\TweetDeck
.
==================== Find3M ====================
.
2012-07-16 14:58:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 14:58:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-16 14:58:20 9226440 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-06 13:58:52 337920 ----a-w- c:\windows\system32\netapi32(3)(3).dll
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser(4)(2).dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 15:07:44 832512 ----a-w- c:\windows\system32\wininet(3)(3).dll
2012-07-03 15:07:43 268288 ----a-w- c:\windows\system32\iertutil(2)(2)(2).dll
2012-07-03 15:07:43 1168896 ----a-w- c:\windows\system32\urlmon(3)(3).dll
2012-07-03 15:07:43 106496 ----a-w- c:\windows\system32\url(3)(3).dll
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k(2)(2)(2).sys
2006-02-16 00:58:01 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 22:34:54.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 30 September 2012 - 12:22 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 01 October 2012 - 12:20 PM

Here is the adw log:

# AdwCleaner v2.003 - Logfile created 10/01/2012 at 13:13:53
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Cathy - FUSCOFAMILY
# Boot Mode : Normal
# Running from : E:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[S1].txt - [1993 octets] - [01/10/2012 13:13:53]

########## EOF - C:\AdwCleaner[S1].txt - [2053 octets] ##########


And the Rogue Killer log:

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Cathy [Admin rights]
Mode : Scan -- Date : 10/01/2012 13:10:35

Bad processes : 0

Registry Entries : 2
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

Particular Files / Folders:

Driver : [LOADED]

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD1600JB-75GVC0 +++++
--- User ---
[MBR] 480ee21c2624d5b2a35805d35b301fe3
[BSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 148797 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 304817310 | Size: 3749 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 190894e982a17c175dc70ff72f41f7d9
[BSP] 3ed6574b64bc0d48c805cbfa4fb2bfa0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 3817 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 01 October 2012 - 01:23 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 01 October 2012 - 03:11 PM

Couldn't do a direct dload since I have not been able to get this to connect to the Internet so I ran it from a thumb drive.

On initialization of CombFix I get the message 'gsar : unable to open input file regedit.exe', couldn't download the restore feature either so I just ran it as is.

Here are the results:

ComboFix 12-09-26.06 - Cathy 10/01/2012 15:57:35.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.671 [GMT -4:00]
Running from: c:\documents and settings\Cathy.FUSCOFAMILY\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2012-09-01 to 2012-10-01 )))))))))))))))))))))))))))))))
.
.
2012-09-29 22:52 . 2012-09-29 22:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-09-27 03:43 . 2012-09-27 03:45 -------- dc-h--w- c:\windows\ie8
2012-09-27 03:15 . 2012-09-27 03:15 -------- d-----w- c:\program files\Trend Micro
2012-09-27 02:31 . 2012-09-28 20:31 -------- d-----w- c:\documents and settings\Cathy.FUSCOFAMILY
2012-09-27 02:29 . 2012-09-27 02:29 -------- d-----w- c:\documents and settings\TEMP
2012-09-27 01:07 . 2012-09-27 01:23 -------- d-----w- c:\program files\VS Revo Group
2012-09-27 01:05 . 2012-09-27 01:05 -------- d-----w- C:\FRST
2012-09-27 00:45 . 2012-09-27 00:45 -------- d-----w- c:\program files\Defraggler
2012-09-27 00:41 . 2012-09-30 00:06 -------- d-----w- c:\documents and settings\Administrator.FUSCOFAMILY.000
2012-09-19 00:31 . 2012-09-19 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-19 00:31 . 2012-09-19 00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-19 00:31 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-18 22:23 . 2012-09-18 22:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-18 22:23 . 2012-09-18 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-09-18 21:10 . 2012-09-18 21:10 -------- d-----w- c:\program files\TeamViewer
2012-09-08 18:58 . 2012-09-08 18:58 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-08 18:55 . 2012-09-08 18:55 -------- d-----w- c:\program files\CCleaner
2012-09-08 18:51 . 2012-09-08 18:51 -------- d-----w- c:\program files\TweetDeck
2012-09-08 18:24 . 2012-09-08 18:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 14:58 . 2012-06-11 13:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-16 14:58 . 2011-05-24 17:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 14:58 . 2012-06-25 12:58 9226440 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-06 13:58 . 2004-08-04 10:00 337920 ----a-w- c:\windows\system32\netapi32(3)(3).dll
2012-07-06 13:58 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 13:58 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\browser(4)(2).dll
2012-07-04 14:05 . 2004-08-04 10:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2006-02-16 00:58 . 2006-02-16 00:58 774144 ----a-w- c:\program files\RngInterstitial.dll
2012-09-06 01:27 . 2012-09-18 21:08 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2002-04-25 1544192]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-03-05 244208]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2008-03-05 113136]
"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2011-01-24 148280]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MozillaMaintenance"=3 (0x3)
"McComponentHostService"=3 (0x3)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxebcoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxeacoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 2:54 PM 116608]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxeaserv.exe [10/25/2011 3:05 PM 193192]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [3/5/2008 9:32 AM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [3/5/2008 9:32 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [3/5/2008 9:32 AM 166384]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [3/5/2008 9:32 AM 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [3/5/2008 9:31 AM 1120752]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [6/11/2012 9:42 AM 250056]
S4 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe" --> c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [?]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [9/18/2012 5:08 PM 114144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 14:58]
.
2011-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-01 16:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
tgcmd = "c:\program files\support.com\bin\tgcmd.exe" /server?cmd.exe" /server
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3880)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-10-01 16:04:45
ComboFix-quarantined-files.txt 2012-10-01 20:04
ComboFix2.txt 2012-09-27 03:05
ComboFix3.txt 2012-09-27 02:09
.
Pre-Run: 128,347,017,216 bytes free
Post-Run: 128,328,425,472 bytes free
.
- - End Of File - - 86411F58CB3B945423878A5F1B2F8FDA

