Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicking on links in IE takes me to random ad sites


  • This topic is locked This topic is locked
11 replies to this topic

#1 PZ9ers

PZ9ers

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 06 December 2012 - 02:02 AM

I have problems in google and bing with links. Clicking on a link after a search in google or bing takes me to random ad sites.

I had a post in: BleepingComputer.com > Security > Am I infected? What do I do?
After taking the following steps, the person assisting me said that he couldn't solve the problem, and to post to this forum.

Here are the steps taken in that forum:
1) Ran TDSSkiller and posted log
2) Ran aswMBR and posted log
3) Ran ESET online scanner and posted results
4) Ran Malwarebytes and posted log
5) Ran mini toolbox and posted results
6) Ran adware cleaner and posted log
7) Ran Junkware removal tool and posted log
8) Ran Bleepingcomputer.com rkill, posted contents
9) Ran autoruns and posted contents
10) Ran Microsoft fixit tool, reset internet explorer, restarted PC
11) Uninstalled IE 8, now have IE version 7
12) Opened MSConfig, changed setting to Normal Startup, rebooted the computer, and ran autoruns (again) and posted log

Anything you can do to help would be greatly appreciated. Here are the logs (one pasted and one attached) Attached File  attach.txt   17.6KB   2 downloadsper your instructions. Thanks!

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16850
Run by Sean Clark at 22:38:28 on 2012-12-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.286 [GMT -8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Documents and Settings\Sean Clark\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Walgreens PictureMover\Bin\PictureMover.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
uProxyServer = hxxp=
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AbacastDistributedOnDemand:11] c:\documents and settings\sean clark\local settings\application data\abacastdistributedondemand\node\11\AbacastDistributedOnDemand.exe -r:11 -x:1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [WatcherHelper] "c:\program files\sierra wireless inc\3g watcher\WaHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snapfi~1.lnk - c:\program files\walgreens picturemover\bin\PictureMover.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353663187859
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://mail.myedgelink.com/Remote/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} - hxxp://webcamnow.com/fs5/ax/ActiveXWebCam.cab
DPF: {A417A857-7019-49DC-9A73-A0CBC965F483} - hxxp://webcamnow.com/fs5/voice/voice.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 75.75.75.75
TCP: Interfaces\{F9491789-8B82-42A7-BF59-7E37D10E77F3} : DHCPNameServer = 192.168.1.1 75.75.75.75
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-11-24 13560]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-25 399432]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2007-3-26 20352]
S0 adwarealert;adwarealert;c:\windows\system32\drivers\adwarealert.sys --> c:\windows\system32\drivers\adwarealert.sys [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-5-12 676936]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-5-12 42376]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-5-12 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-5-12 81288]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-5-12 22856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-5-12 337800]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-5-12 1017224]
S3 SPCA508A;iCam320;c:\windows\system32\drivers\SPCA508A.SYS [2007-3-22 99017]
.
=============== Created Last 30 ================
.
2012-12-01 20:52:53 -------- d-----w- c:\windows\ERUNT
2012-12-01 20:52:46 -------- d-----w- C:\JRT
2012-11-26 04:15:57 -------- d-----w- C:\ComboFix
2012-11-25 04:29:56 -------- d-----w- c:\documents and settings\sean clark\application data\LavasoftStatistics
2012-11-25 03:57:23 -------- d-----w- c:\documents and settings\sean clark\local settings\application data\Downloaded Installations
2012-11-25 03:57:15 44424 ----a-w- c:\windows\system32\sbbd.exe
2012-11-25 03:57:15 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-11-25 03:56:07 -------- d-----w- c:\documents and settings\sean clark\application data\blekko
2012-11-25 02:22:26 -------- d-----w- C:\456out
2012-11-24 23:28:57 -------- d-----w- c:\program files\ESET
2012-11-24 09:25:19 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-11-24 09:24:54 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-11-24 08:44:26 -------- d-----w- c:\documents and settings\sean clark\local settings\application data\FixItCenter
2012-11-24 08:39:11 -------- d-----w- c:\windows\MATS
2012-11-24 08:39:10 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-11-23 09:03:46 -------- d-----w- c:\windows\system32\XPSViewer
2012-11-23 09:02:53 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-11-23 09:02:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-11-23 09:02:06 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-11-23 09:02:06 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-11-23 09:02:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-11-23 09:02:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-11-23 09:02:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-11-23 09:02:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-11-23 09:02:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-11-23 09:02:06 -------- d-----w- C:\f2c70b84f80c875b577da7
2012-11-18 17:57:16 126976 --sha-r- c:\windows\system32\docprop2Y.dll
.
==================== Find3M ====================
.
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-11 03:03:49 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-11 03:03:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 02:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 22:39:54.25 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 PM

Posted 09 December 2012 - 02:13 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs and let me know if the problem persists.

#3 PZ9ers

PZ9ers
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 09 December 2012 - 06:14 PM

Here are the logs for each of the scans. I ran some tests afterwards clicking on links in google and bing, and it appears to be fixed! Please let me know if I can upgrade my exlorer back up to version 8, and if I need to uninstall any of the many programs downloaded from this site. Thanks!

