Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop Slow, Malware, Apps take to long to open. [Solved]


  • This topic is locked This topic is locked

#16
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

Advertisements


#17
Cheecha

Cheecha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Gringo

DMA has been set. There is only primary and no secondary.
Rebooting was definitely faster and loading the browsers and apps are also faster.

Thanks for that.

Cheecha.
  • 0

#18
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings Cheecha

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#19
Cheecha

Cheecha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
tdsskiller:

21:27:00.0390 5000 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:27:02.0390 5000 ============================================================
21:27:02.0390 5000 Current date / time: 2012/11/01 21:27:02.0390
21:27:02.0390 5000 SystemInfo:
21:27:02.0390 5000
21:27:02.0390 5000 OS Version: 5.1.2600 ServicePack: 3.0
21:27:02.0390 5000 Product type: Workstation
21:27:02.0390 5000 ComputerName: JACKTRADING
21:27:02.0390 5000 UserName: yakub
21:27:02.0390 5000 Windows directory: C:\WINDOWS
21:27:02.0390 5000 System windows directory: C:\WINDOWS
21:27:02.0390 5000 Processor architecture: Intel x86
21:27:02.0390 5000 Number of processors: 1
21:27:02.0390 5000 Page size: 0x1000
21:27:02.0390 5000 Boot type: Normal boot
21:27:02.0390 5000 ============================================================
21:27:06.0140 5000 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:27:06.0156 5000 ============================================================
21:27:06.0156 5000 \Device\Harddisk0\DR0:
21:27:06.0156 5000 MBR partitions:
21:27:06.0156 5000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x69A6EF0
21:27:06.0156 5000 ============================================================
21:27:06.0265 5000 C: <-> \Device\Harddisk0\DR0\Partition1
21:27:06.0265 5000 ============================================================
21:27:06.0265 5000 Initialize success
21:27:06.0265 5000 ============================================================
21:27:27.0843 3384 ============================================================
21:27:27.0843 3384 Scan started
21:27:27.0843 3384 Mode: Manual;
21:27:27.0843 3384 ============================================================
21:27:28.0734 3384 ================ Scan system memory ========================
21:27:33.0593 3384 System memory - ok
21:27:33.0609 3384 ================ Scan services =============================
21:27:33.0765 3384 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
21:27:33.0781 3384 6to4 - ok
21:27:33.0812 3384 Abiosdsk - ok
21:27:33.0812 3384 abp480n5 - ok
21:27:34.0000 3384 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:27:34.0062 3384 ACDaemon - ok
21:27:34.0125 3384 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:27:34.0125 3384 ACPI - ok
21:27:34.0187 3384 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:27:34.0218 3384 ACPIEC - ok
21:27:34.0343 3384 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:27:34.0343 3384 AdobeFlashPlayerUpdateSvc - ok
21:27:34.0359 3384 adpu160m - ok
21:27:34.0390 3384 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:27:34.0453 3384 aec - ok
21:27:34.0531 3384 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:27:34.0671 3384 AegisP - ok
21:27:34.0812 3384 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
21:27:34.0875 3384 Afc - ok
21:27:34.0953 3384 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:27:34.0953 3384 AFD - ok
21:27:35.0015 3384 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
21:27:35.0031 3384 AFS2K - ok
21:27:35.0031 3384 Aha154x - ok
21:27:35.0062 3384 aic78u2 - ok
21:27:35.0078 3384 aic78xx - ok
21:27:35.0156 3384 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:27:35.0218 3384 Alerter - ok
21:27:35.0250 3384 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:27:35.0312 3384 ALG - ok
21:27:35.0328 3384 AliIde - ok
21:27:35.0359 3384 amsint - ok
21:27:35.0406 3384 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
21:27:35.0656 3384 APPDRV - ok
21:27:35.0765 3384 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:27:35.0906 3384 Apple Mobile Device - ok
21:27:35.0937 3384 AppMgmt - ok
21:27:35.0953 3384 asc - ok
21:27:35.0968 3384 asc3350p - ok
21:27:36.0000 3384 asc3550 - ok
21:27:36.0062 3384 [ 54AB078660E536DA72B21A27F56B035B ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
21:27:36.0078 3384 Aspi32 - ok
21:27:36.0187 3384 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:27:36.0328 3384 aspnet_state - ok
21:27:36.0375 3384 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:27:36.0375 3384 AsyncMac - ok
21:27:36.0390 3384 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:27:36.0390 3384 atapi - ok
21:27:36.0406 3384 Atdisk - ok
21:27:36.0453 3384 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:27:36.0468 3384 Atmarpc - ok
21:27:36.0500 3384 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:27:36.0515 3384 AudioSrv - ok
21:27:36.0562 3384 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:27:36.0578 3384 audstub - ok
21:27:36.0718 3384 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
21:27:36.0718 3384 BBSvc - ok
21:27:36.0796 3384 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
21:27:36.0812 3384 BBUpdate - ok
21:27:36.0875 3384 [ C768C8A463D32C219CE291645A0621A4 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
21:27:36.0875 3384 bcm4sbxp - ok
21:27:36.0937 3384 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:27:36.0984 3384 Beep - ok
21:27:37.0062 3384 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:27:37.0125 3384 BITS - ok
21:27:37.0250 3384 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:27:37.0390 3384 Bonjour Service - ok
21:27:37.0500 3384 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:27:37.0500 3384 Browser - ok
21:27:37.0640 3384 catchme - ok
21:27:37.0703 3384 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:27:37.0734 3384 cbidf2k - ok
21:27:37.0812 3384 [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
21:27:37.0890 3384 CCALib8 - ok
21:27:37.0937 3384 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:27:37.0968 3384 CCDECODE - ok
21:27:38.0109 3384 [ 0A6786C95A6F8715AA4285E3C27F201F ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
21:27:38.0109 3384 ccEvtMgr - ok
21:27:38.0171 3384 [ F4CBCA2089A8419BF3397A1BC248C54D ] ccProxy C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