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 01 October 2012 - 10:14 PM

"Complete Internet Repair"


  • Download "Complete Internet Repair" and choose run
  • when asked to extract - extract to the desktop
  • open the "Complete Internet Repair" folder
  • double click on "CIntRep.exe"
  • OK any security responces
  • put a Checkmark in all boxes
  • Click on the "GO" button
  • restart the computer

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 02 October 2012 - 09:45 AM

ok did that and upon restart I am getting a pop up saying :

Windows Security Alert

To help protect your computer, Windows Firewall has blocked some features of this program.

Name: Support.com Scheduler and Command Dispatcher
Publisher: Support.com

Choices are as follows: Keep Blocking Unblock Ask Me Later


Behind the popup it says Internet Explorer cannot display the webpage.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 03 October 2012 - 12:51 AM

unblock it and see if you can connect


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 03 October 2012 - 09:36 AM

Good news, it's working now.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 03 October 2012 - 12:55 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 03 October 2012 - 10:21 PM

Computer seems to be running ok now and I'd like to add Avast Anti-Virus at this point if you agree.

Here is the ComboFix logfile:

ComboFix 12-10-03.03 - Cathy 10/03/2012 23:10:30.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.561 [GMT -4:00]
Running from: c:\documents and settings\Cathy.FUSCOFAMILY\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cathy.FUSCOFAMILY\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
.
.
2012-09-29 22:52 . 2012-09-29 22:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-09-27 03:43 . 2012-09-27 03:45 -------- dc-h--w- c:\windows\ie8
2012-09-27 03:15 . 2012-09-27 03:15 -------- d-----w- c:\program files\Trend Micro
2012-09-27 02:31 . 2012-10-03 14:24 -------- d-----w- c:\documents and settings\Cathy.FUSCOFAMILY
2012-09-27 02:29 . 2012-09-27 02:29 -------- d-----w- c:\documents and settings\TEMP
2012-09-27 01:07 . 2012-09-27 01:23 -------- d-----w- c:\program files\VS Revo Group
2012-09-27 01:05 . 2012-09-27 01:05 -------- d-----w- C:\FRST
2012-09-27 00:45 . 2012-09-27 00:45 -------- d-----w- c:\program files\Defraggler
2012-09-27 00:41 . 2012-09-30 00:06 -------- d-----w- c:\documents and settings\Administrator.FUSCOFAMILY.000
2012-09-19 00:31 . 2012-09-19 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-19 00:31 . 2012-09-19 00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-19 00:31 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-18 22:23 . 2012-09-18 22:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-18 22:23 . 2012-09-18 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-09-18 21:10 . 2012-09-18 21:10 -------- d-----w- c:\program files\TeamViewer
2012-09-08 18:58 . 2012-09-08 18:58 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-08 18:55 . 2012-10-03 14:24 -------- d-----w- c:\program files\CCleaner
2012-09-08 18:51 . 2012-09-08 18:51 -------- d-----w- c:\program files\TweetDeck
2012-09-08 18:24 . 2012-09-08 18:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 14:58 . 2012-06-11 13:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-16 14:58 . 2011-05-24 17:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 14:58 . 2012-06-25 12:58 9226440 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-06 13:58 . 2004-08-04 10:00 337920 ----a-w- c:\windows\system32\netapi32(3)(3).dll
2012-07-06 13:58 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 13:58 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\browser(4)(2).dll
2006-02-16 00:58 . 2006-02-16 00:58 774144 ----a-w- c:\program files\RngInterstitial.dll
2012-09-06 01:27 . 2012-09-18 21:08 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2002-04-25 1544192]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-03-05 244208]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2008-03-05 113136]
"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2011-01-24 148280]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MozillaMaintenance"=3 (0x3)
"McComponentHostService"=3 (0x3)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 2:54 PM 116608]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxeaserv.exe [10/25/2011 3:05 PM 193192]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [3/5/2008 9:32 AM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [3/5/2008 9:32 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [3/5/2008 9:32 AM 166384]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [3/5/2008 9:32 AM 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [3/5/2008 9:31 AM 1120752]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [6/11/2012 9:42 AM 250056]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [9/18/2012 5:08 PM 114144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 14:58]
.
2011-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-03 23:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
tgcmd = "c:\program files\support.com\bin\tgcmd.exe" /server?cmd.exe" /server
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-10-03 23:17:01
ComboFix-quarantined-files.txt 2012-10-04 03:16
ComboFix2.txt 2012-10-01 20:04
ComboFix3.txt 2012-09-27 03:05
ComboFix4.txt 2012-09-27 02:09
.
Pre-Run: 128,486,993,920 bytes free
Post-Run: 128,472,588,288 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F3B710727909C28D12541C7DE4B67A6D

#12 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 03 October 2012 - 11:21 PM

Looks as if I spoke too soon. After shutting down the computer and restarting it I am now getting a VERY slow Internet Explorer start up and it's reacting back the same way giving me Local Area Connection (cable unplugged) which it's not, and then Internet Explorer cannot display the web page message.

After 1-2 minutes of waiting I am also getting the original popup again

Windows Security Alert

To help protect your computer, Windows Firewall has blocked some features of this program.