ComboFix 12-12-07.01 - Sean Clark 12/09/2012 14:34:17.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.892 [GMT -8:00]
Running from: c:\documents and settings\Sean Clark\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 )))))))))))))))))))))))))))))))
.
.
2012-12-01 20:52 . 2012-12-01 20:52 -------- d-----w- c:\windows\ERUNT
2012-12-01 20:52 . 2012-12-01 20:52 -------- d-----w- C:\JRT
2012-11-25 04:29 . 2012-11-25 04:29 -------- d-----w- c:\documents and settings\Sean Clark\Application Data\LavasoftStatistics
2012-11-25 03:57 . 2012-11-25 03:57 -------- d-----w- c:\documents and settings\Sean Clark\Local Settings\Application Data\Downloaded Installations
2012-11-25 03:57 . 2012-11-25 03:57 44424 ----a-w- c:\windows\system32\sbbd.exe
2012-11-25 03:57 . 2012-11-25 03:57 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-11-25 03:56 . 2012-11-25 03:56 -------- d-----w- c:\documents and settings\Sean Clark\Application Data\blekko
2012-11-25 02:22 . 2012-11-25 02:33 -------- d-----w- C:\456out
2012-11-24 23:28 . 2012-11-24 23:28 -------- d-----w- c:\program files\ESET
2012-11-24 09:25 . 2012-11-24 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-11-24 09:24 . 2012-12-01 19:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-11-24 08:44 . 2012-11-24 08:44 -------- d-----w- c:\documents and settings\Sean Clark\Local Settings\Application Data\FixItCenter
2012-11-24 08:39 . 2012-11-24 08:39 -------- d-----w- c:\windows\MATS
2012-11-24 08:39 . 2012-11-24 08:39 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-11-23 09:03 . 2012-11-23 09:57 -------- d-----w- c:\windows\system32\XPSViewer
2012-11-23 09:03 . 2012-11-23 09:03 -------- d-----w- c:\program files\MSBuild
2012-11-23 09:03 . 2012-11-23 09:03 -------- d-----w- c:\program files\Reference Assemblies
2012-11-23 09:02 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-11-23 09:02 . 2012-11-23 09:03 -------- d-----w- C:\f2c70b84f80c875b577da7
2012-11-23 09:02 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-11-23 09:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-11-23 09:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-11-23 09:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-11-23 09:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-11-23 09:02 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-11-23 09:02 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-11-23 09:02 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-11-18 17:57 . 2012-11-18 17:57 126976 --sha-r- c:\windows\system32\docprop2Y.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:37 . 2004-08-04 08:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-11 03:03 . 2012-06-10 00:18 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-11 03:03 . 2011-10-30 20:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2004-08-04 08:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 02:54 . 2008-05-13 03:36 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
"AbacastDistributedOnDemand:11"="c:\documents and settings\Sean Clark\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" [2009-04-15 54712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-14 507904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"WatcherHelper"="c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2008-01-31 120088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Snapfish PictureMover.lnk - c:\program files\Walgreens PictureMover\Bin\PictureMover.exe [2012-5-21 1031072]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DVR\\DVRClient\\PiClient.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\MOBOTIX\\MOBOTIX MxControlCenter\\MxCC.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sierra Wireless Inc\\3G Watcher\\SwiApiMux.exe"=
"c:\\Program Files\\Destiny\\RadioDestiny Broadcaster\\RadioDestiny Broadcaster.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [11/24/2012 7:57 PM 13560]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/25/2012 8:00 PM 399432]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 1:06 AM 231424]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [3/26/2007 1:18 PM 20352]
S0 adwarealert;adwarealert;c:\windows\system32\DRIVERS\adwarealert.sys --> c:\windows\system32\DRIVERS\adwarealert.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/12/2008 7:36 PM 676936]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/12/2008 7:36 PM 22856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/12/2008 7:16 PM 337800]
S3 SPCA508A;iCam320;c:\windows\system32\drivers\SPCA508A.SYS [3/22/2007 10:06 AM 99017]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 03:04]
.
2012-12-06 c:\windows\Tasks\Rzxab.job
- c:\windows\system32\docprop2Y.dll [2012-11-18 17:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
uInternet Settings,ProxyServer = http=
Trusted Zone: myedgelink.com\mail
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75
DPF: {A417A857-7019-49DC-9A73-A0CBC965F483} - hxxp://webcamnow.com/fs5/voice/voice.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-09 14:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?p???? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-12-09 14:41:48
ComboFix-quarantined-files.txt 2012-12-09 22:41
ComboFix2.txt 2012-11-26 04:25
ComboFix3.txt 2012-11-25 22:43
ComboFix4.txt 2012-11-25 02:33
ComboFix5.txt 2012-12-09 22:32
.
Pre-Run: 12,124,774,400 bytes free
Post-Run: 12,229,459,968 bytes free
.
- - End Of File - - 624D61A3D5499E2221E325E3A5C22EC9



Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Security Scan Plus
`````````Anti-malware/Other Utilities Check:`````````
Spyware Doctor 5.5
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



# AdwCleaner v2.100 - Logfile created 12/09/2012 at 14:47:08
# Updated 09/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Sean Clark - SEANLAPTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Sean Clark\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.16850

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [542 octets] - [09/12/2012 14:47:08]
AdwCleaner[S1].txt - [2557 octets] - [01/12/2012 12:46:46]

########## EOF - C:\AdwCleaner[R1].txt - [661 octets] ##########

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 PM

Posted 10 December 2012 - 09:59 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

You can get IE 8 from this site.
http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-8

===

When all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#5 PZ9ers

PZ9ers
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 12 December 2012 - 12:26 AM

Bad news, the problem is back. Clicking on links now takes me back to ad sites. :-(

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 PM

Posted 13 December 2012 - 08:44 AM

Lets check deeper.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#7 PZ9ers

PZ9ers
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 14 December 2012 - 07:08 PM

Thanks! I've included the text of the two scans below, as well as attaching the .dat file. Thank you for your help with this!

15:09:38.0046 2056 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:09:38.0562 2056 ============================================================
15:09:38.0562 2056 Current date / time: 2012/12/14 15:09:38.0562
15:09:38.0562 2056 SystemInfo:
15:09:38.0562 2056
15:09:38.0562 2056 OS Version: 5.1.2600 ServicePack: 3.0
15:09:38.0562 2056 Product type: Workstation
15:09:38.0562 2056 ComputerName: SEANLAPTOP
15:09:38.0562 2056 UserName: Sean Clark
15:09:38.0562 2056 Windows directory: C:\WINDOWS
15:09:38.0562 2056 System windows directory: C:\WINDOWS
15:09:38.0562 2056 Processor architecture: Intel x86
15:09:38.0562 2056 Number of processors: 1
15:09:38.0562 2056 Page size: 0x1000
15:09:38.0562 2056 Boot type: Normal boot
15:09:38.0562 2056 ============================================================
15:09:39.0500 2056 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:09:39.0500 2056 ============================================================
15:09:39.0500 2056 \Device\Harddisk0\DR0:
15:09:39.0500 2056 MBR partitions:
15:09:39.0500 2056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAB6C936
15:09:39.0500 2056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0xAB70836, BlocksNum 0xEE060B
15:09:39.0500 2056 ============================================================
15:09:39.0515 2056 C: <-> \Device\Harddisk0\DR0\Partition1
15:09:39.0546 2056 D: <-> \Device\Harddisk0\DR0\Partition2
15:09:39.0546 2056 ============================================================
15:09:39.0546 2056 Initialize success
15:09:39.0546 2056 ============================================================
15:09:44.0125 3412 ============================================================
15:09:44.0125 3412 Scan started
15:09:44.0125 3412 Mode: Manual;
15:09:44.0125 3412 ============================================================
15:09:45.0000 3412 ================ Scan system memory ========================
15:09:45.0000 3412 System memory - ok
15:09:45.0000 3412 ================ Scan services =============================
15:09:45.0250 3412 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys
15:09:45.0250 3412 61883 - ok
15:09:45.0265 3412 Abiosdsk - ok
15:09:45.0281 3412 abp480n5 - ok
15:09:45.0328 3412 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:09:45.0328 3412 ACPI - ok
15:09:45.0390 3412 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:09:45.0390 3412 ACPIEC - ok
15:09:45.0468 3412 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:09:45.0468 3412 AdobeFlashPlayerUpdateSvc - ok
15:09:45.0484 3412 adpu160m - ok
15:09:45.0500 3412 adwarealert - ok
15:09:45.0546 3412 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:09:45.0546 3412 aec - ok
15:09:45.0609 3412 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:09:45.0625 3412 AFD - ok
15:09:45.0640 3412 Aha154x - ok
15:09:45.0671 3412 aic78u2 - ok
15:09:45.0687 3412 aic78xx - ok
15:09:45.0750 3412 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:09:45.0765 3412 Alerter - ok
15:09:45.0812 3412 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:09:45.0812 3412 ALG - ok
15:09:45.0859 3412 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
15:09:45.0859 3412 AliIde - ok
15:09:45.0906 3412 [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:09:45.0906 3412 AmdK8 - ok
15:09:45.0921 3412 amsint - ok
15:09:46.0531 3412 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:09:46.0531 3412 Apple Mobile Device - ok
15:09:46.0546 3412 AppMgmt - ok
15:09:46.0593 3412 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:09:46.0593 3412 Arp1394 - ok
15:09:46.0609 3412 asc - ok
15:09:46.0625 3412 asc3350p - ok
15:09:46.0640 3412 asc3550 - ok
15:09:46.0781 3412 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:09:46.0781 3412 aspnet_state - ok
15:09:46.0812 3412 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:09:46.0812 3412 AsyncMac - ok
15:09:46.0828 3412 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:09:46.0828 3412 atapi - ok
15:09:46.0843 3412 Atdisk - ok
15:09:46.0906 3412 [ B395912B170A709DC1B6E113E378C554 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
15:09:46.0906 3412 Ati HotKey Poller - ok
15:09:46.0968 3412 [ 287B11A781F2B7A28F283FD4B7434DAF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:09:47.0031 3412 ati2mtag - ok
15:09:47.0062 3412 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:09:47.0062 3412 Atmarpc - ok
15:09:47.0109 3412 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:09:47.0125 3412 AudioSrv - ok
15:09:47.0171 3412 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:09:47.0171 3412 audstub - ok
15:09:47.0218 3412 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
15:09:47.0218 3412 Avc - ok
15:09:47.0328 3412 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
15:09:47.0328 3412 BBSvc - ok
15:09:47.0375 3412 [ 30D20FC98BCFD52E1DA778CF19B223D4 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:09:47.0390 3412 BCM43XX - ok
15:09:47.0406 3412 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:09:47.0406 3412 Beep - ok
15:09:47.0453 3412 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:09:47.0453 3412 BITS - ok
15:09:47.0500 3412 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:09:47.0500 3412 Browser - ok
15:09:47.0531 3412 [ E76DC88F00D50F46072FEB2371769978 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
15:09:47.0531 3412 BTWUSB - ok
15:09:47.0578 3412 [ C2EF37F09CFEE9665E6CD7C0B0AFB84F ] CAMCAUD C:\WINDOWS\system32\drivers\camc6aud.sys
15:09:47.0578 3412 CAMCAUD - ok
15:09:47.0609 3412 [ 512DF898DE5C0654647ACD5C82F0BD99 ] CAMCHALA C:\WINDOWS\system32\drivers\camc6hal.sys
15:09:47.0625 3412 CAMCHALA - ok
15:09:47.0750 3412 catchme - ok
15:09:47.0812 3412 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:09:47.0812 3412 cbidf2k - ok
15:09:47.0859 3412 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:09:47.0859 3412 CCDECODE - ok
15:09:47.0875 3412 cd20xrnt - ok
15:09:47.0921 3412 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:09:47.0921 3412 Cdaudio - ok
15:09:47.0953 3412 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:09:47.0953 3412 Cdfs - ok