21:27:38.0281 3384 ccProxy - ok
21:27:38.0328 3384 [ 3B4898CF051BB04FB76E94361E336A83 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
21:27:38.0343 3384 ccSetMgr - ok
21:27:38.0359 3384 cd20xrnt - ok
21:27:38.0421 3384 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:27:38.0453 3384 Cdaudio - ok
21:27:38.0484 3384 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:27:38.0484 3384 Cdfs - ok
21:27:38.0546 3384 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:27:38.0953 3384 Cdrom - ok
21:27:38.0984 3384 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
21:27:39.0031 3384 cercsr6 - ok
21:27:39.0062 3384 Changer - ok
21:27:39.0109 3384 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:27:39.0125 3384 CiSvc - ok
21:27:39.0156 3384 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:27:39.0203 3384 ClipSrv - ok
21:27:39.0250 3384 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:27:39.0515 3384 clr_optimization_v2.0.50727_32 - ok
21:27:39.0578 3384 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:27:39.0593 3384 CmBatt - ok
21:27:39.0625 3384 CmdIde - ok
21:27:39.0703 3384 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:27:39.0703 3384 Compbatt - ok
21:27:39.0718 3384 COMSysApp - ok
21:27:39.0765 3384 Cpqarray - ok
21:27:39.0812 3384 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:27:39.0843 3384 CryptSvc - ok
21:27:39.0859 3384 dac2w2k - ok
21:27:39.0890 3384 dac960nt - ok
21:27:39.0953 3384 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:27:39.0984 3384 DcomLaunch - ok
21:27:40.0125 3384 [ 1F709C66D8AADFF35530C56EE261C462 ] DefWatch C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
21:27:40.0234 3384 DefWatch - ok
21:27:40.0281 3384 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:27:40.0281 3384 Dhcp - ok
21:27:40.0312 3384 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:27:40.0312 3384 Disk - ok
21:27:40.0390 3384 [ D8D58A84F3ECE3359DF95FD2E459B330 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:27:40.0515 3384 DLABOIOM - ok
21:27:40.0562 3384 [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:27:40.0562 3384 DLACDBHM - ok
21:27:40.0578 3384 [ 27C78078BD9C4F2DE2AD3EB04BFE101B ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
21:27:40.0640 3384 DLADResN - ok
21:27:40.0703 3384 [ 7F2D93E560B763EF5D11422D78DA8ED0 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:27:40.0781 3384 DLAIFS_M - ok
21:27:40.0828 3384 [ F643637DE6AAC57E38D197AA63D9EA74 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:27:40.0890 3384 DLAOPIOM - ok
21:27:40.0937 3384 [ 340705474807F57A46D59D18FC2959F1 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:27:41.0000 3384 DLAPoolM - ok
21:27:41.0031 3384 [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:27:41.0031 3384 DLARTL_N - ok
21:27:41.0093 3384 [ 6984EA763907C045CE813468882BC587 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:27:41.0171 3384 DLAUDFAM - ok
21:27:41.0218 3384 [ 12B30C449CFD36ADBED53EB6560933C6 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:27:41.0281 3384 DLAUDF_M - ok
21:27:41.0296 3384 dmadmin - ok
21:27:41.0406 3384 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:27:41.0453 3384 dmboot - ok
21:27:41.0500 3384 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:27:41.0546 3384 dmio - ok
21:27:41.0609 3384 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:27:41.0625 3384 dmload - ok
21:27:41.0671 3384 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:27:41.0796 3384 dmserver - ok
21:27:41.0828 3384 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:27:41.0843 3384 DMusic - ok
21:27:41.0906 3384 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:27:41.0906 3384 Dnscache - ok
21:27:42.0015 3384 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:27:42.0062 3384 Dot3svc - ok
21:27:42.0078 3384 dpti2o - ok
21:27:42.0140 3384 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:27:42.0171 3384 drmkaud - ok
21:27:42.0203 3384 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:27:42.0203 3384 DRVMCDB - ok
21:27:42.0218 3384 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:27:42.0218 3384 DRVNDDM - ok
21:27:42.0281 3384 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:27:42.0312 3384 EapHost - ok
21:27:42.0390 3384 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:27:42.0562 3384 eeCtrl - ok
21:27:42.0625 3384 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:27:42.0687 3384 EraserUtilRebootDrv - ok
21:27:42.0734 3384 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:27:42.0765 3384 ERSvc - ok
21:27:42.0828 3384 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:27:42.0843 3384 Eventlog - ok
21:27:42.0906 3384 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:27:42.0921 3384 EventSystem - ok
21:27:43.0000 3384 [ AA1D9C4A2F997FEA8A4FB0929212EDA2 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
21:27:43.0062 3384 EvtEng - ok
21:27:43.0125 3384 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:27:43.0265 3384 Fastfat - ok
21:27:43.0343 3384 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:27:43.0359 3384 FastUserSwitchingCompatibility - ok
21:27:43.0390 3384 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:27:43.0421 3384 Fdc - ok
21:27:43.0515 3384 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:27:43.0593 3384 Fips - ok
21:27:43.0625 3384 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:27:43.0640 3384 Flpydisk - ok
21:27:43.0734 3384 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:27:43.0734 3384 FltMgr - ok
21:27:43.0812 3384 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:27:43.0875 3384 FontCache3.0.0.0 - ok
21:27:43.0937 3384 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
21:27:43.0937 3384 fssfltr - ok
21:27:44.0140 3384 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:27:44.0375 3384 fsssvc - ok
21:27:44.0406 3384 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:27:44.0421 3384 Fs_Rec - ok
21:27:44.0453 3384 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:27:44.0468 3384 Ftdisk - ok
21:27:44.0515 3384 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:27:44.0625 3384 GEARAspiWDM - ok
21:27:44.0687 3384 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:27:44.0843 3384 Gpc - ok
21:27:44.0984 3384 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca933581bf0fd4 C:\Program Files\Google\Update\GoogleUpdate.exe
21:27:44.0984 3384 gupdate1ca933581bf0fd4 - ok
21:27:45.0015 3384 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:27:45.0015 3384 gupdatem - ok