Name: Support.com Scheduler and Command Dispatcher
Publisher: Support.com

Choices are as follows: Keep Blocking Unblock Ask Me Later

but now when I click "unblock" it automatically starts IE in the Internet Explorer cannot display the webpage message once again.

Edited by sh4rkbyt3, 03 October 2012 - 11:31 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 04 October 2012 - 12:21 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 04 October 2012 - 08:59 AM

Here is the TDSS log File results:

09:50:02.0875 3564 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:50:02.0890 3564 ============================================================
09:50:02.0890 3564 Current date / time: 2012/10/04 09:50:02.0890
09:50:02.0890 3564 SystemInfo:
09:50:02.0890 3564
09:50:02.0906 3564 OS Version: 5.1.2600 ServicePack: 3.0
09:50:02.0906 3564 Product type: Workstation
09:50:02.0906 3564 ComputerName: FUSCOFAMILY
09:50:02.0906 3564 UserName: Cathy
09:50:02.0906 3564 Windows directory: C:\WINDOWS
09:50:02.0906 3564 System windows directory: C:\WINDOWS
09:50:02.0906 3564 Processor architecture: Intel x86
09:50:02.0906 3564 Number of processors: 2
09:50:02.0906 3564 Page size: 0x1000
09:50:02.0906 3564 Boot type: Normal boot
09:50:02.0906 3564 ============================================================
09:50:05.0468 3564 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:50:05.0468 3564 Drive \Device\Harddisk1\DR4 - Size: 0xEE979000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:50:05.0468 3564 ============================================================
09:50:05.0468 3564 \Device\Harddisk0\DR0:
09:50:05.0468 3564 MBR partitions:
09:50:05.0468 3564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1229EAD9
09:50:05.0468 3564 \Device\Harddisk1\DR4:
09:50:05.0468 3564 MBR partitions:
09:50:05.0468 3564 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x774B89
09:50:05.0468 3564 ============================================================
09:50:05.0515 3564 C: <-> \Device\Harddisk0\DR0\Partition1
09:50:05.0515 3564 ============================================================
09:50:05.0515 3564 Initialize success
09:50:05.0515 3564 ============================================================
09:50:18.0390 3872 ============================================================
09:50:18.0390 3872 Scan started
09:50:18.0390 3872 Mode: Manual;
09:50:18.0390 3872 ============================================================
09:50:19.0406 3872 ================ Scan system memory ========================
09:50:19.0406 3872 System memory - ok
09:50:19.0406 3872 ================ Scan services =============================
09:50:19.0531 3872 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
09:50:19.0531 3872 !SASCORE - ok
09:50:19.0625 3872 Abiosdsk - ok
09:50:19.0671 3872 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:50:19.0687 3872 abp480n5 - ok
09:50:19.0718 3872 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:50:19.0718 3872 ACPI - ok
09:50:19.0734 3872 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
09:50:19.0750 3872 ACPIEC - ok
09:50:19.0812 3872 [ 5E1A953C6472E7BB644892A4D0DF5E72 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:50:19.0812 3872 AdobeFlashPlayerUpdateSvc - ok
09:50:19.0875 3872 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:50:19.0875 3872 adpu160m - ok
09:50:19.0906 3872 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:50:19.0906 3872 aec - ok
09:50:19.0937 3872 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:50:19.0937 3872 AFD - ok
09:50:19.0953 3872 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
09:50:19.0968 3872 agp440 - ok
09:50:20.0000 3872 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:50:20.0000 3872 agpCPQ - ok
09:50:20.0015 3872 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:50:20.0015 3872 Aha154x - ok
09:50:20.0031 3872 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:50:20.0031 3872 aic78u2 - ok
09:50:20.0046 3872 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:50:20.0062 3872 aic78xx - ok
09:50:20.0109 3872 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:50:20.0109 3872 Alerter - ok
09:50:20.0125 3872 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
09:50:20.0125 3872 ALG - ok
09:50:20.0156 3872 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
09:50:20.0156 3872 AliIde - ok
09:50:20.0171 3872 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:50:20.0171 3872 alim1541 - ok
09:50:20.0187 3872 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:50:20.0187 3872 amdagp - ok
09:50:20.0218 3872 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
09:50:20.0218 3872 amsint - ok
09:50:20.0312 3872 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:50:20.0312 3872 Apple Mobile Device - ok
09:50:20.0328 3872 AppMgmt - ok
09:50:20.0359 3872 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
09:50:20.0359 3872 asc - ok
09:50:20.0375 3872 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:50:20.0375 3872 asc3350p - ok
09:50:20.0390 3872 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:50:20.0390 3872 asc3550 - ok
09:50:20.0468 3872 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:50:20.0468 3872 aspnet_state - ok
09:50:20.0500 3872 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:50:20.0500 3872 AsyncMac - ok
09:50:20.0515 3872 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:50:20.0515 3872 atapi - ok
09:50:20.0531 3872 Atdisk - ok
09:50:20.0546 3872 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:50:20.0546 3872 Atmarpc - ok
09:50:20.0578 3872 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:50:20.0578 3872 AudioSrv - ok
09:50:20.0593 3872 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:50:20.0593 3872 audstub - ok
09:50:20.0609 3872 BCM42RLY - ok
09:50:20.0656 3872 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:50:20.0656 3872 Beep - ok
09:50:20.0687 3872 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
09:50:20.0718 3872 BITS - ok
09:50:20.0765 3872 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:50:20.0781 3872 Bonjour Service - ok
09:50:20.0796 3872 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
09:50:20.0796 3872 Browser - ok
09:50:20.0812 3872 bvrp_pci - ok
09:50:20.0921 3872 catchme - ok
09:50:20.0937 3872 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:50:20.0937 3872 cbidf - ok
09:50:20.0953 3872 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:50:20.0953 3872 cbidf2k - ok
09:50:21.0000 3872 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:50:21.0000 3872 cd20xrnt - ok
09:50:21.0031 3872 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:50:21.0031 3872 Cdaudio - ok
09:50:21.0046 3872 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:50:21.0046 3872 Cdfs - ok
09:50:21.0062 3872 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:50:21.0062 3872 Cdrom - ok
09:50:21.0062 3872 Changer - ok
09:50:21.0093 3872 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:50:21.0093 3872 CiSvc - ok
09:50:21.0125 3872 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:50:21.0125 3872 ClipSrv - ok
