Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkits reported by AVG, not removed


  • This topic is locked This topic is locked
12 replies to this topic

#1 KipTom1

KipTom1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 18 October 2012 - 09:00 AM

Hi

AVG scan found 6 Rootkits, seems unable to remove / heal items. (have screen shot if needed).
====== here are the reported files=========
"";"C:\WINDOWS\system32\drivers\spxo.sys";"atapi.sys, hooked import HAL.dll READ_PORT_BUFFER_USHORT -> spxo.sys +0x213C";"Object is hidden"
"";"C:\WINDOWS\system32\drivers\spxo.sys";"atapi.sys, hooked import HAL.dll READ_PORT_USHORT -> spxo.sys +0x20BE";"Object is hidden"
"";"C:\WINDOWS\system32\drivers\spxo.sys";"atapi.sys, hooked import HAL.dll WRITE_PORT_BUFFER_USHORT -> spxo.sys +0x27FC";"Object is hidden"
"";"C:\WINDOWS\system32\drivers\spxo.sys";"atapi.sys, hooked import HAL.dll WRITE_PORT_UCHAR -> spxo.sys +0x26D2";"Object is hidden"
"";"C:\WINDOWS\system32\drivers\spxo.sys";"i8042prt.sys, hooked import HAL.dll READ_PORT_UCHAR -> spxo.sys +0x12048";"Object is hidden"
============

Only suspicious behavior is:
1) 2nd unexpected browser tab in firefox (occasional):
http://fvdconverter.com/page/welcome-firefox

2) When Ran DDS
ZoneAlarm alert says:
DDS. Dosen't Do Squat is trying to launch c:\windows\system32\regsvr32.exe...
(never seen a warning like that before!)

Ran DDS without "files" checked (log below), as it ran yesterday for over 8 hours (going through every file on the C drive), then the system crashed with a windows delayed write fail. On re-boot system seems fine...

Thanks in advance / KipTom

----DDS--------------------------------------
DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.7.2
Run by TCW at 9:11:36 on 2012-10-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2069 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Internet Security 2012 *Enabled*
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AdobeCS6\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Blue Squirrel\Spam Sleuth\SpamSleuth.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NoteTab Pro 5\NotePro.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://update.zonelabs.com/checkupdateweb.asp?ProductName=ZoneAlarm+Pro&ProductVersion=7.0.470.000&HU100=ZLN10948910471151-1025&SerialNumber=4fi3t180&License=1&Language=EN&Query=Manual&OEM=1025
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobecs4\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - LocalServer32 - <no file>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobecs4\/Adobe Contribute CS4/contributeieplugin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Second Copy] "c:\program files\seccopy\SecCopy.exe" /InitialWait=5
uRun: [ClipTrak Pro] "c:\program files\pc magazine utilities\cliptrak pro\ClipTrak Pro.exe" /startwithwindows
uRun: [Google Update] "c:\documents and settings\tcw\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobecs6\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobecs6\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
StartupFolder: c:\docume~1\tcw\startm~1\programs\startup\automa~1.lnk - c:\program files\pm4\automailer\AutoMailer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\xp\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spamsl~1.lnk - c:\program files\blue squirrel\spam sleuth\SpamSleuth.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add this link to WebWhacker... - <no file>
IE: Add this page to WebWhacker... - <no file>
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\xp\office10\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343232479046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {AC3FC1E2-26B3-46E5-8EC2-B1D5E4C90331} - hxxp://www.microseven.com/software/M7IE.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 167.206.251.129 167.206.251.130
TCP: Interfaces\{BD243548-5E8F-4F1E-9AD0-D74D9B9A0284} : DHCPNameServer = 167.206.251.129 167.206.251.130
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tcw\application data\mozilla\firefox\profiles\st6eed1p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com\\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: c:\documents and settings\tcw\application data\mozilla\firefox\profiles\st6eed1p.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\tcw\application data\mozilla\firefox\profiles\st6eed1p.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll
FF - plugin: c:\documents and settings\tcw\application data\mozilla\firefox\profiles\st6eed1p.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\tcw\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\tcw\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\tcw\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\tcw\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobecs6\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-08-28 10:27; {F53C93F1-07D5-430c-86D4-C9531B27DFAF}; c:\program files\avg\avg2012\firefox\DoNotTrack
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-29 64512]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 301920]
R1 MpKsl91ec24d9;MpKsl91ec24d9;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e6b9645-ae7b-42f7-ac99-41de94d78de0}\MpKsl91ec24d9.sys [2012-10-18 29904]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-7-22 525840]
R1 wgo;wgo;c:\windows\system32\drivers\wgo.sys [2009-11-11 13976]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-9-10 18432]
R2 APC Data Service;APC Data Service;c:\program files\apc\powerchute personal edition\dataserv.exe [2012-1-24 21880]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 493184]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152720]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-8-18 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-6-25 47640]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-3-6 598856]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [2009-3-2 201728]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-2 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-2 12184]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-2-28 56992]
RUnknown MpKsl939b756b;MpKsl939b756b; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-22 136176]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-22 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 115168]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\NotePro.exe="c:\program files\notetab pro 5\NotePro.exe" "%1" [UserChoice]
FileExt: .js: jsfile="c:\program files\adobecs6\adobe dreamweaver cs6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobecs6\adobe dreamweaver cs6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-10-18 08:32:49 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-10-18 08:32:49 214256 ----a-w- c:\windows\system32\muweb.dll
2012-10-18 08:32:49 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-10-18 05:36:38 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e6b9645-ae7b-42f7-ac99-41de94d78de0}\MpKsl91ec24d9.sys
2012-10-17 22:40:42 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e6b9645-ae7b-42f7-ac99-41de94d78de0}\MpKsl939b756b.sys
2012-10-17 15:08:07 -------- d-----w- C:\Root Fix Files
2012-10-17 13:15:33 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e6b9645-ae7b-42f7-ac99-41de94d78de0}\offreg.dll
2012-10-17 13:09:29 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e6b9645-ae7b-42f7-ac99-41de94d78de0}\mpengine.dll
2012-10-17 13:09:17 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-17 13:07:06 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-07 22:06:26 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-07 22:06:18 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-24 22:25:59 290304 ----a-w- C:\subinacl.exe
2012-09-24 22:19:18 -------- d-----w- C:\RegBackup
2012-09-24 22:17:10 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-24 22:16:56 -------- d-----w- c:\program files\Tweaking.com
2012-09-24 22:07:57 -------- d-----w- c:\program files\CCleaner
2012-09-24 21:55:30 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-09-19 19:51:18 -------- d-----w- c:\documents and settings\tcw\application data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-09-19 19:51:18 -------- d-----w- c:\documents and settings\all users\Adobe
.
==================== Find3M ====================
.
2012-10-10 14:19:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 14:19:19 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 15:55:59 1880 ----a-w- c:\windows\AUTOLNCH.REG
2012-10-07 22:06:07 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12:36 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12:34 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-24 19:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-26 07:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-12-01 20:25:36 30208 ----a-w- c:\program files\common files\Wbox.exe
.
============= FINISH: 9:13:00.43 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 20 October 2012 - 12:34 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Let start with these scans.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 KipTom1

KipTom1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 20 October 2012 - 06:27 PM

Hello nasdaq:
Thank you for helping me! I appreciate your time.

Here is the TDSS report, followed by the other requested post and zip file.
:-)
Thanks in advance,
KipTom
===============