21:27:45.0062 3384 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:27:45.0062 3384 HDAudBus - ok
21:27:45.0218 3384 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:27:45.0250 3384 helpsvc - ok
21:27:45.0265 3384 HidServ - ok
21:27:45.0328 3384 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:27:45.0343 3384 HidUsb - ok
21:27:45.0421 3384 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:27:45.0453 3384 hkmsvc - ok
21:27:45.0468 3384 hpn - ok
21:27:45.0531 3384 [ 287A63BD8509BD78E7978823B38AFA81 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:27:45.0562 3384 HPZid412 - ok
21:27:45.0609 3384 [ 0B4FDA2657C3E0315EAA57F9C6D4FD1F ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:27:45.0703 3384 HPZipr12 - ok
21:27:45.0750 3384 [ 29559DB25258B60510A60C4E470FCE32 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:27:45.0828 3384 HPZius12 - ok
21:27:45.0921 3384 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:27:45.0984 3384 HSFHWAZL - ok
21:27:46.0093 3384 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:27:46.0203 3384 HSF_DPV - ok
21:27:46.0281 3384 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:27:46.0296 3384 HTTP - ok
21:27:46.0375 3384 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:27:46.0546 3384 HTTPFilter - ok
21:27:46.0562 3384 i2omgmt - ok
21:27:46.0578 3384 i2omp - ok
21:27:46.0625 3384 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:27:46.0765 3384 i8042prt - ok
21:27:46.0890 3384 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:27:47.0062 3384 ialm - ok
21:27:47.0140 3384 [ 05C0A75BA2F910F69A643EE4F9767ACF ] ICDSPTSV C:\WINDOWS\system32\IcdSptSv.exe
21:27:47.0187 3384 ICDSPTSV - ok
21:27:47.0234 3384 [ 60B044A221CF76CC6077B0C3E9136CFF ] ICDUSB2 C:\WINDOWS\system32\Drivers\ICDUSB2.sys
21:27:47.0312 3384 ICDUSB2 - ok
21:27:47.0515 3384 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:27:47.0578 3384 IDriverT - ok
21:27:47.0750 3384 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:27:48.0031 3384 idsvc - ok
21:27:48.0078 3384 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:27:48.0187 3384 Imapi - ok
21:27:48.0265 3384 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:27:48.0343 3384 ImapiService - ok
21:27:48.0375 3384 ini910u - ok
21:27:48.0453 3384 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:27:48.0453 3384 IntelIde - ok
21:27:48.0484 3384 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:27:48.0500 3384 intelppm - ok
21:27:48.0515 3384 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:27:48.0515 3384 Ip6Fw - ok
21:27:49.0000 3384 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:27:49.0015 3384 IpFilterDriver - ok
21:27:49.0031 3384 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:27:49.0031 3384 IpInIp - ok
21:27:49.0046 3384 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:27:49.0062 3384 IpNat - ok
21:27:49.0140 3384 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:27:49.0328 3384 iPod Service - ok
21:27:49.0359 3384 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:27:49.0468 3384 IPSec - ok
21:27:49.0515 3384 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:27:49.0531 3384 IRENUM - ok
21:27:49.0609 3384 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:27:49.0609 3384 isapnp - ok
21:27:49.0734 3384 [ A59BA4C8C0698DDC9D805109B0F6C76C ] ISSVC C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
21:27:49.0812 3384 ISSVC - ok
21:27:49.0890 3384 [ 872D090CA5C306F62D1982BCE6302376 ] IWCA C:\WINDOWS\system32\DRIVERS\iwca.sys
21:27:49.0953 3384 IWCA - ok
21:27:50.0000 3384 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:27:50.0015 3384 Kbdclass - ok
21:27:50.0062 3384 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:27:50.0062 3384 kmixer - ok
21:27:50.0109 3384 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:27:50.0125 3384 KSecDD - ok
21:27:50.0171 3384 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:27:50.0171 3384 lanmanserver - ok
21:27:50.0234 3384 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:27:50.0265 3384 lanmanworkstation - ok
21:27:50.0281 3384 lbrtfdc - ok
21:27:50.0500 3384 [ FC38B32BFC5F750FF3A5C527F946582B ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
21:27:50.0640 3384 LiveUpdate - ok
21:27:50.0734 3384 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:27:50.0765 3384 LmHosts - ok
21:27:50.0812 3384 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:27:50.0875 3384 mdmxsdk - ok
21:27:50.0906 3384 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:27:50.0921 3384 Messenger - ok
21:27:51.0046 3384 Microsoft SharePoint Workspace Audit Service - ok
21:27:51.0093 3384 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:27:51.0109 3384 mnmdd - ok
21:27:51.0156 3384 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:27:51.0187 3384 mnmsrvc - ok
21:27:51.0218 3384 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:27:51.0218 3384 Modem - ok
21:27:51.0250 3384 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:27:51.0265 3384 Mouclass - ok
21:27:51.0343 3384 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:27:51.0359 3384 mouhid - ok
21:27:51.0437 3384 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:27:51.0437 3384 MountMgr - ok
21:27:51.0500 3384 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:27:51.0500 3384 MozillaMaintenance - ok
21:27:51.0562 3384 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
21:27:51.0593 3384 MPE - ok
21:27:51.0609 3384 mraid35x - ok
21:27:51.0640 3384 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:27:51.0640 3384 MRxDAV - ok
21:27:51.0718 3384 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:27:51.0750 3384 MRxSmb - ok
21:27:51.0890 3384 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
21:27:51.0953 3384 MSCSPTISRV - ok
21:27:52.0000 3384 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:27:52.0062 3384 MSDTC - ok
21:27:52.0125 3384 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:27:52.0125 3384 Msfs - ok
21:27:52.0140 3384 MSIServer - ok
21:27:52.0218 3384 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:27:52.0234 3384 MSKSSRV - ok
21:27:52.0281 3384 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:27:52.0296 3384 MSPCLOCK - ok
21:27:52.0359 3384 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:27:52.0421 3384 MSPQM - ok
21:27:52.0484 3384 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:27:52.0484 3384 mssmbios - ok