09:50:21.0156 3872 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:50:21.0187 3872 clr_optimization_v2.0.50727_32 - ok
09:50:21.0187 3872 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:50:21.0187 3872 CmdIde - ok
09:50:21.0203 3872 COMSysApp - ok
09:50:21.0218 3872 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:50:21.0218 3872 Cpqarray - ok
09:50:21.0250 3872 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:50:21.0250 3872 CryptSvc - ok
09:50:21.0281 3872 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:50:21.0281 3872 dac2w2k - ok
09:50:21.0281 3872 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:50:21.0281 3872 dac960nt - ok
09:50:21.0328 3872 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:50:21.0343 3872 DcomLaunch - ok
09:50:21.0359 3872 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:50:21.0359 3872 Dhcp - ok
09:50:21.0390 3872 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:50:21.0390 3872 Disk - ok
09:50:21.0390 3872 dmadmin - ok
09:50:21.0437 3872 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:50:21.0468 3872 dmboot - ok
09:50:21.0484 3872 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:50:21.0500 3872 dmio - ok
09:50:21.0531 3872 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:50:21.0531 3872 dmload - ok
09:50:21.0562 3872 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:50:21.0578 3872 dmserver - ok
09:50:21.0593 3872 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:50:21.0593 3872 DMusic - ok
09:50:21.0625 3872 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:50:21.0625 3872 Dnscache - ok
09:50:21.0671 3872 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:50:21.0671 3872 Dot3svc - ok
09:50:21.0703 3872 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:50:21.0703 3872 dpti2o - ok
09:50:21.0718 3872 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:50:21.0718 3872 drmkaud - ok
09:50:21.0750 3872 [ 96BC8F872F0270C10EDC3931F1C03776 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
09:50:21.0765 3872 drvmcdb - ok
09:50:21.0796 3872 [ 5AFBEC7A6AC61B211633DFDB1D9E0C89 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
09:50:21.0796 3872 drvnddm - ok
09:50:21.0843 3872 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
09:50:21.0843 3872 DSBrokerService - ok
09:50:21.0890 3872 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
09:50:21.0890 3872 DSproct - ok
09:50:21.0906 3872 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
09:50:21.0906 3872 dsunidrv - ok
09:50:21.0953 3872 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:50:21.0953 3872 E100B - ok
09:50:22.0000 3872 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:50:22.0000 3872 EapHost - ok
09:50:22.0031 3872 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:50:22.0031 3872 ERSvc - ok
09:50:22.0062 3872 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
09:50:22.0062 3872 Eventlog - ok
09:50:22.0109 3872 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
09:50:22.0125 3872 EventSystem - ok
09:50:22.0156 3872 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:50:22.0156 3872 Fastfat - ok
09:50:22.0203 3872 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:50:22.0203 3872 FastUserSwitchingCompatibility - ok
09:50:22.0234 3872 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
09:50:22.0250 3872 Fax - ok
09:50:22.0265 3872 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
09:50:22.0265 3872 Fdc - ok
09:50:22.0281 3872 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:50:22.0281 3872 Fips - ok
09:50:22.0296 3872 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:50:22.0296 3872 Flpydisk - ok
09:50:22.0328 3872 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:50:22.0328 3872 FltMgr - ok
09:50:22.0375 3872 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:50:22.0375 3872 FontCache3.0.0.0 - ok
09:50:22.0406 3872 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:50:22.0406 3872 Fs_Rec - ok
09:50:22.0437 3872 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:50:22.0437 3872 Ftdisk - ok
09:50:22.0484 3872 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:50:22.0484 3872 GEARAspiWDM - ok
09:50:22.0500 3872 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:50:22.0515 3872 Gpc - ok
09:50:22.0531 3872 [ FC80052194D5708254A346568F0E77C0 ] GTNDIS5 C:\WINDOWS\system32\GTNDIS5.SYS
09:50:22.0531 3872 GTNDIS5 - ok
09:50:22.0609 3872 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:50:22.0609 3872 helpsvc - ok
09:50:22.0625 3872 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
09:50:22.0625 3872 HidServ - ok
09:50:22.0656 3872 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:50:22.0656 3872 HidUsb - ok
09:50:22.0687 3872 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:50:22.0687 3872 hkmsvc - ok
09:50:22.0734 3872 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
09:50:22.0734 3872 hpn - ok
09:50:22.0781 3872 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:50:22.0781 3872 HTTP - ok
09:50:22.0828 3872 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:50:22.0843 3872 HTTPFilter - ok
09:50:22.0875 3872 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
09:50:22.0875 3872 i2omgmt - ok
09:50:22.0890 3872 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:50:22.0890 3872 i2omp - ok
09:50:22.0906 3872 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:50:22.0921 3872 i8042prt - ok
09:50:22.0984 3872 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:50:23.0062 3872 ialm - ok
09:50:23.0140 3872 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:50:23.0156 3872 idsvc - ok
09:50:23.0187 3872 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:50:23.0187 3872 Imapi - ok
09:50:23.0234 3872 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:50:23.0234 3872 ImapiService - ok
09:50:23.0250 3872 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:50:23.0250 3872 ini910u - ok
09:50:23.0328 3872 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
09:50:23.0359 3872 IntelC51 - ok
09:50:23.0406 3872 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
09:50:23.0406 3872 IntelC52 - ok
09:50:23.0437 3872 [ CF0B937710CEC6EF39416EDECD803CBB ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
09:50:23.0437 3872 IntelC53 - ok
09:50:23.0453 3872 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
09:50:23.0453 3872 IntelIde - ok
09:50:23.0515 3872 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:50:23.0515 3872 intelppm - ok
09:50:23.0531 3872 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:50:23.0531 3872 Ip6Fw - ok
09:50:23.0562 3872 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:50:23.0562 3872 IpFilterDriver - ok
09:50:23.0593 3872 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:50:23.0609 3872 IpInIp - ok
09:50:23.0625 3872 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:50:23.0640 3872 IpNat - ok
09:50:23.0703 3872 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:50:23.0718 3872 iPod Service - ok
09:50:23.0750 3872 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:50:23.0750 3872 IPSec - ok