15:09:47.0984 3412 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:09:47.0984 3412 Cdrom - ok
15:09:48.0000 3412 Changer - ok
15:09:48.0046 3412 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:09:48.0046 3412 CiSvc - ok
15:09:48.0078 3412 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:09:48.0078 3412 ClipSrv - ok
15:09:48.0125 3412 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:09:48.0125 3412 clr_optimization_v2.0.50727_32 - ok
15:09:48.0156 3412 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:09:48.0156 3412 CmBatt - ok
15:09:48.0171 3412 CmdIde - ok
15:09:48.0203 3412 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:09:48.0203 3412 Compbatt - ok
15:09:48.0218 3412 COMSysApp - ok
15:09:48.0250 3412 Cpqarray - ok
15:09:48.0296 3412 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:09:48.0296 3412 CryptSvc - ok
15:09:48.0312 3412 dac2w2k - ok
15:09:48.0328 3412 dac960nt - ok
15:09:48.0390 3412 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:09:48.0406 3412 DcomLaunch - ok
15:09:48.0453 3412 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:09:48.0453 3412 Dhcp - ok
15:09:48.0468 3412 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:09:48.0468 3412 Disk - ok
15:09:48.0484 3412 dmadmin - ok
15:09:48.0531 3412 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:09:48.0562 3412 dmboot - ok
15:09:48.0578 3412 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:09:48.0578 3412 dmio - ok
15:09:48.0625 3412 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:09:48.0625 3412 dmload - ok
15:09:48.0671 3412 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:09:48.0671 3412 dmserver - ok
15:09:48.0687 3412 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:09:48.0687 3412 DMusic - ok
15:09:48.0734 3412 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:09:48.0750 3412 Dnscache - ok
15:09:48.0781 3412 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:09:48.0781 3412 Dot3svc - ok
15:09:48.0796 3412 dpti2o - ok
15:09:48.0828 3412 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:09:48.0828 3412 drmkaud - ok
15:09:48.0875 3412 [ C6ACA0190EE7B614673EE0C91863B1EB ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
15:09:48.0875 3412 eabfiltr - ok
15:09:48.0890 3412 [ DA1011DB09AD641DE40CD5CCA70C0C43 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys
15:09:48.0906 3412 eabusb - ok
15:09:48.0937 3412 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:09:48.0937 3412 EapHost - ok
15:09:48.0984 3412 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:09:48.0984 3412 ERSvc - ok
15:09:49.0046 3412 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:09:49.0046 3412 Eventlog - ok
15:09:49.0093 3412 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:09:49.0109 3412 EventSystem - ok
15:09:49.0156 3412 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:09:49.0171 3412 Fastfat - ok
15:09:49.0234 3412 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:09:49.0250 3412 FastUserSwitchingCompatibility - ok
15:09:49.0265 3412 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:09:49.0265 3412 Fdc - ok
15:09:49.0296 3412 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:09:49.0296 3412 Fips - ok
15:09:49.0296 3412 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:09:49.0296 3412 Flpydisk - ok
15:09:49.0359 3412 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:09:49.0359 3412 FltMgr - ok
15:09:49.0468 3412 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:09:49.0468 3412 FontCache3.0.0.0 - ok
15:09:49.0515 3412 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:09:49.0515 3412 Fs_Rec - ok
15:09:49.0546 3412 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:09:49.0546 3412 Ftdisk - ok
15:09:49.0578 3412 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:09:49.0578 3412 GEARAspiWDM - ok
15:09:49.0609 3412 [ 483924F92E55A5F9423201EC635E2CED ] gfibto C:\WINDOWS\system32\drivers\gfibto.sys
15:09:49.0609 3412 gfibto - ok
15:09:49.0656 3412 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:09:49.0656 3412 Gpc - ok
15:09:49.0750 3412 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:09:49.0750 3412 gusvc - ok
15:09:49.0859 3412 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:09:49.0859 3412 helpsvc - ok
15:09:49.0875 3412 HidServ - ok
15:09:49.0937 3412 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:09:49.0937 3412 HidUsb - ok
15:09:49.0968 3412 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:09:49.0968 3412 hkmsvc - ok
15:09:50.0000 3412 hpn - ok
15:09:50.0078 3412 [ 16CF6F0847C36FF3A85930ECBC4D3C43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:09:50.0078 3412 hpqwmiex - ok
15:09:50.0125 3412 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:09:50.0125 3412 HPZid412 - ok
15:09:50.0187 3412 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:09:50.0187 3412 HPZipr12 - ok
15:09:50.0234 3412 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:09:50.0234 3412 HPZius12 - ok
15:09:50.0296 3412 [ 14794F142BEFC962AB142584607A6631 ] HSFHWATI C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
15:09:50.0312 3412 HSFHWATI - ok
15:09:50.0406 3412 [ F99BB4E2B462198B2B0A82D0949F0C41 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
15:09:50.0468 3412 HSF_DP - ok
15:09:50.0546 3412 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:09:50.0546 3412 HTTP - ok
15:09:50.0593 3412 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:09:50.0593 3412 HTTPFilter - ok
15:09:50.0609 3412 i2omgmt - ok
15:09:50.0625 3412 i2omp - ok
15:09:50.0671 3412 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:09:50.0687 3412 i8042prt - ok
15:09:50.0781 3412 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:09:50.0781 3412 IDriverT - ok
15:09:50.0968 3412 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:09:50.0984 3412 idsvc - ok
15:09:51.0031 3412 [ 3D8A88BD1E6A640807691198A8342E8C ] IKFileSec C:\WINDOWS\system32\drivers\ikfilesec.sys
15:09:51.0031 3412 IKFileSec - ok
15:09:51.0062 3412 [ 7583E2211097D273FCA4E3FCE04F639F ] IKSysFlt C:\WINDOWS\system32\drivers\iksysflt.sys
15:09:51.0078 3412 IKSysFlt - ok
15:09:51.0093 3412 [ 2402F65F1ECA5159C8F0F16066F4BDED ] IKSysSec C:\WINDOWS\system32\drivers\iksyssec.sys
15:09:51.0109 3412 IKSysSec - ok
15:09:51.0171 3412 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:09:51.0171 3412 Imapi - ok
15:09:51.0234 3412 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:09:51.0234 3412 ImapiService - ok
15:09:51.0265 3412 ini910u - ok
15:09:51.0312 3412 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:09:51.0312 3412 IntelIde - ok
15:09:51.0343 3412 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:09:51.0343 3412 Ip6Fw - ok
15:09:51.0406 3412 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:09:51.0406 3412 IpFilterDriver - ok
15:09:51.0437 3412 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:09:51.0437 3412 IpInIp - ok
15:09:51.0500 3412 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:09:51.0500 3412 IpNat - ok
15:09:51.0593 3412 [ 0CA8C2E721617AA2F923A8151C96FB33 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:09:51.0593 3412 iPod Service - ok
15:09:51.0640 3412 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:09:51.0640 3412 IPSec - ok
15:09:51.0671 3412 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:09:51.0671 3412 IRENUM - ok
15:09:51.0703 3412 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:09:51.0703 3412 isapnp - ok
15:09:51.0890 3412 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:09:51.0890 3412 JavaQuickStarterService - ok
15:09:51.0921 3412 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:09:51.0921 3412 Kbdclass - ok
15:09:51.0953 3412 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:09:51.0953 3412 kmixer - ok