21:27:52.0531 3384 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:27:52.0546 3384 MSTEE - ok
21:27:52.0640 3384 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:27:52.0640 3384 Mup - ok
21:27:52.0687 3384 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:27:52.0718 3384 NABTSFEC - ok
21:27:52.0781 3384 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:27:52.0843 3384 napagent - ok
21:27:52.0968 3384 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121026.002\naveng.sys
21:27:52.0968 3384 NAVENG - ok
21:27:53.0109 3384 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121026.002\navex15.sys
21:27:53.0187 3384 NAVEX15 - ok
21:27:53.0281 3384 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:27:53.0281 3384 NDIS - ok
21:27:53.0328 3384 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:27:53.0359 3384 NdisIP - ok
21:27:53.0421 3384 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:27:53.0421 3384 NdisTapi - ok
21:27:53.0468 3384 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:27:53.0609 3384 Ndisuio - ok
21:27:53.0671 3384 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:27:53.0937 3384 NdisWan - ok
21:27:54.0015 3384 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:27:54.0031 3384 NDProxy - ok
21:27:54.0062 3384 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:27:54.0062 3384 NetBIOS - ok
21:27:54.0093 3384 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:27:54.0250 3384 NetBT - ok
21:27:54.0328 3384 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:27:54.0500 3384 NetDDE - ok
21:27:54.0515 3384 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:27:54.0531 3384 NetDDEdsdm - ok
21:27:54.0578 3384 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:27:54.0593 3384 Netlogon - ok
21:27:54.0656 3384 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:27:54.0671 3384 Netman - ok
21:27:54.0734 3384 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:27:54.0953 3384 NetTcpPortSharing - ok
21:27:55.0078 3384 [ 11D8A00C7EFF1AAEC8E8464769C84A3D ] NICCONFIGSVC C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
21:27:55.0171 3384 NICCONFIGSVC - ok
21:27:55.0234 3384 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:27:55.0250 3384 Nla - ok
21:27:55.0328 3384 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:27:55.0328 3384 Npfs - ok
21:27:55.0375 3384 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:27:55.0406 3384 Ntfs - ok
21:27:55.0437 3384 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:27:55.0437 3384 NtLmSsp - ok
21:27:55.0515 3384 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:27:55.0593 3384 NtmsSvc - ok
21:27:55.0625 3384 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:27:55.0640 3384 Null - ok
21:27:55.0687 3384 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:27:55.0718 3384 NwlnkFlt - ok
21:27:55.0734 3384 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:27:56.0187 3384 NwlnkFwd - ok
21:27:56.0250 3384 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
21:27:56.0312 3384 OMCI - ok
21:27:56.0421 3384 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:27:56.0609 3384 ose - ok
21:27:56.0968 3384 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:27:57.0203 3384 osppsvc - ok
21:27:57.0265 3384 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
21:27:57.0468 3384 PACSPTISVR - ok
21:27:57.0546 3384 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
21:27:57.0609 3384 Parport - ok
21:27:57.0640 3384 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:27:57.0656 3384 PartMgr - ok
21:27:57.0703 3384 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:27:57.0718 3384 ParVdm - ok
21:27:57.0796 3384 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:27:57.0796 3384 PCI - ok
21:27:57.0828 3384 PCIDump - ok
21:27:57.0890 3384 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
21:27:57.0890 3384 PCIIde - ok
21:27:57.0953 3384 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:27:57.0984 3384 Pcmcia - ok
21:27:58.0000 3384 PDCOMP - ok
21:27:58.0015 3384 PDFRAME - ok
21:27:58.0046 3384 PDRELI - ok
21:27:58.0062 3384 PDRFRAME - ok
21:27:58.0078 3384 perc2 - ok
21:27:58.0109 3384 perc2hib - ok
21:27:58.0234 3384 [ 444F122E68DB44C0589227781F3C8B3F ] pfc C:\WINDOWS\system32\drivers\pfc.sys
21:27:58.0375 3384 pfc - ok
21:27:58.0421 3384 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:27:58.0421 3384 PlugPlay - ok
21:27:58.0453 3384 [ 5C1CADD1CB67C0B9D8A84EC6E4D6B5CC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
21:27:58.0453 3384 Pml Driver HPZ12 - ok
21:27:58.0468 3384 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:27:58.0484 3384 PolicyAgent - ok
21:27:58.0546 3384 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:27:58.0656 3384 PptpMiniport - ok
21:27:58.0671 3384 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:27:58.0671 3384 ProtectedStorage - ok
21:27:58.0703 3384 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:27:58.0718 3384 PSched - ok
21:27:58.0750 3384 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:27:58.0765 3384 Ptilink - ok
21:27:58.0828 3384 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:27:58.0828 3384 PxHelp20 - ok
21:27:58.0859 3384 ql1080 - ok
21:27:58.0875 3384 Ql10wnt - ok
21:27:58.0906 3384 ql12160 - ok
21:27:58.0921 3384 ql1240 - ok
21:27:58.0937 3384 ql1280 - ok
21:27:59.0000 3384 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:27:59.0015 3384 RasAcd - ok
21:27:59.0062 3384 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:27:59.0109 3384 RasAuto - ok
21:27:59.0156 3384 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:27:59.0171 3384 Rasl2tp - ok
21:27:59.0234 3384 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:27:59.0312 3384 RasMan - ok
21:27:59.0375 3384 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:27:59.0437 3384 RasPppoe - ok
21:27:59.0468 3384 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:27:59.0484 3384 Raspti - ok
21:27:59.0531 3384 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:27:59.0531 3384 Rdbss - ok
21:27:59.0578 3384 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:27:59.0593 3384 RDPCDD - ok
21:27:59.0687 3384 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:27:59.0703 3384 RDPWD - ok
21:27:59.0781 3384 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:28:00.0000 3384 RDSessMgr - ok
21:28:00.0046 3384 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:28:00.0125 3384 redbook - ok
21:28:00.0156 3384 [ E6CD560A4A16FEEE5503CB59A3E30A84 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