09:50:23.0765 3872 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:50:23.0765 3872 IRENUM - ok
09:50:23.0796 3872 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:50:23.0796 3872 isapnp - ok
09:50:23.0812 3872 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:50:23.0812 3872 Kbdclass - ok
09:50:23.0843 3872 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:50:23.0843 3872 kmixer - ok
09:50:23.0875 3872 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:50:23.0875 3872 KSecDD - ok
09:50:23.0921 3872 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:50:23.0937 3872 lanmanserver - ok
09:50:23.0968 3872 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:50:24.0000 3872 lanmanworkstation - ok
09:50:24.0000 3872 lbrtfdc - ok
09:50:24.0031 3872 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:50:24.0031 3872 LmHosts - ok
09:50:24.0140 3872 [ 2349335A8033FD9834D1C401EAE1C9BF ] lxeaCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe
09:50:24.0140 3872 lxeaCATSCustConnectService - ok
09:50:24.0156 3872 lxea_device - ok
09:50:24.0156 3872 lxeb_device - ok
09:50:24.0187 3872 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:50:24.0187 3872 Messenger - ok
09:50:24.0218 3872 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:50:24.0218 3872 mnmdd - ok
09:50:24.0265 3872 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:50:24.0265 3872 mnmsrvc - ok
09:50:24.0281 3872 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:50:24.0281 3872 Modem - ok
09:50:24.0312 3872 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:50:24.0312 3872 MODEMCSA - ok
09:50:24.0328 3872 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
09:50:24.0328 3872 mohfilt - ok
09:50:24.0359 3872 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:50:24.0359 3872 Mouclass - ok
09:50:24.0390 3872 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:50:24.0390 3872 mouhid - ok
09:50:24.0406 3872 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:50:24.0406 3872 MountMgr - ok
09:50:24.0468 3872 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:50:24.0468 3872 MozillaMaintenance - ok
09:50:24.0515 3872 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:50:24.0515 3872 mraid35x - ok
09:50:24.0531 3872 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:50:24.0546 3872 MRxDAV - ok
09:50:24.0593 3872 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:50:24.0609 3872 MRxSmb - ok
09:50:24.0625 3872 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:50:24.0625 3872 MSDTC - ok
09:50:24.0656 3872 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:50:24.0656 3872 Msfs - ok
09:50:24.0671 3872 MSIServer - ok
09:50:24.0671 3872 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:50:24.0671 3872 MSKSSRV - ok
09:50:24.0703 3872 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:50:24.0703 3872 MSPCLOCK - ok
09:50:24.0718 3872 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:50:24.0718 3872 MSPQM - ok
09:50:24.0734 3872 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:50:24.0734 3872 mssmbios - ok
09:50:24.0765 3872 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:50:24.0781 3872 Mup - ok
09:50:24.0828 3872 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:50:24.0828 3872 napagent - ok
09:50:24.0859 3872 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:50:24.0859 3872 NDIS - ok
09:50:24.0906 3872 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:50:24.0906 3872 NdisTapi - ok
09:50:24.0921 3872 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:50:24.0921 3872 Ndisuio - ok
09:50:24.0937 3872 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:50:24.0937 3872 NdisWan - ok
09:50:24.0968 3872 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:50:24.0968 3872 NDProxy - ok
09:50:25.0000 3872 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:50:25.0000 3872 NetBIOS - ok
09:50:25.0015 3872 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:50:25.0015 3872 NetBT - ok
09:50:25.0062 3872 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
09:50:25.0062 3872 NetDDE - ok
09:50:25.0062 3872 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:50:25.0062 3872 NetDDEdsdm - ok
09:50:25.0093 3872 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:50:25.0093 3872 Netlogon - ok
09:50:25.0125 3872 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
09:50:25.0125 3872 Netman - ok
09:50:25.0171 3872 [ B128CCC0E4586628D5D6F6A8F1D0778D ] netrcacm C:\WINDOWS\system32\DRIVERS\netrcacm.sys
09:50:25.0171 3872 netrcacm - ok
09:50:25.0250 3872 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
09:50:25.0250 3872 NetSvc - ok
09:50:25.0281 3872 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:50:25.0281 3872 NetTcpPortSharing - ok
09:50:25.0328 3872 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
09:50:25.0359 3872 Nla - ok
09:50:25.0375 3872 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:50:25.0375 3872 Npfs - ok
09:50:25.0421 3872 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:50:25.0437 3872 Ntfs - ok
09:50:25.0437 3872 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
09:50:25.0437 3872 NtLmSsp - ok
09:50:25.0484 3872 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:50:25.0484 3872 NtmsSvc - ok
09:50:25.0500 3872 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:50:25.0500 3872 Null - ok
09:50:25.0593 3872 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:50:25.0640 3872 nv - ok
09:50:25.0671 3872 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:50:25.0671 3872 NwlnkFlt - ok
09:50:25.0687 3872 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:50:25.0687 3872 NwlnkFwd - ok
09:50:25.0765 3872 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:50:25.0765 3872 ose - ok
09:50:25.0812 3872 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:50:25.0812 3872 Parport - ok
09:50:25.0828 3872 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:50:25.0828 3872 PartMgr - ok
09:50:25.0843 3872 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:50:25.0843 3872 ParVdm - ok
09:50:25.0875 3872 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:50:25.0875 3872 PCI - ok
09:50:25.0875 3872 PCIDump - ok
09:50:25.0906 3872 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:50:25.0906 3872 PCIIde - ok
09:50:25.0921 3872 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:50:25.0921 3872 Pcmcia - ok
09:50:25.0937 3872 PDCOMP - ok
09:50:25.0937 3872 PDFRAME - ok
09:50:25.0953 3872 PDRELI - ok
09:50:25.0953 3872 PDRFRAME - ok
09:50:25.0984 3872 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
09:50:25.0984 3872 perc2 - ok
09:50:26.0015 3872 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:50:26.0015 3872 perc2hib - ok
09:50:26.0046 3872 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
09:50:26.0046 3872 PlugPlay - ok
09:50:26.0078 3872 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:50:26.0093 3872 PolicyAgent - ok
09:50:26.0109 3872 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:50:26.0109 3872 PptpMiniport - ok
09:50:26.0109 3872 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:50:26.0125 3872 ProtectedStorage - ok