15:09:52.0015 3412 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:09:52.0015 3412 KSecDD - ok
15:09:52.0062 3412 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:09:52.0093 3412 lanmanserver - ok
15:09:52.0140 3412 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:09:52.0140 3412 lanmanworkstation - ok
15:09:52.0171 3412 lbrtfdc - ok
15:09:52.0265 3412 [ 258CACA1DAADE43978E2ECC9BDC94E1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:09:52.0265 3412 LightScribeService - ok
15:09:52.0328 3412 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:09:52.0328 3412 LmHosts - ok
15:09:52.0437 3412 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
15:09:52.0453 3412 MatSvc - ok
15:09:52.0484 3412 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
15:09:52.0484 3412 MBAMProtector - ok
15:09:52.0609 3412 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:09:52.0625 3412 MBAMScheduler - ok
15:09:52.0703 3412 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:09:52.0718 3412 MBAMService - ok
15:09:52.0812 3412 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
15:09:52.0828 3412 McComponentHostService - ok
15:09:52.0937 3412 [ 5BB01B9F582259D1FB7653C5C1DA3653 ] MCSTRM C:\WINDOWS\system32\drivers\MCSTRM.sys
15:09:52.0937 3412 MCSTRM - ok
15:09:53.0031 3412 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:09:53.0046 3412 MDM - ok
15:09:53.0062 3412 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:09:53.0078 3412 mdmxsdk - ok
15:09:53.0109 3412 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:09:53.0125 3412 Messenger - ok
15:09:53.0187 3412 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:09:53.0187 3412 mnmdd - ok
15:09:53.0250 3412 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:09:53.0250 3412 mnmsrvc - ok
15:09:53.0296 3412 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:09:53.0296 3412 Modem - ok
15:09:53.0328 3412 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:09:53.0328 3412 Mouclass - ok
15:09:53.0375 3412 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:09:53.0375 3412 mouhid - ok
15:09:53.0437 3412 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:09:53.0437 3412 MountMgr - ok
15:09:53.0500 3412 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
15:09:53.0500 3412 MPE - ok
15:09:53.0515 3412 mraid35x - ok
15:09:53.0578 3412 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:09:53.0578 3412 MRxDAV - ok
15:09:53.0656 3412 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:09:53.0703 3412 MRxSmb - ok
15:09:53.0765 3412 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
15:09:53.0765 3412 MSDV - ok
15:09:53.0781 3412 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:09:53.0781 3412 Msfs - ok
15:09:53.0796 3412 MSIServer - ok
15:09:53.0828 3412 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:09:53.0828 3412 MSKSSRV - ok
15:09:53.0859 3412 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:09:53.0859 3412 MSPCLOCK - ok
15:09:53.0937 3412 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:09:53.0937 3412 MSPQM - ok
15:09:53.0968 3412 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:09:53.0968 3412 mssmbios - ok
15:09:53.0984 3412 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:09:53.0984 3412 MSTEE - ok
15:09:54.0031 3412 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:09:54.0031 3412 Mup - ok
15:09:54.0078 3412 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:09:54.0078 3412 NABTSFEC - ok
15:09:54.0140 3412 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:09:54.0156 3412 napagent - ok
15:09:54.0218 3412 [ A3BFED4704B045217315123A2AD4B252 ] NCUpdateSvc C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
15:09:54.0218 3412 NCUpdateSvc - ok
15:09:54.0281 3412 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:09:54.0281 3412 NDIS - ok
15:09:54.0296 3412 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:09:54.0296 3412 NdisIP - ok
15:09:54.0359 3412 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:09:54.0359 3412 NdisTapi - ok
15:09:54.0390 3412 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:09:54.0390 3412 Ndisuio - ok
15:09:54.0406 3412 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:09:54.0406 3412 NdisWan - ok
15:09:54.0468 3412 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:09:54.0468 3412 NDProxy - ok
15:09:54.0500 3412 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:09:54.0500 3412 NetBIOS - ok
15:09:54.0531 3412 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:09:54.0546 3412 NetBT - ok
15:09:54.0609 3412 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:09:54.0609 3412 NetDDE - ok
15:09:54.0625 3412 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:09:54.0640 3412 NetDDEdsdm - ok
15:09:54.0703 3412 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:09:54.0703 3412 Netlogon - ok
15:09:54.0734 3412 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:09:54.0734 3412 Netman - ok
15:09:54.0796 3412 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:09:54.0796 3412 NetTcpPortSharing - ok
15:09:54.0828 3412 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:09:54.0828 3412 NIC1394 - ok
15:09:54.0890 3412 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:09:54.0906 3412 Nla - ok
15:09:54.0937 3412 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:09:54.0937 3412 Npfs - ok
15:09:55.0015 3412 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:09:55.0031 3412 Ntfs - ok
15:09:55.0062 3412 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:09:55.0062 3412 NtLmSsp - ok
15:09:55.0140 3412 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:09:55.0156 3412 NtmsSvc - ok
15:09:55.0250 3412 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:09:55.0250 3412 Null - ok
15:09:55.0296 3412 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:09:55.0296 3412 NwlnkFlt - ok
15:09:55.0328 3412 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:09:55.0328 3412 NwlnkFwd - ok
15:09:55.0375 3412 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:09:55.0375 3412 ohci1394 - ok
15:09:55.0437 3412 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:09:55.0437 3412 ose - ok
15:09:55.0484 3412 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:09:55.0500 3412 Parport - ok
15:09:55.0531 3412 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:09:55.0531 3412 PartMgr - ok
15:09:55.0578 3412 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:09:55.0578 3412 ParVdm - ok
15:09:55.0609 3412 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:09:55.0609 3412 PCI - ok
15:09:55.0640 3412 PCIDump - ok
15:09:55.0656 3412 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:09:55.0656 3412 PCIIde - ok
15:09:55.0718 3412 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:09:55.0734 3412 Pcmcia - ok
15:09:55.0750 3412 PDCOMP - ok
15:09:55.0765 3412 PDFRAME - ok
15:09:55.0781 3412 PDRELI - ok
15:09:55.0812 3412 PDRFRAME - ok
15:09:55.0828 3412 perc2 - ok
15:09:55.0843 3412 perc2hib - ok
15:09:55.0906 3412 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:09:55.0921 3412 PlugPlay - ok
15:09:55.0968 3412 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
15:09:55.0968 3412 Pml Driver HPZ12 - ok
15:09:55.0984 3412 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:09:55.0984 3412 PolicyAgent - ok
15:09:56.0015 3412 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:09:56.0015 3412 PptpMiniport - ok
15:09:56.0031 3412 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
15:09:56.0031 3412 Processor - ok
15:09:56.0046 3412 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:09:56.0046 3412 ProtectedStorage - ok
15:09:56.0093 3412 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