21:28:00.0218 3384 RegSrvc - ok
21:28:00.0265 3384 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:28:00.0296 3384 RemoteAccess - ok
21:28:00.0343 3384 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:28:00.0390 3384 RpcLocator - ok
21:28:00.0437 3384 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:28:00.0453 3384 RpcSs - ok
21:28:00.0515 3384 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:28:00.0656 3384 RSVP - ok
21:28:00.0687 3384 RTLWUSB - ok
21:28:00.0765 3384 [ A57B20BB52B7C504B7A9FB4C82B639BA ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
21:28:00.0906 3384 S24EventMonitor - ok
21:28:00.0937 3384 [ 9C40CB317400F2CF643B8706147DD06D ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:28:00.0984 3384 s24trans - ok
21:28:01.0015 3384 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:28:01.0015 3384 SamSs - ok
21:28:01.0062 3384 [ 3525FDCFC567E807A337C61AFF366BE8 ] SavRoam C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
21:28:01.0156 3384 SavRoam - ok
21:28:01.0203 3384 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys
21:28:01.0312 3384 SAVRT - ok
21:28:01.0359 3384 [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys
21:28:01.0421 3384 SAVRTPEL - ok
21:28:01.0468 3384 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:28:01.0562 3384 SCardSvr - ok
21:28:01.0625 3384 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:28:01.0671 3384 Schedule - ok
21:28:01.0718 3384 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:28:01.0734 3384 Secdrv - ok
21:28:01.0765 3384 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:28:01.0781 3384 seclogon - ok
21:28:01.0828 3384 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:28:01.0843 3384 SENS - ok
21:28:01.0921 3384 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:28:01.0953 3384 Serial - ok
21:28:02.0000 3384 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:28:02.0062 3384 Sfloppy - ok
21:28:02.0109 3384 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:28:02.0187 3384 SharedAccess - ok
21:28:02.0250 3384 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:28:02.0250 3384 ShellHWDetection - ok
21:28:02.0281 3384 Simbad - ok
21:28:02.0375 3384 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:28:03.0015 3384 SkypeUpdate - ok
21:28:03.0046 3384 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:28:03.0062 3384 SLIP - ok
21:28:03.0109 3384 [ 0D411EEA92751C1ECD8453892F41E726 ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
21:28:03.0109 3384 SNDSrvc - ok
21:28:03.0593 3384 [ 11BB0E11D42CC3A43D741D9B30839BE1 ] SNPSTD3 C:\WINDOWS\system32\DRIVERS\snpstd3.sys
21:28:04.0156 3384 SNPSTD3 - ok
21:28:04.0218 3384 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:28:04.0234 3384 SONYPVU1 - ok
21:28:04.0250 3384 Sparrow - ok
21:28:04.0328 3384 [ 677B10906838D3BFB1C07AC9087E4BF7 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
21:28:04.0406 3384 SPBBCDrv - ok
21:28:04.0468 3384 [ C830007369E18A54AED23B5BB3AFA2BA ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
21:28:04.0656 3384 SPBBCSvc - ok
21:28:04.0671 3384 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:28:04.0687 3384 splitter - ok
21:28:04.0750 3384 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:28:04.0765 3384 Spooler - ok
21:28:04.0828 3384 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
21:28:04.0875 3384 SPTISRV - ok
21:28:04.0921 3384 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:28:04.0921 3384 sr - ok
21:28:05.0015 3384 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:28:05.0109 3384 srservice - ok
21:28:05.0187 3384 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:28:05.0218 3384 Srv - ok
21:28:05.0265 3384 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:28:05.0296 3384 SSDPSRV - ok
21:28:05.0421 3384 [ 3AD78E22210D3FBD9F76DE84A8DF19B5 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
21:28:05.0578 3384 STHDA - ok
21:28:05.0656 3384 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:28:05.0765 3384 stisvc - ok
21:28:05.0828 3384 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:28:05.0843 3384 streamip - ok
21:28:05.0890 3384 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:28:05.0906 3384 swenum - ok
21:28:05.0953 3384 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:28:05.0968 3384 swmidi - ok
21:28:05.0984 3384 SwPrv - ok
21:28:06.0203 3384 [ 8FDAADF204A4F29214DA1B03342E2735 ] Symantec AntiVirus C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
21:28:06.0296 3384 Symantec AntiVirus - ok
21:28:06.0312 3384 symc810 - ok
21:28:06.0328 3384 symc8xx - ok
21:28:06.0421 3384 [ 99F158D37B42FCA00B3F5AB5B3EFEBB7 ] SYMDNS C:\WINDOWS\System32\Drivers\SYMDNS.SYS
21:28:06.0515 3384 SYMDNS - ok
21:28:06.0562 3384 [ DE6D1102D55926354171AE4E73936725 ] SymEvent C:\Program Files\Symantec\SYMEVENT.SYS
21:28:06.0609 3384 SymEvent - ok
21:28:06.0656 3384 [ 29AE12DB354A89382A43A8FCB6AB0AB5 ] SYMFW C:\WINDOWS\System32\Drivers\SYMFW.SYS
21:28:06.0734 3384 SYMFW - ok
21:28:06.0765 3384 [ 728D1DFF8573B5DD18DA536FA733EB11 ] SYMIDS C:\WINDOWS\System32\Drivers\SYMIDS.SYS
21:28:06.0828 3384 SYMIDS - ok
21:28:06.0968 3384 [ 2133D1F879B280121B0E6A7D34B24A02 ] SYMIDSCO C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20121025.001\symidsco.sys
21:28:07.0046 3384 SYMIDSCO - ok
21:28:07.0093 3384 [ B1F616C31575DA1535C2A7823C112182 ] SYMNDIS C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
21:28:07.0171 3384 SYMNDIS - ok
21:28:07.0203 3384 [ 6C0A85982F4E0D672B85A2BFB50A24B5 ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
21:28:07.0250 3384 SYMREDRV - ok
21:28:07.0328 3384 [ 768F00CA60302DA7CA682B58C52A3A05 ] SymSecurePort C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
21:28:07.0406 3384 SymSecurePort - ok
21:28:07.0484 3384 [ CDDA3BA3F7D5B63FF9F85CB478C11473 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
21:28:07.0593 3384 SYMTDI - ok
21:28:07.0609 3384 sym_hi - ok
21:28:07.0625 3384 sym_u3 - ok
21:28:07.0687 3384 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:28:07.0734 3384 SynTP - ok
21:28:07.0796 3384 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:28:07.0828 3384 sysaudio - ok
21:28:07.0906 3384 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:28:07.0937 3384 SysmonLog - ok
21:28:08.0000 3384 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:28:08.0031 3384 TapiSrv - ok
21:28:08.0109 3384 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:28:08.0125 3384 Tcpip - ok