09:50:26.0140 3872 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:50:26.0140 3872 PSched - ok
09:50:26.0156 3872 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:50:26.0156 3872 Ptilink - ok
09:50:26.0187 3872 [ D970470F8F39470BDAE94D313A1CCDCE ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:50:26.0187 3872 PxHelp20 - ok
09:50:26.0234 3872 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:50:26.0234 3872 ql1080 - ok
09:50:26.0250 3872 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:50:26.0250 3872 Ql10wnt - ok
09:50:26.0281 3872 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:50:26.0281 3872 ql12160 - ok
09:50:26.0296 3872 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:50:26.0296 3872 ql1240 - ok
09:50:26.0312 3872 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:50:26.0312 3872 ql1280 - ok
09:50:26.0328 3872 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:50:26.0328 3872 RasAcd - ok
09:50:26.0359 3872 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:50:26.0375 3872 RasAuto - ok
09:50:26.0390 3872 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:50:26.0390 3872 Rasl2tp - ok
09:50:26.0421 3872 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:50:26.0421 3872 RasMan - ok
09:50:26.0453 3872 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:50:26.0453 3872 RasPppoe - ok
09:50:26.0468 3872 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:50:26.0468 3872 Raspti - ok
09:50:26.0500 3872 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:50:26.0500 3872 Rdbss - ok
09:50:26.0515 3872 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:50:26.0515 3872 RDPCDD - ok
09:50:26.0562 3872 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:50:26.0562 3872 rdpdr - ok
09:50:26.0593 3872 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:50:26.0593 3872 RDPWD - ok
09:50:26.0625 3872 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:50:26.0625 3872 RDSessMgr - ok
09:50:26.0656 3872 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:50:26.0656 3872 redbook - ok
09:50:26.0703 3872 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:50:26.0703 3872 RemoteAccess - ok
09:50:26.0796 3872 [ 87F015BAD715839F0CCB1CFBF411BF8F ] Roxio UPnP Renderer 10 C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
09:50:26.0796 3872 Roxio UPnP Renderer 10 - ok
09:50:26.0843 3872 [ 8A8CBC499BE66AE06F3961EEB42F208B ] Roxio Upnp Server 10 C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
09:50:26.0843 3872 Roxio Upnp Server 10 - ok
09:50:26.0937 3872 [ DF814A973022C9B1FB545372E9BF5E2E ] RoxLiveShare10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
09:50:26.0937 3872 RoxLiveShare10 - ok
09:50:27.0000 3872 [ 3D101D9680BF9E5BCB6176CC262AAA5A ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
09:50:27.0031 3872 RoxMediaDB10 - ok
09:50:27.0078 3872 [ 308BB2721A96BBF8FFD79A633A9ABBC2 ] RoxWatch10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
09:50:27.0078 3872 RoxWatch10 - ok
09:50:27.0109 3872 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
09:50:27.0109 3872 RpcLocator - ok
09:50:27.0140 3872 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
09:50:27.0156 3872 RpcSs - ok
09:50:27.0234 3872 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
09:50:27.0250 3872 RSVP - ok
09:50:27.0281 3872 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
09:50:27.0281 3872 SamSs - ok
09:50:27.0312 3872 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:50:27.0312 3872 SASDIFSV - ok
09:50:27.0343 3872 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:50:27.0343 3872 SASKUTIL - ok
09:50:27.0359 3872 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:50:27.0390 3872 SCardSvr - ok
09:50:27.0453 3872 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:50:27.0484 3872 Schedule - ok
09:50:27.0531 3872 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:50:27.0546 3872 Secdrv - ok
09:50:27.0593 3872 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:50:27.0593 3872 seclogon - ok
09:50:27.0656 3872 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
09:50:27.0718 3872 senfilt - ok
09:50:27.0750 3872 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
09:50:27.0765 3872 SENS - ok
09:50:27.0796 3872 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:50:27.0812 3872 serenum - ok
09:50:27.0828 3872 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:50:27.0828 3872 Serial - ok
09:50:27.0875 3872 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:50:27.0890 3872 Sfloppy - ok
09:50:27.0953 3872 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:50:28.0062 3872 SharedAccess - ok
09:50:28.0093 3872 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:50:28.0093 3872 ShellHWDetection - ok
09:50:28.0109 3872 Simbad - ok
09:50:28.0156 3872 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:50:28.0171 3872 sisagp - ok
09:50:28.0593 3872 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
09:50:28.0593 3872 smwdm - ok
09:50:28.0671 3872 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:50:28.0671 3872 Sparrow - ok
09:50:28.0703 3872 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:50:28.0703 3872 splitter - ok
09:50:28.0734 3872 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:50:28.0765 3872 Spooler - ok
09:50:28.0828 3872 sprtsvc_dellsupportcenter - ok
09:50:28.0875 3872 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:50:28.0875 3872 sr - ok
09:50:28.0937 3872 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
09:50:28.0953 3872 srservice - ok
09:50:29.0062 3872 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:50:29.0109 3872 Srv - ok
09:50:29.0156 3872 [ 98625722AD52B40305E74AAA83C93086 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
09:50:29.0171 3872 sscdbhk5 - ok
09:50:29.0203 3872 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:50:29.0203 3872 SSDPSRV - ok
09:50:29.0250 3872 [ D79412E3942C8A257253487536D5A994 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
09:50:29.0250 3872 ssrtln - ok
09:50:29.0281 3872 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:50:29.0296 3872 stisvc - ok
09:50:29.0328 3872 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:50:29.0328 3872 swenum - ok
09:50:29.0359 3872 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:50:29.0359 3872 swmidi - ok
09:50:29.0375 3872 SwPrv - ok
09:50:29.0390 3872 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
09:50:29.0390 3872 symc810 - ok
09:50:29.0406 3872 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:50:29.0406 3872 symc8xx - ok
09:50:29.0421 3872 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:50:29.0421 3872 sym_hi - ok
09:50:29.0453 3872 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:50:29.0453 3872 sym_u3 - ok
09:50:29.0468 3872 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:50:29.0468 3872 sysaudio - ok
09:50:29.0484 3872 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:50:29.0500 3872 SysmonLog - ok
09:50:29.0515 3872 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:50:29.0531 3872 TapiSrv - ok
09:50:29.0562 3872 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:50:29.0593 3872 Tcpip - ok