15:09:56.0109 3412 ProtexisLicensing - ok
15:09:56.0140 3412 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:09:56.0140 3412 PSched - ok
15:09:56.0187 3412 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:09:56.0187 3412 Ptilink - ok
15:09:56.0234 3412 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:09:56.0234 3412 PxHelp20 - ok
15:09:56.0250 3412 ql1080 - ok
15:09:56.0265 3412 Ql10wnt - ok
15:09:56.0281 3412 ql12160 - ok
15:09:56.0281 3412 ql1240 - ok
15:09:56.0296 3412 ql1280 - ok
15:09:56.0328 3412 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:09:56.0328 3412 RasAcd - ok
15:09:56.0390 3412 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:09:56.0390 3412 RasAuto - ok
15:09:56.0421 3412 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
15:09:56.0421 3412 Rasirda - ok
15:09:56.0453 3412 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:09:56.0453 3412 Rasl2tp - ok
15:09:56.0500 3412 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:09:56.0515 3412 RasMan - ok
15:09:56.0531 3412 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:09:56.0531 3412 RasPppoe - ok
15:09:56.0546 3412 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:09:56.0546 3412 Raspti - ok
15:09:56.0578 3412 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:09:56.0593 3412 Rdbss - ok
15:09:56.0640 3412 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:09:56.0640 3412 RDPCDD - ok
15:09:56.0687 3412 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:09:56.0687 3412 RDPWD - ok
15:09:56.0734 3412 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:09:56.0750 3412 RDSessMgr - ok
15:09:56.0812 3412 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:09:56.0812 3412 redbook - ok
15:09:56.0875 3412 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:09:56.0875 3412 RemoteAccess - ok
15:09:56.0921 3412 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
15:09:56.0921 3412 ROOTMODEM - ok
15:09:56.0968 3412 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:09:56.0968 3412 RpcLocator - ok
15:09:57.0015 3412 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:09:57.0015 3412 RpcSs - ok
15:09:57.0078 3412 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:09:57.0078 3412 RSVP - ok
15:09:57.0140 3412 [ 7889E3981E0A5D347E037ABD467D53A5 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
15:09:57.0140 3412 RTL8023xp - ok
15:09:57.0187 3412 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:09:57.0187 3412 SamSs - ok
15:09:57.0218 3412 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:09:57.0218 3412 SCardSvr - ok
15:09:57.0281 3412 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:09:57.0281 3412 Schedule - ok
15:09:57.0390 3412 [ 7A95E655EF27C9A4321B520471866783 ] sdAuxService C:\Program Files\Spyware Doctor\pctsAuxs.exe
15:09:57.0406 3412 sdAuxService - ok
15:09:57.0437 3412 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:09:57.0453 3412 sdbus - ok
15:09:57.0515 3412 [ 4A5FEB6E495E54EFBE9FE1E7B7E1F657 ] sdCoreService C:\Program Files\Spyware Doctor\pctsSvc.exe
15:09:57.0578 3412 sdCoreService - ok
15:09:57.0656 3412 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
15:09:57.0656 3412 SeaPort - ok
15:09:57.0718 3412 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:09:57.0718 3412 Secdrv - ok
15:09:57.0750 3412 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:09:57.0765 3412 seclogon - ok
15:09:57.0781 3412 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:09:57.0781 3412 SENS - ok
15:09:57.0875 3412 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:09:57.0875 3412 serenum - ok
15:09:57.0921 3412 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:09:57.0921 3412 Serial - ok
15:09:57.0968 3412 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:09:57.0968 3412 Sfloppy - ok
15:09:58.0031 3412 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:09:58.0031 3412 SharedAccess - ok
15:09:58.0062 3412 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:09:58.0062 3412 ShellHWDetection - ok
15:09:58.0062 3412 Simbad - ok
15:09:58.0078 3412 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:09:58.0078 3412 SLIP - ok
15:09:58.0140 3412 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
15:09:58.0140 3412 SMCIRDA - ok
15:09:58.0187 3412 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
15:09:58.0187 3412 SONYPVU1 - ok
15:09:58.0187 3412 Sparrow - ok
15:09:58.0234 3412 [ 39F61829594254A6252C131D2155A2BA ] SPCA508A C:\WINDOWS\system32\DRIVERS\SPCA508A.SYS
15:09:58.0234 3412 SPCA508A - ok
15:09:58.0281 3412 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:09:58.0281 3412 splitter - ok
15:09:58.0328 3412 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:09:58.0343 3412 Spooler - ok
15:09:58.0359 3412 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:09:58.0359 3412 sr - ok
15:09:58.0421 3412 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:09:58.0421 3412 srservice - ok
15:09:58.0468 3412 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:09:58.0484 3412 Srv - ok
15:09:58.0515 3412 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:09:58.0515 3412 SSDPSRV - ok
15:09:58.0562 3412 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:09:58.0562 3412 stisvc - ok
15:09:58.0609 3412 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:09:58.0609 3412 streamip - ok
15:09:58.0640 3412 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:09:58.0656 3412 swenum - ok
15:09:58.0703 3412 [ 5230AAB3A00B0A1B89580D8ED85B5BFA ] swivsp C:\WINDOWS\system32\DRIVERS\swivspnt.sys
15:09:58.0703 3412 swivsp - ok
15:09:58.0734 3412 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:09:58.0734 3412 swmidi - ok
15:09:58.0765 3412 [ 57BBAEF27DC790160245B43EB6DCD576 ] swmsflt C:\WINDOWS\System32\drivers\swmsflt.sys
15:09:58.0765 3412 swmsflt - ok
15:09:58.0781 3412 [ AC41C4005F0F9C327719D945C62D16B2 ] SWNC8U51 C:\WINDOWS\system32\DRIVERS\swnc8u51.sys
15:09:58.0781 3412 SWNC8U51 - ok
15:09:58.0796 3412 SwPrv - ok
15:09:58.0828 3412 SWUMX20 - ok
15:09:58.0875 3412 [ D1930779033657480CC1D3CF92B52400 ] SWUMX51 C:\WINDOWS\system32\DRIVERS\swumx51.sys
15:09:58.0875 3412 SWUMX51 - ok
15:09:58.0937 3412 symc810 - ok
15:09:58.0953 3412 symc8xx - ok
15:09:59.0015 3412 SYMIDSCO - ok
15:09:59.0031 3412 sym_hi - ok
15:09:59.0031 3412 sym_u3 - ok
15:09:59.0109 3412 [ F484C77F748729129D5CC9C965D9F701 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:09:59.0109 3412 SynTP - ok
15:09:59.0171 3412 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:09:59.0171 3412 sysaudio - ok
15:09:59.0218 3412 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:09:59.0234 3412 SysmonLog - ok
15:09:59.0328 3412 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:09:59.0343 3412 TapiSrv - ok
15:09:59.0406 3412 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:09:59.0406 3412 Tcpip - ok
15:09:59.0468 3412 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:09:59.0468 3412 TDPIPE - ok
15:09:59.0484 3412 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:09:59.0484 3412 TDTCP - ok
15:09:59.0515 3412 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:09:59.0515 3412 TermDD - ok
15:09:59.0546 3412 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:09:59.0562 3412 TermService - ok
15:09:59.0593 3412 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:09:59.0593 3412 Themes - ok
15:09:59.0656 3412 [ 9179E07503630D6FB2E4162FF0196191 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
15:09:59.0656 3412 tifm21 - ok
15:09:59.0671 3412 TosIde - ok
15:09:59.0703 3412 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:09:59.0718 3412 TrkWks - ok
15:09:59.0750 3412 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:09:59.0750 3412 Udfs - ok
15:09:59.0765 3412 ultra - ok
15:09:59.0828 3412 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:09:59.0843 3412 Update - ok
15:09:59.0859 3412 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:09:59.0890 3412 upnphost - ok
15:09:59.0921 3412 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:09:59.0921 3412 UPS - ok
15:10:00.0000 3412 [ 01F43DDC94653CD68D2794EC4500DEBC ] USB28xxBGA C:\WINDOWS\system32\DRIVERS\emBDA.sys
15:10:00.0000 3412 USB28xxBGA - ok
15:10:00.0031 3412 [ F887C3EEE7ABACD594B5F73B862C45FC ] USB28xxOEM C:\WINDOWS\system32\DRIVERS\emOEM.sys
15:10:00.0031 3412 USB28xxOEM - ok
15:10:00.0078 3412 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:10:00.0078 3412 usbaudio - ok
15:10:00.0109 3412 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:10:00.0109 3412 usbccgp - ok
15:10:00.0140 3412 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:10:00.0156 3412 usbehci - ok
15:10:00.0171 3412 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:10:00.0171 3412 usbhub - ok
15:10:00.0187 3412 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:10:00.0187 3412 usbohci - ok
15:10:00.0218 3412 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:10:00.0218 3412 usbprint - ok
15:10:00.0281 3412 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:10:00.0281 3412 usbscan - ok
15:10:00.0296 3412 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:10:00.0296 3412 USBSTOR - ok
15:10:00.0328 3412 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:10:00.0328 3412 usbuhci - ok
15:10:00.0359 3412 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:10:00.0359 3412 VgaSave - ok
15:10:00.0375 3412 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
15:10:00.0375 3412 ViaIde - ok
15:10:00.0406 3412 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:10:00.0406 3412 VolSnap - ok
15:10:00.0453 3412 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:10:00.0468 3412 VSS - ok
15:10:00.0531 3412 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
15:10:00.0531 3412 W32Time - ok
15:10:00.0578 3412 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:10:00.0593 3412 Wanarp - ok
15:10:00.0703 3412 [ 4C0B8EF721783F52F8E531FBDC4B1F74 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
15:10:00.0703 3412 wceusbsh - ok
15:10:00.0718 3412 WDICA - ok
15:10:00.0765 3412 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:10:00.0765 3412 wdmaud - ok
15:10:00.0828 3412 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:10:00.0828 3412 WebClient - ok
15:10:00.0875 3412 [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:10:00.0890 3412 winachsf - ok
15:10:00.0984 3412 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:10:00.0984 3412 winmgmt - ok
15:10:01.0171 3412 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:10:01.0234 3412 wlidsvc - ok
15:10:01.0296 3412 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:10:01.0296 3412 WmdmPmSN - ok
15:10:01.0343 3412 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:10:01.0343 3412 WmiAcpi - ok
15:10:01.0437 3412 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:10:01.0437 3412 WmiApSrv - ok
15:10:01.0578 3412 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:10:01.0593 3412 WMPNetworkSvc - ok
15:10:01.0656 3412 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:10:01.0656 3412 WS2IFSL - ok
15:10:01.0703 3412 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:10:01.0718 3412 wscsvc - ok
15:10:01.0765 3412 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:10:01.0765 3412 WSTCODEC - ok
15:10:01.0812 3412 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:10:01.0812 3412 wuauserv - ok
15:10:01.0859 3412 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:10:01.0859 3412 WudfPf - ok
15:10:01.0875 3412 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:10:01.0875 3412 WudfRd - ok
15:10:01.0937 3412 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:10:01.0937 3412 WudfSvc - ok
15:10:02.0015 3412 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:10:02.0031 3412 WZCSVC - ok
15:10:02.0078 3412 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:10:02.0093 3412 xmlprov - ok
15:10:02.0140 3412 ================ Scan global ===============================
15:10:02.0203 3412 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:10:02.0250 3412 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:10:02.0281 3412 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:10:02.0328 3412 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:10:02.0343 3412 [Global] - ok
15:10:02.0343 3412 ================ Scan MBR ==================================
15:10:02.0375 3412 [ 5AE5A393505CFFD37FE98C4A7922908D ] \Device\Harddisk0\DR0
15:10:02.0593 3412 \Device\Harddisk0\DR0 - ok
15:10:02.0593 3412 ================ Scan VBR ==================================
15:10:02.0609 3412 [ F5E21E77DB12B4A4E079B9ECD2B0FB15 ] \Device\Harddisk0\DR0\Partition1
15:10:02.0609 3412 \Device\Harddisk0\DR0\Partition1 - ok
15:10:02.0625 3412 [ 0A07CF54F8014703DF11EED0F566EB3C ] \Device\Harddisk0\DR0\Partition2
15:10:02.0625 3412 \Device\Harddisk0\DR0\Partition2 - ok
15:10:02.0625 3412 ============================================================
15:10:02.0625 3412 Scan finished
15:10:02.0625 3412 ============================================================
15:10:02.0656 1800 Detected object count: 0
15:10:02.0656 1800 Actual detected object count: 0


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-14 15:14:47
-----------------------------
15:14:47.015 OS Version: Windows 5.1.2600 Service Pack 3
15:14:47.015 Number of processors: 1 586 0x2402
15:14:47.015 ComputerName: SEANLAPTOP UserName: Sean Clark
15:14:47.578 Initialize success
15:19:54.390 AVAST engine defs: 12121400
15:41:34.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:41:34.125 Disk 0 Vendor: ST9100823A 3.02 Size: 95396MB BusType: 3
15:41:34.421 Disk 0 MBR read successfully
15:41:34.437 Disk 0 MBR scan
15:41:34.562 Disk 0 unknown MBR code
15:41:34.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 87769 MB offset 63
15:41:34.609 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 7616 MB offset 179767350
15:41:34.718 Disk 0 scanning sectors +195366465
15:41:34.781 Disk 0 scanning C:\WINDOWS\system32\drivers
15:41:49.375 Service scanning
15:42:13.593 Modules scanning
15:42:24.687 Disk 0 trace - called modules:
15:42:24.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:42:25.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4d4ab8]
15:42:25.250 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000078[0x8a523968]
15:42:25.281 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a523d98]
15:42:26.453 AVAST engine scan C:\WINDOWS
15:42:36.687 AVAST engine scan C:\WINDOWS\system32
15:42:56.921 File: C:\WINDOWS\system32\docprop2Y.dll **INFECTED** Win32:Malware-gen
15:45:27.734 AVAST engine scan C:\WINDOWS\system32\drivers
15:45:44.921 AVAST engine scan C:\Documents and Settings\Sean Clark
15:50:27.468 AVAST engine scan C:\Documents and Settings\All Users
15:51:25.578 Scan finished successfully
16:00:14.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sean Clark\Desktop\MBR.dat"
16:00:14.562 The log file has been saved successfully to "C:\Documents and Settings\Sean Clark\Desktop\aswMBR.txt"


Attached File  MBR.zip   585bytes   0 downloads

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 PM

Posted 15 December 2012 - 08:46 AM

Open notepad and copy/paste the text in the quote box below into it:

File::
c:\windows\system32\docprop2Y.dll
c:\windows\Tasks\Rzxab.job

ClearJavaCache::



Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Please let me know if the problem persists.

#9 PZ9ers

PZ9ers
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 15 December 2012 - 04:45 PM

Not sure if this means anything, but when I logged back into Bleepingcomputer.com, it said that I was about to leave a secure connection and is that ok. That didn't seem normal to me (since I wasn't in a secure connection). I also get messages that say that I am entering a secure connection when I am clearly not. Could there be something related to the fact that I like to use Ctrl-Enter to add the www and .com to something that I type into the URL address? Here is the combofix log:

ComboFix 12-12-14.01 - Sean Clark 12/15/2012 13:08:05.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.874 [GMT -8:00]
Running from: c:\documents and settings\Sean Clark\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sean Clark\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\docprop2Y.dll"
"c:\windows\Tasks\Rzxab.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\docprop2Y.dll
c:\windows\Tasks\Rzxab.job
.
.
((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 )))))))))))))))))))))))))))))))
.
.
2012-12-12 04:54 . 2012-12-12 04:56 -------- dc-h--w- c:\windows\ie8
2012-12-12 04:23 . 2012-12-12 04:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-12 04:23 . 2012-12-12 04:23 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-12 04:23 . 2012-12-12 04:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-12 02:12 . 2012-12-12 02:13 15728568 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-01 20:52 . 2012-12-01 20:52 -------- d-----w- c:\windows\ERUNT
2012-12-01 20:52 . 2012-12-01 20:52 -------- d-----w- C:\JRT
2012-11-25 04:29 . 2012-11-25 04:29 -------- d-----w- c:\documents and settings\Sean Clark\Application Data\LavasoftStatistics
2012-11-25 03:57 . 2012-11-25 03:57 -------- d-----w- c:\documents and settings\Sean Clark\Local Settings\Application Data\Downloaded Installations
2012-11-25 03:57 . 2012-11-25 03:57 44424 ----a-w- c:\windows\system32\sbbd.exe
2012-11-25 03:57 . 2012-11-25 03:57 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-11-25 03:56 . 2012-11-25 03:56 -------- d-----w- c:\documents and settings\Sean Clark\Application Data\blekko
2012-11-25 02:22 . 2012-11-25 02:33 -------- d-----w- C:\456out
2012-11-24 23:28 . 2012-11-24 23:28 -------- d-----w- c:\program files\ESET
2012-11-24 09:25 . 2012-11-24 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-11-24 09:24 . 2012-12-01 19:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-11-24 08:44 . 2012-11-24 08:44 -------- d-----w- c:\documents and settings\Sean Clark\Local Settings\Application Data\FixItCenter
2012-11-24 08:39 . 2012-11-24 08:39 -------- d-----w- c:\windows\MATS
2012-11-24 08:39 . 2012-11-24 08:39 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-11-23 09:03 . 2012-11-23 09:57 -------- d-----w- c:\windows\system32\XPSViewer
2012-11-23 09:03 . 2012-11-23 09:03 -------- d-----w- c:\program files\MSBuild
2012-11-23 09:03 . 2012-11-23 09:03 -------- d-----w- c:\program files\Reference Assemblies
2012-11-23 09:02 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-11-23 09:02 . 2012-11-23 09:03 -------- d-----w- C:\f2c70b84f80c875b577da7
2012-11-23 09:02 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-11-23 09:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-11-23 09:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-11-23 09:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-11-23 09:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-11-23 09:02 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-11-23 09:02 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-11-23 09:02 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 04:23 . 2007-04-12 03:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-12 02:13 . 2012-06-10 00:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 02:13 . 2011-10-30 20:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-01 12:17 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec
2012-10-22 08:37 . 2004-08-04 08:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-04 08:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 02:54 . 2008-05-13 03:36 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
"AbacastDistributedOnDemand:11"="c:\documents and settings\Sean Clark\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" [2009-04-15 54712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-14 507904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"WatcherHelper"="c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2008-01-31 120088]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Snapfish PictureMover.lnk - c:\program files\Walgreens PictureMover\Bin\PictureMover.exe [2012-5-21 1031072]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DVR\\DVRClient\\PiClient.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\MOBOTIX\\MOBOTIX MxControlCenter\\MxCC.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sierra Wireless Inc\\3G Watcher\\SwiApiMux.exe"=
"c:\\Program Files\\Destiny\\RadioDestiny Broadcaster\\RadioDestiny Broadcaster.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Sean Clark\\Local Settings\\Application Data\\AbacastDistributedOnDemand\\Node\\11\\AbacastDistributedOnDemand.exe"=
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [11/24/2012 7:57 PM 13560]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/25/2012 8:00 PM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/12/2008 7:36 PM 676936]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 1:06 AM 231424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/12/2008 7:36 PM 22856]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [3/26/2007 1:18 PM 20352]
S0 adwarealert;adwarealert;c:\windows\system32\DRIVERS\adwarealert.sys --> c:\windows\system32\DRIVERS\adwarealert.sys [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/12/2008 7:16 PM 337800]
S3 SPCA508A;iCam320;c:\windows\system32\drivers\SPCA508A.SYS [3/22/2007 10:06 AM 99017]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 13807278
*Deregistered* - 13807278
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 02:13]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
uInternet Settings,ProxyServer = http=
Trusted Zone: myedgelink.com\mail
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75
DPF: {A417A857-7019-49DC-9A73-A0CBC965F483} - hxxp://webcamnow.com/fs5/voice/voice.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-15 13:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????t?n??|?????? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-12-15 13:16:55
ComboFix-quarantined-files.txt 2012-12-15 21:16
ComboFix2.txt 2012-12-09 22:41
.
Pre-Run: 13,266,554,880 bytes free
Post-Run: 13,334,269,952 bytes free
.
- - End Of File - - 3451904B6ACAB9D3751C56C09826A551

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 PM

Posted 16 December 2012 - 10:15 AM

Check this setting.

IE > Tools > Internet Options > Advaced tab

Under the security section it's near the end.

Check if the "Warn if changing between secure and no secure mode".

Remove it if it is set. Click the apply button.

How is it now?

Any remaining issues?

#11 PZ9ers

PZ9ers
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 18 December 2012 - 12:11 AM

I changed the setting, but I am concerned that I was getting the warning on almost every site even though I was not going in and out of http and https sites.

The problem of going to ad sites hasn't recurred for the last day (yeah!). However, this last time it took two days and it came back, so I'm a bit anxious. I will keep my fingers crossed. :-)

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 PM

Posted 18 December 2012 - 10:12 AM

Wait 2 or 3 days and if all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users