21:28:08.0203 3384 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
21:28:08.0203 3384 Tcpip6 - ok
21:28:08.0250 3384 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:28:08.0281 3384 TDPIPE - ok
21:28:08.0328 3384 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:28:08.0359 3384 TDTCP - ok
21:28:08.0406 3384 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:28:08.0468 3384 TermDD - ok
21:28:08.0515 3384 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:28:08.0656 3384 TermService - ok
21:28:08.0718 3384 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:28:08.0734 3384 Themes - ok
21:28:08.0812 3384 [ 4DC436421C9D745D7E8C37F956701C78 ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
21:28:08.0890 3384 tmcomm - ok
21:28:08.0906 3384 TosIde - ok
21:28:08.0953 3384 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:28:09.0015 3384 TrkWks - ok
21:28:09.0062 3384 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
21:28:09.0093 3384 tunmp - ok
21:28:09.0171 3384 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:28:09.0203 3384 Udfs - ok
21:28:09.0218 3384 UIUSys - ok
21:28:09.0234 3384 ultra - ok
21:28:09.0296 3384 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:28:09.0328 3384 Update - ok
21:28:09.0375 3384 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:28:09.0421 3384 upnphost - ok
21:28:09.0468 3384 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:28:09.0484 3384 UPS - ok
21:28:09.0593 3384 [ 75860C1E8F36D13A96A8CB426E4C18AE ] USB28xxBGA C:\WINDOWS\system32\DRIVERS\emBDA.sys
21:28:09.0656 3384 USB28xxBGA - ok
21:28:09.0796 3384 [ A8FFE391C198F86392EAF7AB8B9BAAB2 ] USB28xxOEM C:\WINDOWS\system32\DRIVERS\emOEM.sys
21:28:09.0859 3384 USB28xxOEM - ok
21:28:09.0906 3384 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:28:09.0921 3384 USBAAPL - ok
21:28:09.0953 3384 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:28:09.0953 3384 usbaudio - ok
21:28:09.0984 3384 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:28:10.0000 3384 usbccgp - ok
21:28:10.0062 3384 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:28:10.0109 3384 usbehci - ok
21:28:10.0156 3384 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:28:10.0281 3384 usbhub - ok
21:28:10.0343 3384 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:28:10.0375 3384 usbprint - ok
21:28:10.0406 3384 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:28:10.0421 3384 usbscan - ok
21:28:10.0453 3384 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:28:10.0468 3384 USBSTOR - ok
21:28:10.0500 3384 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:28:10.0515 3384 usbuhci - ok
21:28:10.0562 3384 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
21:28:10.0640 3384 usbvideo - ok
21:28:10.0671 3384 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:28:10.0703 3384 VgaSave - ok
21:28:10.0718 3384 ViaIde - ok
21:28:10.0750 3384 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:28:10.0765 3384 VolSnap - ok
21:28:10.0828 3384 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:28:10.0890 3384 VSS - ok
21:28:11.0093 3384 [ ADB2F5AF36155C9F1FBFD66A3ACACBE6 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
21:28:11.0250 3384 w29n51 - ok
21:28:11.0312 3384 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:28:11.0359 3384 W32Time - ok
21:28:11.0390 3384 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:28:11.0453 3384 Wanarp - ok
21:28:11.0468 3384 WDICA - ok
21:28:11.0531 3384 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:28:11.0562 3384 wdmaud - ok
21:28:11.0609 3384 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:28:11.0671 3384 WebClient - ok
21:28:11.0765 3384 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:28:11.0859 3384 winachsf - ok
21:28:11.0984 3384 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:28:12.0125 3384 winmgmt - ok
21:28:12.0218 3384 [ B4F72FDFADBD7B8353442B9B8A60CC8C ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
21:28:12.0328 3384 WLANKEEPER - ok
21:28:12.0375 3384 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:28:12.0406 3384 WmdmPmSN - ok
21:28:12.0484 3384 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:28:12.0531 3384 WmiApSrv - ok
21:28:12.0703 3384 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:28:13.0171 3384 WMPNetworkSvc - ok
21:28:13.0218 3384 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:28:13.0218 3384 WpdUsb - ok
21:28:13.0250 3384 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:28:13.0265 3384 WS2IFSL - ok
21:28:13.0296 3384 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:28:13.0328 3384 wscsvc - ok
21:28:13.0343 3384 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:28:13.0359 3384 WSTCODEC - ok
21:28:13.0375 3384 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:28:13.0390 3384 wuauserv - ok
21:28:13.0437 3384 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:28:13.0453 3384 WudfPf - ok
21:28:13.0484 3384 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:28:13.0500 3384 WudfRd - ok
21:28:13.0531 3384 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:28:13.0546 3384 WudfSvc - ok
21:28:13.0625 3384 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:28:13.0671 3384 WZCSVC - ok
21:28:13.0718 3384 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:28:13.0750 3384 xmlprov - ok
21:28:13.0875 3384 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:28:13.0906 3384 YahooAUService - ok
21:28:13.0937 3384 ================ Scan global ===============================
21:28:14.0000 3384 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:28:14.0093 3384 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:28:14.0125 3384 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:28:14.0140 3384 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:28:14.0156 3384 [Global] - ok
21:28:14.0156 3384 ================ Scan MBR ==================================
21:28:14.0187 3384 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:28:14.0515 3384 \Device\Harddisk0\DR0 - ok
21:28:14.0531 3384 ================ Scan VBR ==================================
21:28:14.0531 3384 [ EEEDE55DEE26FEE8AD99276026F8B33D ] \Device\Harddisk0\DR0\Partition1
21:28:14.0546 3384 \Device\Harddisk0\DR0\Partition1 - ok
21:28:14.0546 3384 ============================================================
21:28:14.0546 3384 Scan finished
21:28:14.0546 3384 ============================================================
21:28:14.0578 4196 Detected object count: 0
21:28:14.0578 4196 Actual detected object count: 0
  • 0