09:50:29.0593 3872 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:50:29.0593 3872 TDPIPE - ok
09:50:29.0609 3872 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:50:29.0609 3872 TDTCP - ok
09:50:29.0640 3872 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:50:29.0640 3872 TermDD - ok
09:50:29.0671 3872 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
09:50:29.0687 3872 TermService - ok
09:50:29.0750 3872 [ D0177776E11B0B3F272EEBD262A69661 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
09:50:29.0750 3872 tfsnboio - ok
09:50:29.0765 3872 [ 599804BC938B8305A5422319774DA871 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
09:50:29.0765 3872 tfsncofs - ok
09:50:29.0796 3872 [ A1902C00ADC11C4D83F8E3ED947A6A32 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
09:50:29.0796 3872 tfsndrct - ok
09:50:29.0812 3872 [ D8DDB3F2B1BEF15CFF6728D89C042C61 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
09:50:29.0812 3872 tfsndres - ok
09:50:29.0828 3872 [ C4F2DEA75300971CDAEE311007DE138D ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
09:50:29.0828 3872 tfsnifs - ok
09:50:29.0859 3872 [ 272925BE0EA919F08286D2EE6F102B0F ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
09:50:29.0859 3872 tfsnopio - ok
09:50:29.0875 3872 [ 7B7D955E5CEBC2FB88B03EF875D52A2F ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
09:50:29.0875 3872 tfsnpool - ok
09:50:29.0890 3872 [ E3D01263109D800C1967C12C10A0B018 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
09:50:29.0906 3872 tfsnudf - ok
09:50:29.0921 3872 [ B9E9C377906E3A65BC74598FFF7F7458 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
09:50:29.0921 3872 tfsnudfa - ok
09:50:29.0937 3872 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
09:50:29.0937 3872 Themes - ok
09:50:29.0968 3872 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
09:50:29.0968 3872 TosIde - ok
09:50:30.0000 3872 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:50:30.0000 3872 TrkWks - ok
09:50:30.0031 3872 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:50:30.0031 3872 Udfs - ok
09:50:30.0046 3872 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
09:50:30.0046 3872 ultra - ok
09:50:30.0093 3872 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:50:30.0093 3872 Update - ok
09:50:30.0125 3872 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:50:30.0125 3872 upnphost - ok
09:50:30.0140 3872 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
09:50:30.0156 3872 UPS - ok
09:50:30.0171 3872 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
09:50:30.0171 3872 USBAAPL - ok
09:50:30.0187 3872 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:50:30.0187 3872 usbccgp - ok
09:50:30.0203 3872 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:50:30.0203 3872 usbehci - ok
09:50:30.0218 3872 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:50:30.0218 3872 usbhub - ok
09:50:30.0250 3872 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:50:30.0250 3872 usbprint - ok
09:50:30.0265 3872 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:50:30.0265 3872 usbscan - ok
09:50:30.0281 3872 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:50:30.0281 3872 USBSTOR - ok
09:50:30.0296 3872 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:50:30.0296 3872 usbuhci - ok
09:50:30.0328 3872 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:50:30.0328 3872 VgaSave - ok
09:50:30.0359 3872 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:50:30.0359 3872 viaagp - ok
09:50:30.0375 3872 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
09:50:30.0375 3872 ViaIde - ok
09:50:30.0406 3872 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:50:30.0406 3872 VolSnap - ok
09:50:30.0421 3872 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
09:50:30.0437 3872 VSS - ok
09:50:30.0453 3872 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
09:50:30.0453 3872 w32time - ok
09:50:30.0484 3872 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:50:30.0484 3872 Wanarp - ok
09:50:30.0484 3872 wanatw - ok
09:50:30.0500 3872 WDICA - ok
09:50:30.0515 3872 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:50:30.0515 3872 wdmaud - ok
09:50:30.0546 3872 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:50:30.0546 3872 WebClient - ok
09:50:30.0593 3872 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:50:30.0593 3872 winmgmt - ok
09:50:30.0640 3872 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:50:30.0640 3872 WmdmPmSN - ok
09:50:30.0671 3872 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:50:30.0671 3872 WmiApSrv - ok
09:50:30.0781 3872 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
09:50:30.0812 3872 WMPNetworkSvc - ok
09:50:30.0859 3872 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
09:50:30.0859 3872 WpdUsb - ok
09:50:30.0875 3872 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:50:30.0875 3872 WS2IFSL - ok
09:50:30.0906 3872 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:50:30.0906 3872 wscsvc - ok
09:50:30.0937 3872 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:50:30.0953 3872 wuauserv - ok
09:50:30.0968 3872 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:50:30.0968 3872 WudfPf - ok
09:50:31.0015 3872 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
09:50:31.0015 3872 WudfSvc - ok
09:50:31.0046 3872 [ 790D0A1EFF8CA30776051445D0487CDB ] WUSB54GPV4SRV C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
09:50:31.0062 3872 WUSB54GPV4SRV - ok
09:50:31.0109 3872 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:50:31.0125 3872 WZCSVC - ok
09:50:31.0140 3872 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:50:31.0156 3872 xmlprov - ok
09:50:31.0187 3872 ================ Scan global ===============================
09:50:31.0203 3872 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:50:31.0250 3872 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:50:31.0265 3872 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:50:31.0281 3872 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:50:31.0281 3872 [Global] - ok
09:50:31.0281 3872 ================ Scan MBR ==================================
09:50:31.0312 3872 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
09:50:31.0500 3872 \Device\Harddisk0\DR0 - ok
09:50:31.0500 3872 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR4
09:50:39.0578 3872 \Device\Harddisk1\DR4 - ok
09:50:39.0578 3872 ================ Scan VBR ==================================
09:50:39.0578 3872 [ 778F2D85CD34AF7D8F1D4AEF7B707AC8 ] \Device\Harddisk0\DR0\Partition1
09:50:39.0578 3872 \Device\Harddisk0\DR0\Partition1 - ok
09:50:39.0593 3872 [ 18E3F0629BD7DE52D580299A9C158D9C ] \Device\Harddisk1\DR4\Partition1
09:50:39.0593 3872 \Device\Harddisk1\DR4\Partition1 - ok
09:50:39.0593 3872 ============================================================
09:50:39.0593 3872 Scan finished
09:50:39.0593 3872 ============================================================
09:50:39.0609 3864 Detected object count: 0
09:50:39.0609 3864 Actual detected object count: 0
09:53:12.0640 3560 Deinitialize success


I couldn't download any definition updates since there is no active Internet conneciton but here are the ASWmbr logfile results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-04 09:54:50
-----------------------------
09:54:50.640 OS Version: Windows 5.1.2600 Service Pack 3
09:54:50.640 Number of processors: 2 586 0x401
09:54:50.640 ComputerName: FUSCOFAMILY UserName: Cathy
09:54:51.312 Initialize success
09:55:03.343 AVAST engine download error: 0
09:55:24.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:55:24.968 Disk 0 Vendor: WDC_WD1600JB-75GVC0 08.02D08 Size: 152587MB BusType: 3
09:55:25.000 Disk 0 MBR read successfully
09:55:25.000 Disk 0 MBR scan
09:55:25.000 Disk 0 unknown MBR code
09:55:25.000 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
09:55:25.000 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 148797 MB offset 80325
09:55:25.046 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3749 MB offset 304817310
09:55:25.046 Disk 0 scanning sectors +312496380
09:55:25.125 Disk 0 scanning C:\WINDOWS\system32\drivers
09:55:31.093 Service scanning
09:55:40.515 Modules scanning
09:55:47.046 Module: C:\WINDOWS\SYSTEM32\ntdll.dll **SUSPICIOUS**
09:55:47.062 Disk 0 trace - called modules:
09:55:47.078 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
09:55:47.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f8a030]
09:55:47.078 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86fd1b00]
09:55:47.078 Scan finished successfully
09:56:18.468 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
09:56:18.484 The log file has been saved successfully to "E:\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 04 October 2012 - 02:26 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users