18:29:08.0703 1992 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
18:29:10.0093 1992 ============================================================
18:29:10.0093 1992 Current date / time: 2012/10/20 18:29:10.0093
18:29:10.0093 1992 SystemInfo:
18:29:10.0093 1992
18:29:10.0093 1992 OS Version: 5.1.2600 ServicePack: 3.0
18:29:10.0093 1992 Product type: Workstation
18:29:10.0093 1992 ComputerName: KLS
18:29:10.0093 1992 UserName: TCW
18:29:10.0093 1992 Windows directory: C:\WINDOWS
18:29:10.0093 1992 System windows directory: C:\WINDOWS
18:29:10.0093 1992 Processor architecture: Intel x86
18:29:10.0093 1992 Number of processors: 4
18:29:10.0093 1992 Page size: 0x1000
18:29:10.0093 1992 Boot type: Normal boot
18:29:10.0093 1992 ============================================================
18:29:12.0265 1992 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:29:12.0281 1992 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:29:12.0281 1992 ============================================================
18:29:12.0281 1992 \Device\Harddisk0\DR0:
18:29:12.0281 1992 MBR partitions:
18:29:12.0281 1992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
18:29:12.0281 1992 \Device\Harddisk1\DR1:
18:29:12.0281 1992 MBR partitions:
18:29:12.0281 1992 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
18:29:12.0281 1992 ============================================================
18:29:12.0312 1992 C: <-> \Device\Harddisk0\DR0\Partition1
18:29:12.0328 1992 D: <-> \Device\Harddisk1\DR1\Partition1
18:29:12.0328 1992 ============================================================
18:29:12.0328 1992 Initialize success
18:29:12.0328 1992 ============================================================
18:29:28.0531 2244 ============================================================
18:29:28.0531 2244 Scan started
18:29:28.0531 2244 Mode: Manual;
18:29:28.0531 2244 ============================================================
18:29:29.0625 2244 ================ Scan system memory ========================
18:29:29.0625 2244 System memory - ok
18:29:29.0625 2244 ================ Scan services =============================
18:29:29.0687 2244 Abiosdsk - ok
18:29:29.0687 2244 abp480n5 - ok
18:29:29.0718 2244 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:29:29.0718 2244 ACPI - ok
18:29:29.0750 2244 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:29:29.0750 2244 ACPIEC - ok
18:29:29.0781 2244 [ 73685E15EF8B0BD9C30F1AF413F13D49 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
18:29:29.0781 2244 adfs - ok
18:29:29.0828 2244 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
18:29:29.0828 2244 Adobe Version Cue CS3 - ok
18:29:29.0906 2244 [ 9444A3530C2E88B7ED96A566FF9CCC13 ] Adobe Version Cue CS4 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
18:29:29.0906 2244 Adobe Version Cue CS4 - ok
18:29:29.0906 2244 adpu160m - ok
18:29:29.0937 2244 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:29:29.0937 2244 aec - ok
18:29:29.0953 2244 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:29:29.0953 2244 AFD - ok
18:29:29.0968 2244 Aha154x - ok
18:29:29.0968 2244 aic78u2 - ok
18:29:29.0968 2244 aic78xx - ok
18:29:30.0000 2244 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:29:30.0000 2244 Alerter - ok
18:29:30.0015 2244 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:29:30.0015 2244 ALG - ok
18:29:30.0015 2244 AliIde - ok
18:29:30.0046 2244 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
18:29:30.0046 2244 AmdPPM - ok
18:29:30.0062 2244 amsint - ok
18:29:30.0140 2244 [ F41E453A90EF19217CEE1675F5256EE7 ] Apache2.2 C:\xampp\apache\bin\httpd.exe
18:29:30.0140 2244 Apache2.2 - ok
18:29:30.0187 2244 [ 107AB19CC1D40B9D04537F6EEAAC34C9 ] APC Data Service C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
18:29:30.0187 2244 APC Data Service - ok
18:29:30.0234 2244 [ C7F8C8080B055B3DE9A8141DFD8E308A ] APC UPS Service C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
18:29:30.0234 2244 APC UPS Service - ok
18:29:30.0296 2244 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:29:30.0296 2244 Apple Mobile Device - ok
18:29:30.0328 2244 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:29:30.0328 2244 AppMgmt - ok
18:29:30.0375 2244 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:29:30.0375 2244 Arp1394 - ok
18:29:30.0375 2244 asc - ok
18:29:30.0375 2244 asc3350p - ok
18:29:30.0390 2244 asc3550 - ok
18:29:30.0468 2244 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:29:30.0468 2244 aspnet_state - ok
18:29:30.0500 2244 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:29:30.0500 2244 AsyncMac - ok
18:29:30.0515 2244 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:29:30.0515 2244 atapi - ok
18:29:30.0515 2244 Atdisk - ok
18:29:30.0562 2244 [ D80A3FD3DB6F999F6D1C6D23A293851B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
18:29:30.0562 2244 Ati HotKey Poller - ok
18:29:30.0593 2244 [ 460741BEFBFC91C88934620BC546D172 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
18:29:30.0609 2244 ATI Smart - ok
18:29:31.0109 2244 [ C832BF76F003999D2E91E5115583C69E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:29:31.0156 2244 ati2mtag - ok
18:29:31.0203 2244 [ 924971A182E07463765EF9FA8876F24F ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
18:29:31.0203 2244 AtiHDAudioService - ok
18:29:31.0250 2244 [ DC6957811FF95F2DD3004361B20D8D3F ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
18:29:31.0265 2244 AtiHdmiService - ok
18:29:31.0296 2244 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:29:31.0312 2244 Atmarpc - ok
18:29:31.0359 2244 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:29:31.0406 2244 AudioSrv - ok
18:29:31.0468 2244 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:29:31.0468 2244 audstub - ok
18:29:31.0484 2244 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
18:29:31.0484 2244 Avgfwdx - ok
18:29:31.0484 2244 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
18:29:31.0484 2244 Avgfwfd - ok
18:29:31.0578 2244 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe
18:29:31.0593 2244 avgfws - ok
18:29:31.0750 2244 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
18:29:31.0781 2244 AVGIDSAgent - ok
18:29:31.0812 2244 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
18:29:31.0812 2244 AVGIDSDriver - ok
18:29:31.0812 2244 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
18:29:31.0812 2244 AVGIDSFilter - ok
18:29:31.0843 2244 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
18:29:31.0843 2244 AVGIDSHX - ok
18:29:31.0875 2244 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
18:29:31.0875 2244 AVGIDSShim - ok
18:29:31.0890 2244 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:29:31.0906 2244 Avgldx86 - ok
18:29:31.0921 2244 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:29:31.0921 2244 Avgmfx86 - ok
18:29:31.0953 2244 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:29:31.0953 2244 Avgrkx86 - ok
18:29:31.0984 2244 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
18:29:31.0984 2244 Avgtdix - ok
18:29:32.0015 2244 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
18:29:32.0015 2244 avgwd - ok
18:29:32.0046 2244 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:29:32.0046 2244 Beep - ok
18:29:32.0093 2244 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:29:32.0093 2244 BITS - ok
18:29:32.0156 2244 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:29:32.0156 2244 Bonjour Service - ok
18:29:32.0187 2244 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
18:29:32.0187 2244 Browser - ok
18:29:32.0218 2244 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:29:32.0218 2244 cbidf2k - ok
18:29:32.0250 2244 [ 359E5A91D26D0439933BEF1C29CEDEF7 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
18:29:32.0250 2244 CCALib8 - ok
18:29:32.0265 2244 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:29:32.0265 2244 CCDECODE - ok
18:29:32.0265 2244 cd20xrnt - ok
18:29:32.0296 2244 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:29:32.0296 2244 Cdaudio - ok
18:29:32.0328 2244 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:29:32.0328 2244 Cdfs - ok
18:29:32.0343 2244 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:29:32.0343 2244 Cdrom - ok
18:29:32.0343 2244 Changer - ok
18:29:32.0359 2244 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:29:32.0359 2244 CiSvc - ok
18:29:32.0375 2244 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:29:32.0375 2244 ClipSrv - ok
18:29:32.0406 2244 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:29:32.0406 2244 clr_optimization_v2.0.50727_32 - ok
18:29:32.0421 2244 CmdIde - ok
18:29:32.0437 2244 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:29:32.0437 2244 Compbatt - ok
18:29:32.0437 2244 COMSysApp - ok
18:29:32.0453 2244 Cpqarray - ok
18:29:32.0468 2244 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:29:32.0468 2244 CryptSvc - ok
18:29:32.0468 2244 dac2w2k - ok
18:29:32.0468 2244 dac960nt - ok
18:29:32.0515 2244 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:29:32.0515 2244 DcomLaunch - ok
18:29:32.0546 2244 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:29:32.0546 2244 Dhcp - ok
18:29:32.0562 2244 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:29:32.0562 2244 Disk - ok
18:29:32.0562 2244 dmadmin - ok
18:29:32.0593 2244 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:29:32.0593 2244 dmboot - ok
18:29:32.0593 2244 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:29:32.0609 2244 dmio - ok
18:29:32.0625 2244 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:29:32.0625 2244 dmload - ok
18:29:32.0656 2244 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:29:32.0656 2244 dmserver - ok
18:29:32.0687 2244 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:29:32.0687 2244 DMusic - ok
18:29:32.0718 2244 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:29:32.0718 2244 Dnscache - ok
18:29:32.0765 2244 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:29:32.0765 2244 Dot3svc - ok
18:29:32.0765 2244 dpti2o - ok
18:29:32.0765 2244 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:29:32.0765 2244 drmkaud - ok
18:29:32.0796 2244 [ 1FC1EED3EA0C3A0ECF8A95B97E1B4831 ] dvd43llh C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
18:29:32.0828 2244 dvd43llh - ok
18:29:32.0843 2244 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:29:32.0843 2244 EapHost - ok
18:29:32.0875 2244 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:29:32.0875 2244 ERSvc - ok
18:29:32.0937 2244 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:29:32.0937 2244 Eventlog - ok
18:29:32.0953 2244 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
18:29:32.0953 2244 EventSystem - ok
18:29:33.0000 2244 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:29:33.0000 2244 Fastfat - ok
18:29:33.0015 2244 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:29:33.0015 2244 FastUserSwitchingCompatibility - ok
18:29:33.0046 2244 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:29:33.0046 2244 Fdc - ok
18:29:33.0078 2244 [ A75DDC492D2D1D6558AD8003A4ADB73A ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
18:29:33.0078 2244 FilterService - ok
18:29:33.0093 2244 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:29:33.0093 2244 Fips - ok
18:29:33.0140 2244 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:29:33.0156 2244 FLEXnet Licensing Service - ok
18:29:33.0156 2244 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:29:33.0156 2244 Flpydisk - ok
18:29:33.0187 2244 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:29:33.0187 2244 FltMgr - ok
18:29:33.0234 2244 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:29:33.0234 2244 FontCache3.0.0.0 - ok
18:29:33.0234 2244 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:29:33.0234 2244 Fs_Rec - ok
18:29:33.0250 2244 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:29:33.0250 2244 Ftdisk - ok
18:29:33.0281 2244 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:29:33.0281 2244 GEARAspiWDM - ok
18:29:33.0312 2244 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
18:29:33.0312 2244 getPlusHelper - ok
18:29:33.0343 2244 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:29:33.0343 2244 Gpc - ok
18:29:33.0406 2244 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:29:33.0406 2244 gupdate - ok
18:29:33.0421 2244 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:29:33.0421 2244 gupdatem - ok
18:29:33.0453 2244 [ 5467F1FF0AF264566740F67E8B810735 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:29:33.0453 2244 gusvc - ok
18:29:33.0468 2244 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:29:33.0468 2244 HDAudBus - ok
18:29:33.0546 2244 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:29:33.0546 2244 helpsvc - ok
18:29:33.0578 2244 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
18:29:33.0578 2244 HidBatt - ok
18:29:33.0609 2244 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:29:33.0609 2244 HidServ - ok
18:29:33.0625 2244 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:29:33.0625 2244 HidUsb - ok
18:29:33.0656 2244 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:29:33.0656 2244 hkmsvc - ok
18:29:33.0656 2244 hpn - ok
18:29:33.0734 2244 [ B14328CFEEB6B736BE44C2C9DB3B162C ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:29:33.0734 2244 hpqcxs08 - ok
18:29:33.0765 2244 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:29:33.0765 2244 hpqddsvc - ok
18:29:33.0796 2244 [ 75F122CDCA3C71BD09089F2CA824B796 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
18:29:33.0796 2244 HPSLPSVC - ok
18:29:33.0843 2244 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:29:33.0843 2244 HPZid412 - ok
18:29:33.0859 2244 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:29:33.0859 2244 HPZipr12 - ok
18:29:33.0859 2244 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:29:33.0875 2244 HPZius12 - ok
18:29:33.0906 2244 [ 09F82FA7E535994A4997463DB27C5803 ] HSFHWCD2 C:\WINDOWS\system32\DRIVERS\HSFHWCD2.sys
18:29:33.0921 2244 HSFHWCD2 - ok
18:29:33.0968 2244 [ F2C083A3CDD9FC1D67B78820A7A5597E ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
18:29:34.0015 2244 HSF_DP - ok
18:29:34.0046 2244 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:29:34.0062 2244 HTTP - ok
18:29:34.0078 2244 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:29:34.0093 2244 HTTPFilter - ok
18:29:34.0093 2244 i2omgmt - ok
18:29:34.0093 2244 i2omp - ok
18:29:34.0109 2244 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:29:34.0125 2244 i8042prt - ok
18:29:34.0187 2244 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:29:34.0203 2244 idsvc - ok
18:29:34.0218 2244 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:29:34.0218 2244 Imapi - ok
18:29:34.0234 2244 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:29:34.0234 2244 ImapiService - ok
18:29:34.0234 2244 ini910u - ok
18:29:34.0343 2244 [ FB4293B1EAB313C28D4A1B8DB61ACA72 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:29:34.0406 2244 IntcAzAudAddService - ok
18:29:34.0406 2244 IntelIde - ok
18:29:34.0421 2244 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:29:34.0421 2244 Ip6Fw - ok
18:29:34.0437 2244 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:29:34.0437 2244 IpFilterDriver - ok
18:29:34.0437 2244 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:29:34.0437 2244 IpInIp - ok
18:29:34.0453 2244 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:29:34.0468 2244 IpNat - ok
18:29:34.0515 2244 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:29:34.0515 2244 iPod Service - ok
18:29:34.0531 2244 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:29:34.0531 2244 IPSec - ok
18:29:34.0546 2244 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:29:34.0546 2244 IRENUM - ok
18:29:34.0562 2244 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:29:34.0562 2244 isapnp - ok
18:29:34.0609 2244 [ C76357E42FF11A00B3FE0A7B341E3F5F ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
18:29:34.0609 2244 ISWKL - ok
18:29:34.0640 2244 [ 7AAD72B665E984EF644A6812C48B37DF ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
18:29:34.0640 2244 IswSvc - ok
18:29:34.0718 2244 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
18:29:34.0718 2244 JavaQuickStarterService - ok
18:29:34.0750 2244 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:29:34.0750 2244 Kbdclass - ok
18:29:34.0781 2244 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:29:34.0781 2244 kbdhid - ok
18:29:34.0796 2244 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:29:34.0796 2244 kmixer - ok
18:29:34.0828 2244 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:29:34.0828 2244 KSecDD - ok
18:29:34.0843 2244 [ 3CE13ABC9F612E08F6B23EECC63780E4 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
18:29:34.0843 2244 L8042Kbd - ok
18:29:34.0875 2244 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:29:34.0906 2244 lanmanserver - ok
18:29:34.0937 2244 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:29:34.0937 2244 lanmanworkstation - ok
18:29:35.0031 2244 [ 55AFD4A9D5ED4AD40D5215CCDF4D65F3 ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
18:29:35.0046 2244 Lavasoft Ad-Aware Service - ok
18:29:35.0078 2244 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
18:29:35.0078 2244 Lavasoft Kernexplorer - ok
18:29:35.0109 2244 [ 336ABE8721CBC3110F1C6426DA633417 ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
18:29:35.0109 2244 Lbd - ok
18:29:35.0125 2244 lbrtfdc - ok
18:29:35.0218 2244 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:29:35.0218 2244 LBTServ - ok
18:29:35.0265 2244 [ 717E6714BCA808F2A372E636AFF3D15A ] LEqdUsb C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
18:29:35.0265 2244 LEqdUsb - ok
18:29:35.0281 2244 [ 2786F7B4003ADFF88CE28BC1800B5407 ] LHidEqd C:\WINDOWS\system32\Drivers\LHidEqd.Sys
18:29:35.0281 2244 LHidEqd - ok
18:29:35.0281 2244 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
18:29:35.0281 2244 LHidFilt - ok
18:29:35.0312 2244 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:29:35.0328 2244 LmHosts - ok
18:29:35.0390 2244 [ C6A4FA0BEED6E4198DDD8B8EE136CF80 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
18:29:35.0390 2244 LMIGuardianSvc - ok
18:29:35.0406 2244 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
18:29:35.0406 2244 LMIInfo - ok
18:29:35.0437 2244 [ 6295A19E8A6486FF8A13A1B2F4E461E0 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
18:29:35.0437 2244 LMIMaint - ok
18:29:35.0453 2244 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
18:29:35.0453 2244 lmimirr - ok
18:29:35.0468 2244 LMIRfsClientNP - ok
18:29:35.0484 2244 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
18:29:35.0500 2244 LMIRfsDriver - ok
18:29:35.0500 2244 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
18:29:35.0500 2244 LMouFilt - ok
18:29:35.0531 2244 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
18:29:35.0531 2244 LogMeIn - ok
18:29:35.0562 2244 [ C57C48FB9AE3EFB9848AF594E3123A63 ] LVPr2Mon C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
18:29:35.0562 2244 LVPr2Mon - ok
18:29:35.0593 2244 [ 5C7B88695CE461D8BDA4FE0C0E57E71D ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
18:29:35.0593 2244 LVPrcSrv - ok
18:29:35.0640 2244 [ 87ECCE893D8AEC5A9337B917742D339C ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
18:29:35.0640 2244 LVRS - ok
18:29:35.0687 2244 [ 23F8EF78BB9553E465A476F3CEE5CA18 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
18:29:35.0687 2244 LVUSBSta - ok
18:29:35.0812 2244 [ 291F69B3DDA0F033D2490C5BA5179F7C ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
18:29:35.0937 2244 LVUVC - ok
18:29:35.0968 2244 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:29:35.0968 2244 mdmxsdk - ok
18:29:35.0984 2244 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:29:35.0984 2244 Messenger - ok
18:29:36.0015 2244 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:29:36.0015 2244 mnmdd - ok
18:29:36.0031 2244 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:29:36.0046 2244 mnmsrvc - ok
18:29:36.0078 2244 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:29:36.0078 2244 Modem - ok
18:29:36.0093 2244 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:29:36.0093 2244 Mouclass - ok
18:29:36.0109 2244 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:29:36.0109 2244 mouhid - ok
18:29:36.0125 2244 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:29:36.0125 2244 MountMgr - ok
18:29:36.0171 2244 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:29:36.0171 2244 MozillaMaintenance - ok
18:29:36.0187 2244 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:29:36.0187 2244 MpFilter - ok
18:29:36.0281 2244 [ A69630D039C38018689190234F866D77 ] MpKslfcd24deb c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06295199-47B1-4FC0-A68F-98EB7EBC140D}\MpKslfcd24deb.sys
18:29:36.0281 2244 MpKslfcd24deb - ok
18:29:36.0281 2244 mraid35x - ok
18:29:36.0296 2244 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:29:36.0296 2244 MRxDAV - ok
18:29:36.0328 2244 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:29:36.0328 2244 MRxSmb - ok
18:29:36.0359 2244 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:29:36.0375 2244 MSDTC - ok
18:29:36.0375 2244 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:29:36.0375 2244 Msfs - ok
18:29:36.0375 2244 MSICDSetup - ok
18:29:36.0375 2244 MSIServer - ok
18:29:36.0406 2244 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:29:36.0406 2244 MSKSSRV - ok
18:29:36.0453 2244 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:29:36.0453 2244 MsMpSvc - ok
18:29:36.0468 2244 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:29:36.0468 2244 MSPCLOCK - ok
18:29:36.0484 2244 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:29:36.0484 2244 MSPQM - ok
18:29:36.0500 2244 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:29:36.0500 2244 mssmbios - ok
18:29:36.0578 2244 MSSQL$SQLEXPRESS - ok
18:29:36.0625 2244 [ 8E8E74C953EB0C4F8828D99D6F27FD6F ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:29:36.0640 2244 MSSQLServerADHelper100 - ok
18:29:36.0640 2244 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:29:36.0656 2244 MSTEE - ok
18:29:36.0671 2244 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:29:36.0671 2244 MTsensor - ok
18:29:36.0718 2244 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:29:36.0750 2244 Mup - ok
18:29:36.0812 2244 mysql - ok
18:29:36.0828 2244 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:29:36.0843 2244 NABTSFEC - ok
18:29:36.0875 2244 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:29:36.0875 2244 napagent - ok
18:29:36.0906 2244 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:29:36.0906 2244 NDIS - ok
18:29:36.0937 2244 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:29:36.0937 2244 NdisIP - ok
18:29:36.0968 2244 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:29:36.0968 2244 NdisTapi - ok
18:29:37.0000 2244 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:29:37.0000 2244 Ndisuio - ok
18:29:37.0000 2244 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:29:37.0000 2244 NdisWan - ok
18:29:37.0046 2244 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:29:37.0046 2244 NDProxy - ok
18:29:37.0093 2244 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
18:29:37.0093 2244 Net Driver HPZ12 - ok
18:29:37.0109 2244 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:29:37.0109 2244 NetBIOS - ok
18:29:37.0109 2244 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:29:37.0109 2244 NetBT - ok
18:29:37.0140 2244 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:29:37.0140 2244 NetDDE - ok
18:29:37.0156 2244 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:29:37.0156 2244 NetDDEdsdm - ok
18:29:37.0171 2244 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:29:37.0171 2244 Netlogon - ok
18:29:37.0187 2244 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:29:37.0187 2244 Netman - ok
18:29:37.0218 2244 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:29:37.0218 2244 NetTcpPortSharing - ok
18:29:37.0218 2244 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:29:37.0234 2244 NIC1394 - ok
18:29:37.0250 2244 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:29:37.0250 2244 Nla - ok
18:29:37.0281 2244 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:29:37.0281 2244 Npfs - ok
18:29:37.0296 2244 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:29:37.0296 2244 Ntfs - ok
18:29:37.0296 2244 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:29:37.0296 2244 NtLmSsp - ok
18:29:37.0328 2244 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:29:37.0343 2244 NtmsSvc - ok
18:29:37.0359 2244 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:29:37.0359 2244 Null - ok
18:29:37.0531 2244 [ 8CB0F8A7BA9AF08C89DCA1F3202D5829 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:29:37.0593 2244 nv - ok
18:29:37.0609 2244 [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:29:37.0609 2244 NVENETFD - ok
18:29:37.0640 2244 [ D8D01CB94E1312BB64F78392D9617714 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
18:29:37.0640 2244 NVHDA - ok
18:29:37.0671 2244 [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:29:37.0671 2244 nvnetbus - ok
18:29:37.0687 2244 [ 2A085AEC3AB2B1211611D2A7B9E22456 ] nvsmu C:\WINDOWS\system32\DRIVERS\nvsmu.sys
18:29:37.0687 2244 nvsmu - ok
18:29:37.0703 2244 [ 6B38FD984770A142109AF49FE84B726F ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
18:29:37.0718 2244 NVSvc - ok
18:29:37.0734 2244 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:29:37.0734 2244 NwlnkFlt - ok
18:29:37.0734 2244 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:29:37.0734 2244 NwlnkFwd - ok
18:29:37.0750 2244 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:29:37.0750 2244 ohci1394 - ok
18:29:37.0796 2244 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
18:29:37.0796 2244 Parport - ok
18:29:37.0796 2244 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:29:37.0812 2244 PartMgr - ok
18:29:37.0828 2244 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:29:37.0828 2244 ParVdm - ok
18:29:37.0843 2244 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:29:37.0875 2244 PCI - ok
18:29:37.0875 2244 PCIDump - ok
18:29:37.0890 2244 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:29:37.0890 2244 PCIIde - ok
18:29:37.0906 2244 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:29:37.0921 2244 Pcmcia - ok
18:29:37.0968 2244 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
18:29:37.0968 2244 pcouffin - ok
18:29:37.0968 2244 PDCOMP - ok
18:29:37.0968 2244 PDFRAME - ok
18:29:37.0968 2244 PDRELI - ok
18:29:37.0984 2244 PDRFRAME - ok
18:29:37.0984 2244 perc2 - ok
18:29:37.0984 2244 perc2hib - ok
18:29:38.0015 2244 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:29:38.0031 2244 PlugPlay - ok
18:29:38.0062 2244 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
18:29:38.0062 2244 Pml Driver HPZ12 - ok
18:29:38.0062 2244 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:29:38.0062 2244 PolicyAgent - ok
18:29:38.0093 2244 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:29:38.0093 2244 PptpMiniport - ok
18:29:38.0109 2244 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
18:29:38.0109 2244 Processor - ok
18:29:38.0109 2244 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:29:38.0109 2244 ProtectedStorage - ok
18:29:38.0109 2244 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:29:38.0125 2244 PSched - ok
18:29:38.0140 2244 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:29:38.0140 2244 Ptilink - ok
18:29:38.0156 2244 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:29:38.0171 2244 PxHelp20 - ok
18:29:38.0171 2244 ql1080 - ok
18:29:38.0171 2244 Ql10wnt - ok
18:29:38.0171 2244 ql12160 - ok
18:29:38.0171 2244 ql1240 - ok
18:29:38.0187 2244 ql1280 - ok
18:29:38.0187 2244 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:29:38.0187 2244 RasAcd - ok
18:29:38.0234 2244 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:29:38.0234 2244 RasAuto - ok
18:29:38.0234 2244 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:29:38.0234 2244 Rasl2tp - ok
18:29:38.0265 2244 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:29:38.0265 2244 RasMan - ok
18:29:38.0281 2244 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:29:38.0281 2244 RasPppoe - ok
18:29:38.0281 2244 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:29:38.0281 2244 Raspti - ok
18:29:38.0296 2244 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:29:38.0296 2244 Rdbss - ok
18:29:38.0296 2244 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:29:38.0296 2244 RDPCDD - ok
18:29:38.0312 2244 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:29:38.0312 2244 rdpdr - ok
18:29:38.0343 2244 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:29:38.0343 2244 RDPWD - ok
18:29:38.0359 2244 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:29:38.0359 2244 RDSessMgr - ok
18:29:38.0375 2244 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:29:38.0390 2244 redbook - ok
18:29:38.0406 2244 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:29:38.0406 2244 RemoteAccess - ok
18:29:38.0421 2244 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:29:38.0421 2244 RemoteRegistry - ok
18:29:38.0453 2244 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:29:38.0453 2244 RpcLocator - ok
18:29:38.0468 2244 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:29:38.0484 2244 RpcSs - ok
18:29:38.0500 2244 [ A95840A95A9FF74B0009E5D848CDDB39 ] RsFx0150 C:\WINDOWS\system32\DRIVERS\RsFx0150.sys
18:29:38.0515 2244 RsFx0150 - ok
18:29:38.0531 2244 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:29:38.0531 2244 RSVP - ok
18:29:38.0562 2244 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:29:38.0562 2244 SamSs - ok
18:29:38.0578 2244 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:29:38.0578 2244 SCardSvr - ok
18:29:38.0593 2244 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:29:38.0593 2244 Schedule - ok
18:29:38.0625 2244 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:29:38.0625 2244 Secdrv - ok
18:29:38.0656 2244 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:29:38.0656 2244 seclogon - ok
18:29:38.0656 2244 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:29:38.0656 2244 SENS - ok
18:29:38.0703 2244 [ A2CC81C30BEF6AC9F27055490EEF6DE3 ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
18:29:38.0703 2244 Sentinel - ok
18:29:38.0750 2244 [ A9EEB7B09B898A53EC8B7063B923AC32 ] SentinelKeysServer C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
18:29:38.0750 2244 SentinelKeysServer - ok
18:29:38.0750 2244 [ FD8723219C907C7AB753C93334FA4610 ] SentinelProtectionServer C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
18:29:38.0750 2244 SentinelProtectionServer - ok
18:29:38.0781 2244 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:29:38.0781 2244 serenum - ok
18:29:38.0781 2244 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:29:38.0781 2244 Serial - ok
18:29:38.0812 2244 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:29:38.0812 2244 Sfloppy - ok
18:29:38.0843 2244 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:29:38.0859 2244 SharedAccess - ok
18:29:38.0890 2244 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:29:38.0890 2244 ShellHWDetection - ok
18:29:38.0890 2244 Simbad - ok
18:29:38.0937 2244 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate c:\Program Files\Skype\Updater\Updater.exe
18:29:38.0937 2244 SkypeUpdate - ok
18:29:38.0953 2244 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:29:38.0953 2244 SLIP - ok
18:29:38.0984 2244 [ 9DE6E60CE7FD82B4985DE5D9C22265AD ] SNTNLUSB C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
18:29:38.0984 2244 SNTNLUSB - ok
18:29:38.0984 2244 Sparrow - ok
18:29:39.0015 2244 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:29:39.0031 2244 splitter - ok
18:29:39.0062 2244 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:29:39.0062 2244 Spooler - ok
18:29:39.0109 2244 [ 71E276F6D189413266EA22171806597B ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
18:29:39.0125 2244 sptd - ok
18:29:39.0171 2244 [ D39B8DEE1566C30858216521998F382F ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:29:39.0171 2244 SQLAgent$SQLEXPRESS - ok
18:29:39.0234 2244 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:29:39.0234 2244 SQLBrowser - ok
18:29:39.0265 2244 [ 8E6E5CFA06769A417B03FD6FAA29E010 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:29:39.0265 2244 SQLWriter - ok
18:29:39.0265 2244 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:29:39.0281 2244 sr - ok
18:29:39.0281 2244 srescan - ok
18:29:39.0312 2244 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:29:39.0312 2244 srservice - ok
18:29:39.0343 2244 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:29:39.0343 2244 Srv - ok
18:29:39.0359 2244 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:29:39.0359 2244 SSDPSRV - ok
18:29:39.0421 2244 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:29:39.0421 2244 stisvc - ok
18:29:39.0453 2244 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:29:39.0453 2244 streamip - ok
18:29:39.0468 2244 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:29:39.0468 2244 swenum - ok
18:29:39.0546 2244 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:29:39.0640 2244 SwitchBoard - ok
18:29:39.0656 2244 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:29:39.0671 2244 swmidi - ok
18:29:39.0671 2244 SwPrv - ok
18:29:39.0671 2244 symc810 - ok
18:29:39.0671 2244 symc8xx - ok
18:29:39.0687 2244 sym_hi - ok
18:29:39.0687 2244 sym_u3 - ok
18:29:39.0703 2244 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:29:39.0734 2244 sysaudio - ok
18:29:39.0765 2244 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:29:39.0765 2244 SysmonLog - ok
18:29:39.0796 2244 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:29:39.0796 2244 TapiSrv - ok
18:29:39.0812 2244 [ C26C6DFF638D9E51DC5CC60A7785D057 ] tbhsd C:\WINDOWS\system32\drivers\tbhsd.sys
18:29:39.0828 2244 tbhsd - ok
18:29:39.0859 2244 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:29:39.0859 2244 Tcpip - ok
18:29:39.0890 2244 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:29:39.0906 2244 TDPIPE - ok
18:29:39.0906 2244 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:29:39.0906 2244 TDTCP - ok
18:29:39.0937 2244 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:29:39.0937 2244 TermDD - ok
18:29:39.0968 2244 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:29:39.0984 2244 TermService - ok
18:29:40.0015 2244 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:29:40.0015 2244 Themes - ok
18:29:40.0046 2244 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:29:40.0046 2244 TlntSvr - ok
18:29:40.0046 2244 TosIde - ok
18:29:40.0078 2244 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:29:40.0078 2244 TrkWks - ok
18:29:40.0125 2244 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:29:40.0125 2244 Udfs - ok
18:29:40.0140 2244 ultra - ok
18:29:40.0140 2244 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:29:40.0140 2244 Update - ok
18:29:40.0203 2244 [ 325FB38C323C63C7F57885B4DFB1B91E ] UPHClean C:\Program Files\UPHClean\uphclean.exe
18:29:40.0203 2244 UPHClean - ok
18:29:40.0250 2244 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:29:40.0250 2244 upnphost - ok
18:29:40.0281 2244 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:29:40.0281 2244 UPS - ok
18:29:40.0296 2244 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
18:29:40.0296 2244 usbaudio - ok
18:29:40.0312 2244 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:29:40.0312 2244 usbccgp - ok
18:29:40.0359 2244 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:29:40.0359 2244 usbehci - ok
18:29:40.0359 2244 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:29:40.0359 2244 usbhub - ok
18:29:40.0375 2244 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:29:40.0375 2244 usbohci - ok
18:29:40.0406 2244 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:29:40.0406 2244 usbprint - ok
18:29:40.0437 2244 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:29:40.0437 2244 usbscan - ok
18:29:40.0468 2244 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:29:40.0468 2244 USBSTOR - ok
18:29:40.0484 2244 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:29:40.0484 2244 VgaSave - ok
18:29:40.0484 2244 ViaIde - ok
18:29:40.0500 2244 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:29:40.0500 2244 VolSnap - ok
18:29:40.0531 2244 [ 01FADA5896B3D75DECB2196435060251 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
18:29:40.0531 2244 Vsdatant - ok
18:29:40.0562 2244 vsmon - ok
18:29:40.0593 2244 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:29:40.0593 2244 VSS - ok
18:29:40.0625 2244 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:29:40.0625 2244 W32Time - ok
18:29:40.0640 2244 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:29:40.0640 2244 Wanarp - ok
18:29:40.0671 2244 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:29:40.0687 2244 Wdf01000 - ok
18:29:40.0687 2244 WDICA - ok
18:29:40.0718 2244 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:29:40.0718 2244 wdmaud - ok
18:29:40.0750 2244 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:29:40.0750 2244 WebClient - ok
18:29:40.0765 2244 [ 42D2E4D91EA2317240E02059CFF5BF33 ] wgo C:\WINDOWS\system32\drivers\wgo.sys
18:29:40.0796 2244 wgo - ok
18:29:40.0828 2244 [ 2A55AE6D43BC052077C132D53D138C7B ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:29:40.0859 2244 winachsf - ok
18:29:40.0937 2244 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:29:40.0937 2244 winmgmt - ok
18:29:40.0953 2244 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:29:40.0968 2244 WmdmPmSN - ok
18:29:40.0984 2244 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:29:40.0984 2244 Wmi - ok
18:29:41.0000 2244 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:29:41.0000 2244 WmiAcpi - ok
18:29:41.0015 2244 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:29:41.0031 2244 WmiApSrv - ok
18:29:41.0093 2244 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:29:41.0109 2244 WMPNetworkSvc - ok
18:29:41.0140 2244 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:29:41.0140 2244 wscsvc - ok
18:29:41.0156 2244 WSearch - ok
18:29:41.0171 2244 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:29:41.0171 2244 WSTCODEC - ok
18:29:41.0187 2244 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:29:41.0187 2244 wuauserv - ok
18:29:41.0218 2244 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:29:41.0218 2244 WudfPf - ok
18:29:41.0234 2244 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:29:41.0234 2244 WudfRd - ok
18:29:41.0250 2244 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:29:41.0250 2244 WudfSvc - ok
18:29:41.0281 2244 [ BE0B3774113713059527FCF071CCDBFE ] wwEngineSvc C:\Program Files\Webroot\Washer\WasherSvc.exe
18:29:41.0296 2244 wwEngineSvc - ok
18:29:41.0328 2244 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:29:41.0343 2244 WZCSVC - ok
18:29:41.0375 2244 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:29:41.0375 2244 xmlprov - ok
18:29:41.0375 2244 ================ Scan global ===============================
18:29:41.0406 2244 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:29:41.0421 2244 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:29:41.0437 2244 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:29:41.0453 2244 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:29:41.0453 2244 [Global] - ok
18:29:41.0453 2244 ================ Scan MBR ==================================
18:29:41.0484 2244 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:29:41.0593 2244 \Device\Harddisk0\DR0 - ok
18:29:41.0609 2244 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:29:41.0625 2244 \Device\Harddisk1\DR1 - ok
18:29:41.0625 2244 ================ Scan VBR ==================================
18:29:41.0625 2244 [ F820B27D61F20BCCF29B3BD2AB3456F9 ] \Device\Harddisk0\DR0\Partition1
18:29:41.0625 2244 \Device\Harddisk0\DR0\Partition1 - ok
18:29:41.0625 2244 [ F89ECF5733ADEF47507EEEC67C698052 ] \Device\Harddisk1\DR1\Partition1
18:29:41.0625 2244 \Device\Harddisk1\DR1\Partition1 - ok
18:29:41.0625 2244 ============================================================
18:29:41.0625 2244 Scan finished
18:29:41.0625 2244 ============================================================
18:29:41.0640 7076 Detected object count: 0
18:29:41.0640 7076 Actual detected object count: 0
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-20 18:33:34
-----------------------------
18:33:34.125 OS Version: Windows 5.1.2600 Service Pack 3
18:33:34.125 Number of processors: 4 586 0x202
18:33:34.125 ComputerName: KLS UserName: TCW
18:33:38.156 Initialize success
18:35:29.703 AVAST engine defs: 12102001
18:35:32.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5
18:35:32.671 Disk 0 Vendor: Hitachi_HDT721010SLA360 ST6OA31B Size: 953869MB BusType: 3
18:35:32.671 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-11
18:35:32.671 Disk 1 Vendor: MAXTOR_STM3320620AS 3.AAE Size: 305245MB BusType: 3
18:35:32.703 Disk 0 MBR read successfully
18:35:32.703 Disk 0 MBR scan
18:35:32.718 Disk 0 Windows XP default MBR code
18:35:32.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
18:35:32.734 Disk 0 scanning sectors +1953504000
18:35:32.859 Disk 0 scanning C:\WINDOWS\system32\drivers
18:35:52.734 Service scanning
18:36:12.828 Service MpKslfcd24deb c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06295199-47B1-4FC0-A68F-98EB7EBC140D}\MpKslfcd24deb.sys **LOCKED** 32
18:36:13.203 Service MSICDSetup E:\CDriver.sys **LOCKED** 21
18:36:42.000 Modules scanning
18:36:46.859 Disk 0 trace - called modules:
18:36:46.875
18:36:48.296 AVAST engine scan C:\WINDOWS
18:37:01.718 AVAST engine scan C:\WINDOWS\system32
18:43:12.812 AVAST engine scan C:\WINDOWS\system32\drivers
18:44:17.203 AVAST engine scan C:\Documents and Settings\TCW
18:59:46.265 AVAST engine scan C:\Documents and Settings\All Users
19:18:12.953 Scan finished successfully
19:18:44.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TCW\Desktop\MBR.dat"
19:18:44.562 The log file has been saved successfully to "C:\Documents and Settings\TCW\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   499bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 21 October 2012 - 08:17 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs and let me know if the problem persists.

#5 KipTom1

KipTom1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 21 October 2012 - 01:14 PM

Hi nasdaq:

OK, performed all 3 sans successfully, results below:

+++++++++++++++++++++++++++++++
ComboFix 12-10-21.02 - TCW 10/21/2012 13:20:03.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2642 [GMT -4:00]
Running from: c:\documents and settings\TCW\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgfinst.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\TCW\Application Data\inst.exe
c:\documents and settings\TCW\Application Data\tcedition.09.tmp
c:\documents and settings\TCW\g2mdlhlpx.exe
c:\documents and settings\TCW\GoToAssistDownloadHelper.exe
c:\documents and settings\TCW\ResourceReader.dll
c:\documents and settings\TCW\Start Menu\Internet Explorer.lnk
c:\documents and settings\TCW\WINDOWS
c:\program files\ql
c:\program files\ql\Asycfilt.dll
c:\program files\ql\Comcat.dll
c:\program files\ql\Comctl32.ocx
c:\program files\ql\Comdlg32.ocx
c:\program files\ql\Ctl3d32.dll
c:\program files\ql\Dao350.dll
c:\program files\ql\Dbgrid32.ocx
c:\program files\ql\INSTALL.LOG
c:\program files\ql\Msflxgrd.ocx
c:\program files\ql\MSJet35.dll
c:\program files\ql\MSJInt35.dll
c:\program files\ql\MSJtEr35.dll
c:\program files\ql\MSRD2x35.dll
c:\program files\ql\MsRepl35.dll
c:\program files\ql\Msvbvm50.dll
c:\program files\ql\MSVCRT40.dll
c:\program files\ql\Msxbse35.dll
c:\program files\ql\ODBCJI32.dll
c:\program files\ql\ODBCJt32.dll
c:\program files\ql\ODBCTL32.dll
c:\program files\ql\Oleaut32.dll
c:\program files\ql\Olepro32.dll
c:\program files\ql\Qbmap.dbf
c:\program files\ql\ql.exe
c:\program files\ql\Ql.ini
c:\program files\ql\Stdole32.tlb
c:\program files\ql\VB5DB.dll
c:\program files\ql\VBAJet32.dll
c:\recycler\S-1-5-18\$194046e527e61234759029f167e2684a\@
c:\recycler\S-1-5-18\$194046e527e61234759029f167e2684a\L\00000004.@
c:\recycler\S-1-5-18\$194046e527e61234759029f167e2684a\L\201d3dde
c:\recycler\S-1-5-18\$194046e527e61234759029f167e2684a\U\00000004.@
c:\recycler\S-1-5-18\$194046e527e61234759029f167e2684a\U\00000008.@
c:\recycler\S-1-5-18\$194046e527e61234759029f167e2684a\U\000000cb.@
c:\recycler\S-1-5-18\$194046e527e61234759029f167e2684a\U\80000000.@
c:\recycler\S-1-5-18\$194046e527e61234759029f167e2684a\U\80000032.@
c:\recycler\S-1-5-21-507921405-287218729-725345543-1005\$194046e527e61234759029f167e2684a\@
c:\recycler\S-1-5-21-507921405-287218729-725345543-1005\$194046e527e61234759029f167e2684a\U\00000004.@
c:\recycler\S-1-5-21-507921405-287218729-725345543-1005\$194046e527e61234759029f167e2684a\U\000000cb.@
c:\recycler\S-1-5-21-507921405-287218729-725345543-1005\$194046e527e61234759029f167e2684a\U\80000000.@
C:\Thumbs.db
c:\windows\system32\avgfwdx.dll
c:\windows\system32\player.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Service_NVSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-21 to 2012-10-21 )))))))))))))))))))))))))))))))
.
.
2012-10-21 15:36 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6094F8F6-BABD-4553-A3AA-AA3C81895374}\mpengine.dll
2012-10-20 13:59 . 2012-09-25 03:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-20 13:34 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-19 01:36 . 2012-10-19 01:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-10-19 01:31 . 2012-10-19 01:31 -------- d-----w- c:\program files\Common Files\Skype
2012-10-19 01:25 . 2010-04-03 15:47 89952 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-10-19 00:16 . 2012-10-19 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2012-10-18 23:38 . 2012-10-18 23:38 -------- d-----w- C:\AMD
2012-10-18 23:16 . 2012-10-18 23:16 -------- d-----w- c:\program files\AMD APP
2012-10-18 23:12 . 2012-10-18 23:12 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-10-18 23:08 . 2011-11-10 03:26 57344 ----a-w- c:\windows\system32\aticalrt.dll
2012-10-18 23:08 . 2011-11-10 03:20 7196672 ----a-w- c:\windows\system32\aticaldd.dll
2012-10-18 23:08 . 2011-11-10 03:26 53248 ----a-w- c:\windows\system32\aticalcl.dll
2012-10-18 23:07 . 2012-10-18 23:07 -------- d-----w- c:\program files\ATI
2012-10-18 22:47 . 2012-05-14 06:12 103040 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2012-10-18 08:32 . 2012-06-02 19:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-10-18 08:32 . 2012-06-02 19:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-10-17 15:08 . 2012-10-18 13:35 -------- d-----w- C:\Root Fix Files
2012-10-17 13:09 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-17 13:07 . 2012-10-17 13:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-07 22:06 . 2012-10-07 22:06 -------- d-----w- c:\program files\Common Files\Java
2012-09-24 22:25 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-09-24 22:23 . 2012-09-25 00:16 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-09-24 22:19 . 2012-09-24 22:19 -------- d-----w- C:\RegBackup
2012-09-24 22:17 . 2012-09-25 00:16 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-24 22:16 . 2012-09-24 22:16 -------- d-----w- c:\program files\Tweaking.com
2012-09-24 22:07 . 2012-09-24 22:08 -------- d-----w- c:\program files\CCleaner
2012-09-24 21:55 . 2012-09-24 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-19 01:38 . 2012-03-14 18:54 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-10-10 14:19 . 2012-03-30 12:18 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 14:19 . 2011-05-19 12:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 15:55 . 2009-03-02 20:12 1880 ----a-w- c:\windows\AUTOLNCH.REG
2012-10-07 22:06 . 2012-07-05 22:12 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-07 22:06 . 2010-04-18 21:20 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 21:04 . 2009-05-13 19:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03 . 2012-08-31 02:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-27 19:12 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2004-08-04 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2012-02-29 15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-24 19:43 . 2011-07-11 06:14 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-26 07:21 . 2011-10-07 11:23 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-12-01 20:25 . 2012-06-22 23:08 30208 ----a-w- c:\program files\Common Files\Wbox.exe
2012-10-12 16:22 . 2012-10-12 16:21 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\TCW\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\TCW\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\TCW\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\TCW\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Second Copy"="c:\program files\SecCopy\SecCopy.exe" [2007-10-17 2425856]
"ClipTrak Pro"="c:\program files\PC Magazine Utilities\ClipTrak Pro\ClipTrak Pro.exe" [2008-08-08 1361920]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-10-02 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files\AdobeCS6\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files\AdobeCS6\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-07-25 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-07-22 72336]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-28 98304]
.
c:\documents and settings\TCW\Start Menu\Programs\Startup\
AutoMailer.lnk - c:\program files\PM4\AutoMailer\AutoMailer.exe [2012-3-18 73728]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
Microsoft Office.lnk - c:\program files\Microsoft Office\xp\Office10\OSA.EXE [2001-2-13 83360]
Spam Sleuth.lnk - c:\program files\Blue Squirrel\Spam Sleuth\SpamSleuth.exe [2005-4-22 1064960]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-08-16 14:38 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\TCW\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AdobeCS4\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 31952]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/29/2011 1:00 PM 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 301920]
R1 wgo;wgo;c:\windows\system32\drivers\wgo.sys [11/11/2009 12:27 PM 13976]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [9/10/2011 5:43 AM 18432]
R2 APC Data Service;APC Data Service;c:\program files\APC\PowerChute Personal Edition\dataserv.exe [1/24/2012 4:21 PM 21880]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [6/13/2012 3:48 AM 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [7/25/2011 8:57 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [7/25/2011 8:57 AM 493184]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [8/18/2011 1:24 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/27/2010 12:22 PM 12856]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [7/11/2008 1:02 AM 328992]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [3/6/2009 12:36 PM 598856]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [10/18/2012 6:47 PM 103040]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 2:03 AM 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [3/2/2009 12:08 PM 201728]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [9/2/2011 2:31 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [9/2/2011 2:31 AM 12184]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2/28/2009 3:26 PM 56992]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3/3/2009 4:29 PM 47360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2011 5:32 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 1:06 PM 2152720]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 2:03 AM 30944]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2011 5:32 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/2/2012 7:23 PM 115168]
S3 MSICDSetup;MSICDSetup;\??\e:\cdriver.sys --> e:\CDriver.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 11:56 AM 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/2/2009 12:42 PM 717296]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [4/24/2011 1:33 AM 367456]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 19:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 19:13]
.
2012-10-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-KLS-TCW.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-06-22 10:09]
.
2012-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-10-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-19 00:44]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 21:32]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 21:32]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-287218729-725345543-1005Core.job
- c:\documents and settings\TCW\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-24 17:17]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-287218729-725345543-1005UA.job
- c:\documents and settings\TCW\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-24 17:17]
.
2012-10-21 c:\windows\Tasks\User_Feed_Synchronization-{B962CDC1-5663-4AA0-9382-023C51796480}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
2012-03-22 c:\windows\Tasks\WebWhacker 0000.job
- c:\program files\Blue Squirrel\WebWacker 5.0\WW.exe [2012-03-22 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://update.zonelabs.com/checkupdateweb.asp?ProductName=ZoneAlarm+Pro&ProductVersion=7.0.470.000&HU100=ZLN10948910471151-1025&SerialNumber=h9qfnscmc5ivu82de564fi3t180&License=1&Language=EN&Query=Manual&OEM=1025
IE: Add this link to WebWhacker...
IE: Add this page to WebWhacker...
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\xp\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {{E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF}}
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
DPF: {AC3FC1E2-26B3-46E5-8EC2-B1D5E4C90331} - hxxp://www.microseven.com/software/M7IE.cab
FF - ProfilePath - c:\documents and settings\TCW\Application Data\Mozilla\Firefox\Profiles\st6eed1p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com\\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - ExtSQL: 2012-08-28 10:27; {F53C93F1-07D5-430c-86D4-C9531B27DFAF}; c:\program files\AVG\AVG2012\Firefox\DoNotTrack
.
- - - - ORPHANS REMOVED - - - -
.
Notify-LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-21 13:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05AF50AA-22D7-AA1D-A4F48F393CAE2202}\{78C6AA3D-BD77-7FA2-B188C82FA3887936}\{102B7915-3D5B-6524-E77B0FDDDBDD9024}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,fc,b7,7b,
9f,c5,a4,28,66,63,4a,d6,74,6a,61,3f,08,c2,fa,55,eb,60,3d,06,49,fd,f4,d4,52,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5C50551E-1CEC-5ED8-96A0C5DF87E90935}\{AA013BDD-4889-EAA0-94BEE30548386F39}\{2E58C984-1951-CF95-BE5C2D1EE58BF655}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,fc,b7,7b,
9f,c5,a4,28,66,63,4a,d6,74,6a,61,3f,08,c2,fa,55,eb,60,3d,06,49,fd,f4,d4,52,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{866E5309-4DE4-EC1D-5303B5015403F078}\{E4D7DA31-B59C-2F42-84703E9617E7637D}\{F8D6A80B-EA06-4220-85CE61582D500BD8}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{99B3C19D-1110-E642-964288AEAF2709C8}\{40C615DA-7F31-9B5B-0DDF6E89F316E212}\{17EBF9A6-E64A-9733-B8ACE6C016E89E7C}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8CDAF05-7BF4-6974-B2CBA8F9B6C935D6}\{7E800F0E-C7A5-CDEC-81A71D67D6EB20F3}\{6CB69E27-75B4-79A7-A46CED580B63D3F2}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E24A3BE2-0E58-440D-C5291999CC5C5741}\{9EE83BBD-CDA7-8737-4BFE3ADA0C41BF51}\{12860FBF-70CB-D90A-D9669DC891BE38B3}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,fc,b7,7b,
9f,c5,a4,28,66,63,4a,d6,74,6a,61,3f,08,c2,fa,55,eb,60,3d,06,49,fd,f4,d4,52,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1392)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\LMIinit.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1460)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(4344)
c:\windows\system32\WININET.dll
c:\documents and settings\TCW\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\APC\PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\APC\PowerChute Personal Edition\apcsystray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-10-21 13:56:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-21 17:56
.
Pre-Run: 814,908,608,512 bytes free
Post-Run: 815,948,435,456 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5C5938C15CA2D600EEB957EB77955F20




+++++++++++++++++++++++++++++++++++++++++++++++++++++
Results of screen317's Security Check version 0.99.53
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Internet Security 2012
Lavasoft Ad-Watch Live! Anti-Virus
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.65.0.1400
HijackThis 2.0.2
CCleaner
JavaFX 2.1.1
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (16.0.1)
Mozilla Thunderbird (16.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````





++++++++++++++++++++++++++++++
# AdwCleaner v2.005 - Logfile created 10/21/2012 at 14:07:03
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : TCW - KLS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\TCW\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\TCW\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\TCW\Local Settings\Application Data\Ilivid Player
Folder Found : C:\Program Files\Ilivid

***** [Registry] *****

Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\wecarereminder
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Found : HKLM\Software\Headlight
Key Found : HKLM\Software\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKU\S-1-5-21-507921405-287218729-725345543-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default [Profil par défaut]
File : C:\Documents and Settings\TCW\Application Data\Mozilla\Firefox\Profiles\st6eed1p.default\prefs.js

Found : user_pref("browser.search.defaultthis.engineName", "Productivity 3.1 Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&Sea[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\TCW\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3241 octets] - [21/10/2012 14:07:03]

########## EOF - C:\AdwCleaner[R1].txt - [3301 octets] ##########

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 22 October 2012 - 07:45 AM

Open notepad and copy/paste the text in the quote box below into it:

DDS::
IE: Add this link to WebWhacker...
IE: Add this page to WebWhacker...


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Using the Add/Remove Programs applet remove this old version of HijackThis 2.0.2 .
Most forums will now ask to see a DDS log.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[Sn].txt (n is a number)..

Please post the logs and let me know what problem persists.

#7 KipTom1

KipTom1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 22 October 2012 - 01:20 PM

Hi nasdaq:

OK, I have completed your requested steps, please see 2 log files:
(BTW, today AVG scan was completely clean)
-KipTom


++++++++++++++
ComboFix 12-10-22.01 - TCW 10/22/2012 12:50:42.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2383 [GMT -4:00]
Running from: c:\documents and settings\TCW\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\TCW\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\TCW\Start Menu\Internet Explorer.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-09-22 to 2012-10-22 )))))))))))))))))))))))))))))))
.
.
2012-10-22 12:02 . 2012-10-22 12:02 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79D81456-31A1-4E21-BD7A-2C9F58633C29}\MpKslace49223.sys
2012-10-21 22:08 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79D81456-31A1-4E21-BD7A-2C9F58633C29}\mpengine.dll
2012-10-20 13:59 . 2012-09-25 03:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-20 13:34 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-19 01:36 . 2012-10-19 01:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-10-19 01:31 . 2012-10-19 01:31 -------- d-----w- c:\program files\Common Files\Skype
2012-10-19 01:25 . 2010-04-03 15:47 89952 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-10-19 00:16 . 2012-10-19 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2012-10-18 23:38 . 2012-10-18 23:38 -------- d-----w- C:\AMD
2012-10-18 23:16 . 2012-10-18 23:16 -------- d-----w- c:\program files\AMD APP
2012-10-18 23:12 . 2012-10-18 23:12 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-10-18 23:08 . 2011-11-10 03:26 57344 ----a-w- c:\windows\system32\aticalrt.dll
2012-10-18 23:08 . 2011-11-10 03:20 7196672 ----a-w- c:\windows\system32\aticaldd.dll
2012-10-18 23:08 . 2011-11-10 03:26 53248 ----a-w- c:\windows\system32\aticalcl.dll
2012-10-18 23:07 . 2012-10-18 23:07 -------- d-----w- c:\program files\ATI
2012-10-18 22:47 . 2012-05-14 06:12 103040 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2012-10-18 08:32 . 2012-06-04 21:35 222448 ----a-w- c:\windows\system32\muweb.dll
2012-10-18 08:32 . 2012-06-02 19:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-10-17 15:08 . 2012-10-18 13:35 -------- d-----w- C:\Root Fix Files
2012-10-17 13:09 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-17 13:07 . 2012-10-17 13:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-07 22:06 . 2012-10-07 22:06 -------- d-----w- c:\program files\Common Files\Java
2012-09-24 22:25 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-09-24 22:23 . 2012-09-25 00:16 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-09-24 22:19 . 2012-09-24 22:19 -------- d-----w- C:\RegBackup
2012-09-24 22:17 . 2012-09-25 00:16 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-24 22:16 . 2012-09-24 22:16 -------- d-----w- c:\program files\Tweaking.com
2012-09-24 22:07 . 2012-09-24 22:08 -------- d-----w- c:\program files\CCleaner
2012-09-24 21:55 . 2012-09-24 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-19 01:38 . 2012-03-14 18:54 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-10-10 14:19 . 2012-03-30 12:18 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 14:19 . 2011-05-19 12:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 15:55 . 2009-03-02 20:12 1880 ----a-w- c:\windows\AUTOLNCH.REG
2012-10-07 22:06 . 2012-07-05 22:12 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-07 22:06 . 2010-04-18 21:20 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 21:04 . 2009-05-13 19:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03 . 2012-08-31 02:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-27 19:12 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2004-08-04 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2012-02-29 15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-24 19:43 . 2011-07-11 06:14 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-26 07:21 . 2011-10-07 11:23 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-12-01 20:25 . 2012-06-22 23:08 30208 ----a-w- c:\program files\Common Files\Wbox.exe
2012-10-12 16:22 . 2012-10-12 16:21 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\TCW\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\TCW\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\TCW\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\TCW\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Second Copy"="c:\program files\SecCopy\SecCopy.exe" [2007-10-17 2425856]
"ClipTrak Pro"="c:\program files\PC Magazine Utilities\ClipTrak Pro\ClipTrak Pro.exe" [2008-08-08 1361920]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-10-02 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files\AdobeCS6\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files\AdobeCS6\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-07-25 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-07-22 72336]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-28 98304]
.
c:\documents and settings\TCW\Start Menu\Programs\Startup\
AutoMailer.lnk - c:\program files\PM4\AutoMailer\AutoMailer.exe [2012-3-18 73728]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
Microsoft Office.lnk - c:\program files\Microsoft Office\xp\Office10\OSA.EXE [2001-2-13 83360]
Spam Sleuth.lnk - c:\program files\Blue Squirrel\Spam Sleuth\SpamSleuth.exe [2005-4-22 1064960]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-08-16 14:38 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\TCW\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AdobeCS4\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 31952]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/29/2011 1:00 PM 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 301920]
R1 MpKslace49223;MpKslace49223;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79D81456-31A1-4E21-BD7A-2C9F58633C29}\MpKslace49223.sys [10/22/2012 8:02 AM 29904]
R1 wgo;wgo;c:\windows\system32\drivers\wgo.sys [11/11/2009 12:27 PM 13976]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [9/10/2011 5:43 AM 18432]
R2 APC Data Service;APC Data Service;c:\program files\APC\PowerChute Personal Edition\dataserv.exe [1/24/2012 4:21 PM 21880]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [6/13/2012 3:48 AM 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [7/25/2011 8:57 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [7/25/2011 8:57 AM 493184]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [8/18/2011 1:24 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/27/2010 12:22 PM 12856]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [7/11/2008 1:02 AM 328992]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [3/6/2009 12:36 PM 598856]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [10/18/2012 6:47 PM 103040]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 2:03 AM 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [3/2/2009 12:08 PM 201728]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [9/2/2011 2:31 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [9/2/2011 2:31 AM 12184]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2/28/2009 3:26 PM 56992]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3/3/2009 4:29 PM 47360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2011 5:32 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 1:06 PM 2152720]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 2:03 AM 30944]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2011 5:32 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/2/2012 7:23 PM 115168]
S3 MSICDSetup;MSICDSetup;\??\e:\cdriver.sys --> e:\CDriver.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 11:56 AM 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/2/2009 12:42 PM 717296]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [4/24/2011 1:33 AM 367456]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLACE49223
*Deregistered* - Lavasoft Kernexplorer
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 19:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 19:13]
.
2012-10-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-KLS-TCW.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-06-22 10:09]
.
2012-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-10-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-19 00:44]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 21:32]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 21:32]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-287218729-725345543-1005Core.job
- c:\documents and settings\TCW\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-24 17:17]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-287218729-725345543-1005UA.job
- c:\documents and settings\TCW\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-24 17:17]
.
2012-10-22 c:\windows\Tasks\User_Feed_Synchronization-{B962CDC1-5663-4AA0-9382-023C51796480}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
2012-03-22 c:\windows\Tasks\WebWhacker 0000.job
- c:\program files\Blue Squirrel\WebWacker 5.0\WW.exe [2012-03-22 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://update.zonelabs.com/checkupdateweb.asp?ProductName=ZoneAlarm+Pro&ProductVersion=7.0.470.000&HU100=ZLN10948910471151-1025&SerialNumber=h9qfnscmc5ivu82de564fi3t180&License=1&Language=EN&Query=Manual&OEM=1025
IE: Add this link to WebWhacker...
IE: Add this page to WebWhacker...
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\xp\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {{E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF}}
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
DPF: {AC3FC1E2-26B3-46E5-8EC2-B1D5E4C90331} - hxxp://www.microseven.com/software/M7IE.cab
FF - ProfilePath - c:\documents and settings\TCW\Application Data\Mozilla\Firefox\Profiles\st6eed1p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com\\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - ExtSQL: 2012-08-28 10:27; {F53C93F1-07D5-430c-86D4-C9531B27DFAF}; c:\program files\AVG\AVG2012\Firefox\DoNotTrack
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-22 13:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05AF50AA-22D7-AA1D-A4F48F393CAE2202}\{78C6AA3D-BD77-7FA2-B188C82FA3887936}\{102B7915-3D5B-6524-E77B0FDDDBDD9024}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,fc,b7,7b,
9f,c5,a4,28,66,63,4a,d6,74,6a,61,3f,08,c2,fa,55,eb,60,3d,06,49,fd,f4,d4,52,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5C50551E-1CEC-5ED8-96A0C5DF87E90935}\{AA013BDD-4889-EAA0-94BEE30548386F39}\{2E58C984-1951-CF95-BE5C2D1EE58BF655}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,fc,b7,7b,
9f,c5,a4,28,66,63,4a,d6,74,6a,61,3f,08,c2,fa,55,eb,60,3d,06,49,fd,f4,d4,52,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{866E5309-4DE4-EC1D-5303B5015403F078}\{E4D7DA31-B59C-2F42-84703E9617E7637D}\{F8D6A80B-EA06-4220-85CE61582D500BD8}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{99B3C19D-1110-E642-964288AEAF2709C8}\{40C615DA-7F31-9B5B-0DDF6E89F316E212}\{17EBF9A6-E64A-9733-B8ACE6C016E89E7C}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C8CDAF05-7BF4-6974-B2CBA8F9B6C935D6}\{7E800F0E-C7A5-CDEC-81A71D67D6EB20F3}\{6CB69E27-75B4-79A7-A46CED580B63D3F2}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E24A3BE2-0E58-440D-C5291999CC5C5741}\{9EE83BBD-CDA7-8737-4BFE3ADA0C41BF51}\{12860FBF-70CB-D90A-D9669DC891BE38B3}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,fc,b7,7b,
9f,c5,a4,28,66,63,4a,d6,74,6a,61,3f,08,c2,fa,55,eb,60,3d,06,49,fd,f4,d4,52,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1376)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\LMIinit.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1452)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-10-22 13:15:13
ComboFix-quarantined-files.txt 2012-10-22 17:15
ComboFix2.txt 2012-10-21 17:56
.
Pre-Run: 815,983,443,968 bytes free
Post-Run: 815,964,852,224 bytes free
.
- - End Of File - - F9108C5418B9EB770B73BDDB743A6B4C
++++++++++



# AdwCleaner v2.005 - Logfile created 10/22/2012 at 13:37:19
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : TCW - KLS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\TCW\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\TCW\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\TCW\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Program Files\Ilivid

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\Software\Headlight
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default [Profil par défaut]
File : C:\Documents and Settings\TCW\Application Data\Mozilla\Firefox\Profiles\st6eed1p.default\prefs.js

Deleted : user_pref("browser.search.defaultthis.engineName", "Productivity 3.1 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&Sea[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\TCW\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3370 octets] - [21/10/2012 14:07:03]
AdwCleaner[S1].txt - [3207 octets] - [22/10/2012 13:37:19]

########## EOF - C:\AdwCleaner[S1].txt - [3267 octets] ##########

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 23 October 2012 - 08:00 AM

Glad we could help.

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#9 KipTom1

KipTom1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 23 October 2012 - 10:31 AM

Thanks nasdaq!
Before I conclude with the cleanup, I should mention that the system shutdown did not complete last evening "windows is shutting down..." displayed for over an hour, I turned it off. This morning normal boot, all works, but get a BSD and error on normal shutdown (I took a photo of screen message / attached). Again, on power up all works fine. Should this be addressed here, or in another forum area?
Thanks in advance
KipTom

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 23 October 2012 - 01:47 PM

General causes of "STOP 0x0000007F" errors
http://support.microsoft.com/kb/137539

As you will see in the article

The most important parameter is the first one (0x0000000X)

0x00000000 Divide by Zero Error

Divide by zero error
A divide by zero is caused when a DIV instruction is executed and the divisor is 0. Memory corruption (or other hardware problems) or software failures can cause this.

===

I suggest you start a new topic in the XP forum.


Windows XP forum
http://www.bleepingcomputer.com/forums/forum56.html

#11 KipTom1

KipTom1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 23 October 2012 - 02:31 PM

Thank you nasdaq! I really appreciate your time, and effort.
;-)

KipTom

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 24 October 2012 - 07:50 AM

I was thinking about your problem.

If this is caused by a running program you can find out by closing all applications, windows, etc. before shutting down.
If you do not get the error then one of the running programs is the culprit.

By trial and error you can shut down leaving one or 2 programs running if all is well next time leave more programs running.
At one point you may be able to identify the culprit.

#13 KipTom1

KipTom1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 24 October 2012 - 12:36 PM

Hi nasdaq:

Thanks for your extra input (I'm pretty experienced, built 100s of boxes, and thus always remember the wise words of Socrates: "The wise man is the one who knows what he does not know"). So I ask for help, opinions, options, and the exact expertise like yours.

Your advice is excellent, and since the problem is not consistent (so most likely not hardware), it's probably in your suggested area.

Plan B is to take the box to my pc expert (who built it), and is the IT sys admin for an entire college... but then I'm "offline" with work for a few days... (the single screen backup and notebook just don't cut it).

When (if) I find the answer I'll post it.
Many thanks,
:thumbup2:
KipTom




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users