#20
Cheecha

Cheecha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
aswmbr:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-01 21:33:56
-----------------------------
21:33:56.812 OS Version: Windows 5.1.2600 Service Pack 3
21:33:56.812 Number of processors: 1 586 0xD08
21:33:56.812 ComputerName: JACKTRADING UserName: yakub
21:33:57.625 Initialize success
21:34:22.781 AVAST engine download error: 0
21:34:34.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:34:34.703 Disk 0 Vendor: FUJITSU_MHV2060AH 000000A0 Size: 57231MB BusType: 3
21:34:34.718 Disk 0 MBR read successfully
21:34:34.718 Disk 0 MBR scan
21:34:34.734 Disk 0 Windows XP default MBR code
21:34:34.734 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
21:34:34.750 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 54093 MB offset 96390
21:34:34.796 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 110896695
21:34:34.796 Disk 0 scanning sectors +117194175
21:34:34.890 Disk 0 scanning C:\WINDOWS\system32\drivers
21:34:53.281 Service scanning
21:35:18.265 Modules scanning
21:35:41.765 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
21:35:44.625 Disk 0 trace - called modules:
21:35:44.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
21:35:44.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d8a900]
21:35:44.671 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86da7d98]
21:35:44.687 Scan finished successfully
21:36:29.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\yakub\My Documents\Geeks\MBR.dat"
21:36:29.218 The log file has been saved successfully to "C:\Documents and Settings\yakub\My Documents\Geeks\aswMBR.txt"
  • 0

#21
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#22
Cheecha

Cheecha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
ComboFix

ComboFix 12-10-31.03 - yakub 02/11/2012 0:04.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.476 [GMT 11:00]
Running from: c:\documents and settings\yakub\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\yakub\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *Disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
.
.
2012-10-16 13:06 . 2012-10-21 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 09:10 . 2012-04-07 02:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 09:10 . 2011-08-04 09:50 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 10:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2005-03-30 01:23 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2005-03-30 01:01 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-28 10:32 . 2012-10-28 10:31 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3B8D091-3529-4779-1766-0ABBF3D3EA69}]
2012-09-29 10:04 155136 ----a-w- c:\documents and settings\All Users\Application Data\wxDownload\5066c7c2bf70e.ocx
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-05-31 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 827392]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-08 212992]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 401408]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 385024]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-07-22 12:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 01:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-04-06 04:58 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-11-06 19:20 122940 -c--a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2002-12-17 01:40 49152 -c--a-r- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-05-07 19:56 188416 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-05-23 02:55 483328 -c--a-r- c:\windows\system32\hphmon05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-05-23 03:03 49152 -c--a-r- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 05:46 77824 -c----w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 05:50 114688 -c----w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 05:49 94208 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 06:50 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 06:50 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 10:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-24 15:11 132496 -c--a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 02:48 761947 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2006-09-27 10:33 125168 -c--a-w- c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [11/06/2012 5:22 PM 240208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/08/2012 9:15 PM 106656]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/01/2010 10:37 PM 4640000]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [11/06/2012 5:22 PM 193616]
S2 gupdate1ca933581bf0fd4;Google Update Service (gupdate1ca933581bf0fd4);c:\program files\Google\Update\GoogleUpdate.exe [12/01/2010 2:15 PM 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 2:28 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/04/2012 1:23 PM 250808]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/01/2010 2:15 PM 133104]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [24/01/2009 10:42 AM 39048]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 12:15 PM 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [20/05/2012 7:33 PM 115168]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [27/09/2006 9:33 PM 116464]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 39599747
*NewlyCreated* - ASWMBR
*Deregistered* - 39599747
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 09:10]
.
2012-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
.
2012-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 03:15]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 03:15]
.
2012-04-13 c:\windows\Tasks\HP DArC Task 2003-04-08 07:12ewlett-Packard-7002003-04-08 02:45Y4BR2K0FWU0.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-08 02:45]
.
2012-11-01 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2007-06-13 03:03]
.
2012-10-26 c:\windows\Tasks\Norton Security Scan for yakub.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-18 17:18]
.
2012-10-29 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2012-08-20 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\yakub\Application Data\Mozilla\Firefox\Profiles\fjgkyrli.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - ExtSQL: 2012-09-29 20:02; 5066c747d70ce@5066c747d7107.com; c:\documents and settings\yakub\Application Data\Mozilla\Firefox\Profiles\fjgkyrli.default\extensions\5066c747d70ce@5066c747d7107.com
FF - ExtSQL: !HIDDEN! 2009-09-02 21:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-02 00:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(3336)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-11-02 00:23:59
ComboFix-quarantined-files.txt 2012-11-01 13:23
ComboFix2.txt 2012-10-24 04:22
.
Pre-Run: 6,167,552,000 bytes free
Post-Run: 6,194,249,728 bytes free
.
- - End Of File - - 513531E293DAC8CAF88439BA3B794892
  • 0

#23
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#24
Cheecha

Cheecha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Extra ComboFix Report

Adobe Audition 1.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaConverter 2.5
ArcSoft Panorama Maker 5
ArcSoft ShowBiz DVD 2
Bing Bar
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell ResourceCD
Digital Voice Editor 3
DigitImg
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD RIP N Burn 1.0.0.11
e-Sword
Free iPod Video Converter 1.34
Free YouTube to Mp3 Converter version 3.1
getPlus®_ocx
Google Chrome
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Memories Disc
hp photosmart 7700 series
HP Software Update
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software
InternetCalls
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
Junk Mail filter update
LiveUpdate 3.1 (Symantec Corporation)
Logitech Harmony Remote Software
mCore
mDriver
mDrWiFi
Meltho Version 1.20
mHlpDell
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox 16.0.2 (x86 en-GB)
Mozilla Maintenance Service
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
mToolkit
mWlsSafe
mXML
mZConfig
Nikon Message Center 2
Nikon Movie Editor
Norton Security Scan
Norton Security Scan (Symantec Corporation)
OGA Notifier 1.7.0105.35.0
OpenMG Secure Module 4.7.00
Photosmart 140,240,7200,7600,7700,7900 Series
Picture Control Utility
PS7700
PSShortcuts
PSUsage
QuickSet
QuickTime
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SigmaTel Audio
Skype web features
Skype™ 5.10
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
Symantec Client Security
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB TV Device Driver
VC80CRTRedist - 8.0.50727.6195
ViewNX 2
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
wxDownload
wxDownload Fast 0.6.0
Yahoo! Software Update
Yahoo!7 Messenger
Yahoo!7 Toolbar
  • 0

#25
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


very sorry for the delay



These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.2
Bing Bar
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

Advertisements


#26
Cheecha

Cheecha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
MBAM

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.06.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
yakub :: JACKTRADING [administrator]

Protection: Enabled

6/11/2012 11:49:50 PM
mbam-log-2012-11-06 (23-49-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 310192
Time elapsed: 52 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\Documents and Settings\yakub\My Documents\Downloads\bdrb.exe (PUP.Adware.RKN) -> Quarantined and deleted successfully.
C:\Documents and Settings\yakub\My Documents\Downloads\FastDownload(1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\yakub\My Documents\Downloads\FastDownload.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\yakub\My Documents\Downloads\Unconfirmed 34831.crdownload (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\visitor\Local Settings\Temp\~os1C9.tmp\rlls.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Documents and Settings\visitor\Local Settings\Temp\~os1C9.tmp\rlls64.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Documents and Settings\visitor\Local Settings\Temp\~os1C9.tmp\rlservice.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Documents and Settings\visitor\Local Settings\Temp\~os1C9.tmp\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Documents and Settings\visitor\Local Settings\Temp\~os1C9.tmp\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

(end)
  • 0

#27
Cheecha

Cheecha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
HiJackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:13:54 PM, on 7/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\yakub\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {15A02B79-60BB-42B8-814E-BF8364106B9E} (Pco3 Window (Commsec) Control) - http://images.commse...o3X_Commsec.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188484089109
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - http://kaseya.rsgc.c...c/kaxRemote.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibahealth.local,asia-pacific.isoftgroup.co.uk,development.isoftgroup.co.uk,europe.isoftgroup.co.uk,internal.org.au,isoftgroup.co.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibahealth.local,asia-pacific.isoftgroup.co.uk,development.isoftgroup.co.uk,europe.isoftgroup.co.uk,internal.org.au,isoftgroup.co.uk
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1ca933581bf0fd4) (gupdate1ca933581bf0fd4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15298 bytes
  • 0

#28
Cheecha

Cheecha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Gringo,

So far it has been ok. Much better than before. It wont be perfect but at least it has improved speed.
At times the window may close section by section but it is quicker than before.

All in all, so far good.

I will let you know in the next 1-2 days if it not good.

Cheers.

And again thank you for your help.

Cheecha
  • 0

#29
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
  • 0

#30
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP