Texasheli1
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Texasheli1
-
-
Machine seems to operate better and the redirect issues have gone.
-
-
Status: Deleted (events: 12)
7/4/2012 6:43:56 AM Deleted Trojan program Trojan.Win32.Agent.smnt C:\System Volume Information\_restore{C5B3AA7B-FB53-4FF2-9C76-1B3F928336FC}\RP1443\A0320926.exe High
7/4/2012 6:44:09 AM Deleted Trojan program Rootkit.Boot.Wistler.a C:\TDSSKiller_Quarantine\30.06.2012_09.44.32\mbr0000\mbr0000\tsk0000.dta High
7/4/2012 6:44:08 AM Deleted Trojan program Rootkit.Boot.Wistler.a C:\TDSSKiller_Quarantine\30.06.2012_09.44.32\mbr0000\mbr0000\tsk0001.dta High
7/4/2012 6:44:08 AM Deleted Trojan program Rootkit.Boot.Wistler.a C:\TDSSKiller_Quarantine\30.06.2012_09.44.32\mbr0000\mbr0000\tsk0001.dta//mbr High
7/4/2012 7:06:22 AM Deleted Trojan program Trojan.Win32.Swisyn.clmh C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\25\4bf87e99-31c90614 High
7/4/2012 7:06:22 AM Deleted Trojan program Trojan.Win32.Swisyn.clmh C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\25\4bf87e99-31c90614//PE-Crypt.XorPE High
7/4/2012 7:06:32 AM Deleted Trojan program Packed.Win32.Black.d C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-70e90ef5 High
7/4/2012 7:06:32 AM Deleted Trojan program Packed.Win32.Black.d C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-70e90ef5//PE-Crypt.XorPE High
7/4/2012 7:06:32 AM Deleted Trojan program Packed.Win32.Black.d C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-70e90ef5//PE-Crypt.XorPE//PE_Patch High
7/4/2012 7:06:32 AM Deleted Trojan program Packed.Win32.Black.d C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-70e90ef5//PE-Crypt.XorPE//PE_Patch//ASProtect14 High
7/4/2012 7:06:35 AM Deleted Trojan program Trojan.Win32.Agent.smnt C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\55\6a462177-31e5a45f High
7/4/2012 7:06:35 AM Deleted Trojan program Trojan.Win32.Agent.smnt C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\55\6a462177-31e5a45f//PE-Crypt.XorPE High
-
ComboFix 12-07-01.04 - Cleveland's 07/01/2012 20:57:19.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2465 [GMT -5:00]
Running from: c:\documents and settings\Cleveland's\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cleveland's\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\TEMP\RESE.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-06-30 14:46 . 2012-06-30 14:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 05:17 . 2012-06-25 05:17 -------- d-----w- c:\program files\PlayReady
2012-06-22 01:07 . 2012-06-22 01:07 -------- d-----w- c:\program files\Common Files\Skype
2012-06-22 01:05 . 2012-06-22 01:05 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-22 01:05 . 2012-06-22 01:05 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-15 04:22 . 2012-06-15 04:22 -------- d-----w- c:\windows\system32\config\systemprofile\Applications
2012-06-13 23:47 . 2012-06-13 23:47 -------- d-----w- c:\documents and settings\Cleveland's\Applications
2012-06-13 12:43 . 2012-07-01 20:04 -------- d-----w- c:\documents and settings\Cleveland's\Librarys
2012-06-13 06:34 . 2012-07-01 20:04 -------- d-----w- c:\windows\system32\config\systemprofile\Librarys
2012-06-13 06:30 . 2012-06-13 06:30 -------- d-----w- c:\windows\system32\URTTEMP
2012-06-13 01:15 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-07 15:50 . 2012-06-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2012-06-07 15:50 . 2012-06-07 15:50 -------- d-----w- c:\program files\HP Photo Creations
2012-06-07 15:50 . 2012-06-07 15:50 -------- d-----w- c:\documents and settings\Cleveland's\Application Data\HpUpdate
2012-06-07 15:50 . 2010-06-14 20:19 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll
2012-06-07 15:50 . 2010-06-14 20:19 264552 ----a-w- c:\windows\system32\hpinksts8911LM.dll
2012-06-07 15:50 . 2010-06-14 20:19 232296 ----a-w- c:\windows\system32\hpinksts8911.dll
2012-06-07 15:50 . 2010-06-14 20:19 213352 ----a-w- c:\windows\system32\hpinkcoi8911.dll
2012-06-07 15:49 . 2012-06-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2012-06-07 15:49 . 2012-06-07 15:50 -------- d-----w- c:\program files\HP
2012-06-07 15:48 . 2012-06-07 15:48 -------- d-----w- c:\documents and settings\Cleveland's\Local Settings\Application Data\HP
2012-06-05 04:43 . 2012-07-01 01:58 -------- d-----w- c:\documents and settings\Cleveland's\Tracing
2012-06-05 04:25 . 2010-04-28 12:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2012-06-05 04:21 . 2012-06-06 02:47 -------- d-----w- c:\program files\Microsoft
2012-06-05 04:21 . 2012-06-05 04:21 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-06-05 04:21 . 2012-06-05 04:25 -------- d-----w- c:\program files\Windows Live
2012-06-05 04:16 . 2008-06-17 21:13 484632 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\DXSETUP.exe
2012-06-05 04:16 . 2008-06-17 21:13 74520 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\DSETUP.dll
2012-06-05 04:16 . 2008-06-17 21:13 1670936 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\dsetup32.dll
2012-06-05 04:16 . 2008-07-11 09:50 1013800 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa2034281cd42d1\WindowsXP-KB954708-x86-ENU.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 18:33 . 2012-05-09 04:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-28 18:33 . 2011-07-19 04:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 20:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-04-18 03:39 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2009-04-18 03:39 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2009-04-18 03:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2009-04-18 03:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2009-04-18 03:39 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2009-04-18 03:39 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2009-04-18 03:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2009-06-17 21:46 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18 . 2009-06-17 21:46 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2009-06-17 21:46 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:19 . 2004-08-10 11:00 599552 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-05-24 15:48 . 2012-01-01 16:00 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-10 11:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-04-18 03:35 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-13 07:36 . 2012-05-14 12:07 6734704 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C669D62-418E-4F9A-93B6-3D8DC7CAED6F}\mpengine.dll
2012-04-04 20:56 . 2011-08-29 04:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 18:28 . 2012-01-16 18:28 371272 ----a-w- c:\program files\Skype.lnk
2011-12-13 01:18 . 2011-12-13 01:12 69341552 ----a-w- c:\program files\iTunesSetup.exe
2011-06-21 02:41 . 2011-06-21 02:36 20398464 ----a-w- c:\program files\TomTomHOME2winlatest.exe
2009-10-31 17:36 . 2009-10-31 17:34 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2009-06-17 12:11 . 2009-06-17 12:10 4909440 ----a-w- c:\program files\Silverlight.2.0.exe
2009-06-16 16:38 . 2009-06-16 16:38 1988392 ----a-w- c:\program files\SkypeSetup-Beta.exe
2009-05-09 04:45 . 2009-05-09 04:42 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe
2012-06-22 01:05 . 2012-01-11 00:37 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"ChromeFrameHelper"="c:\documents and settings\Cleveland's\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\chrome_frame_helper.exe" [2012-06-28 96792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"Skype@phone"="c:\program files\SkypeUSBPhoneDriver\Skype@phone.exe" [2006-01-05 843776]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 98304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WN111 Smart Wizard.lnk - c:\program files\NETGEAR\WN111\wn111.exe [2008-4-1 2121728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 23:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioNowMediaManagerApp]
2011-08-03 02:37 2785776 ----a-w- c:\program files\Roxio\RoxioNow Player\RNowShell.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\mektek.net\\MTX\\mtx.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher2.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcherx.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatchery.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\SEGA\\Iron Man\\IronMan.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum goty\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hitman blood money\\HitmanBloodMoney.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hitman blood money\\configure.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum goty\\Binaries\\BmLauncher.exe"=
"c:\\Program Files\\Roxio\\RoxioNow Player\\RNowShell.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\EACoreServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"=
"c:\\Program Files\\MediaMall\\MediaMallServer.exe"=
"c:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [10/16/2009 9:35 PM 40560]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7/17/2011 10:09 PM 13496]
R0 SockHook;SockHook;c:\windows\system32\drivers\SOCKHOOK.SYS [7/26/2009 10:58 PM 15000]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [1/1/2012 10:28 AM 913792]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/28/2011 11:57 PM 654408]
R2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [4/12/2012 2:32 AM 2976632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [7/5/2010 5:53 PM 10680]
R2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [8/2/2011 9:37 PM 400368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2/8/2007 1:06 AM 49152]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [1/18/2012 6:44 AM 450848]
R2 WebGuideTranscode;WebGuideTranscode;c:\program files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe [2/20/2007 12:37 PM 40960]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [3/22/2012 10:32 PM 100368]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [4/20/2009 6:55 PM 2944]
R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [4/20/2009 6:55 PM 60416]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [4/20/2009 6:55 PM 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [4/20/2009 6:55 PM 10368]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [1/18/2012 6:44 AM 22176]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 5:45 PM 57440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/28/2011 11:57 PM 22344]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [8/21/2011 10:28 PM 374152]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/7/2012 7:12 PM 160944]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [1/19/2012 12:36 AM 25832]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup; [x]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2012 11:11 PM 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys --> c:\windows\system32\DRIVERS\RT2860.sys [?]
S3 RTL8192su;RNX-N2LX Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys --> c:\windows\system32\DRIVERS\RTL8192su.sys [?]
S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [8/6/2008 6:21 PM 20504]
S3 TdiPbk;TdiPbk;c:\windows\system32\drivers\TdiPbk.SYS [7/26/2009 10:58 PM 24328]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\ASC5_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 5\AutoSweep.exe [2012-01-01 15:45]
.
2012-07-01 c:\windows\Tasks\ASC5_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 5\AutoUpdate.exe [2012-01-01 23:33]
.
2012-07-01 c:\windows\Tasks\At49.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2012-07-02 c:\windows\Tasks\At50.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2012-07-01 c:\windows\Tasks\At51.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2012-07-01 c:\windows\Tasks\At52.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-616249376-839522115-1003Core.job
- c:\documents and settings\Cleveland's\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-26 02:18]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-616249376-839522115-1003UA.job
- c:\documents and settings\Cleveland's\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-26 02:18]
.
2012-07-01 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-07-18 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: cinemanow.com
Trusted Zone: cnet.com\download
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Cleveland's\Application Data\Mozilla\Firefox\Profiles\coh6frck.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-01 21:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,57,92,bc,b9,b1,e7,46,bc,90,5e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,57,92,bc,b9,b1,e7,46,bc,90,5e,\
.
[HKEY_USERS\S-1-5-21-329068152-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A12F4AD9-8A8D-122C-3FB6-ED26529D8D7B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-329068152-616249376-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7b,fc,78,d4,d6,e3,11,c9,50,ef,63,e0,27,7b,d5,86,0f,b6,9e,82,63,f0,35,
a3,7f,65,8b,cc,8e,c7,5d,fc,cd,7f,2f,9f,89,4d,f1,02,78,a1,c8,c5,84,ec,50,e5,\
"??"=hex:16,18,32,b0,43,17,e3,d4,74,ee,5e,a6,73,d2,51,2d
.
[HKEY_USERS\S-1-5-21-329068152-616249376-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b1,77,27,5e,5b,e2,c5,d0,e4,6e,54,59,a7,61,34,bb,88,3b,12,f3,a2,
cf,80,0e,35,a4,22,f5,85,ad,d5,da,95,4d,72,29,83,c3,de,62,1b,dd,6e,a5,62,d3,\
"rkeysecu"=hex:48,63,b0,1e,44,30,43,b7,c3,1b,8c,fc,d3,86,b7,79
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-07-01 21:08:29
ComboFix-quarantined-files.txt 2012-07-02 02:08
ComboFix2.txt 2012-07-01 20:15
ComboFix3.txt 2012-05-04 02:31
.
Pre-Run: 443,089,076,224 bytes free
Post-Run: 443,082,637,312 bytes free
.
- - End Of File - - 4E1769E840118CC570EDF05EA873B883
-
ComboFix 12-07-01.03 - Cleveland's 07/01/2012 14:53:19.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2408 [GMT -5:00]
Running from: c:\documents and settings\Cleveland's\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\771CF41A4D.sys
c:\documents and settings\Cleveland's\Librarys\wgesdwx
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\config\systemprofile\Librarys\wgesdwx
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MSIRSTS
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-06-30 14:46 . 2012-06-30 14:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 05:17 . 2012-06-25 05:17 -------- d-----w- c:\program files\PlayReady
2012-06-22 01:07 . 2012-06-22 01:07 -------- d-----w- c:\program files\Common Files\Skype
2012-06-22 01:05 . 2012-06-22 01:05 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-22 01:05 . 2012-06-22 01:05 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-15 04:22 . 2012-06-15 04:22 -------- d-----w- c:\windows\system32\config\systemprofile\Applications
2012-06-13 23:47 . 2012-06-13 23:47 -------- d-----w- c:\documents and settings\Cleveland's\Applications
2012-06-13 12:43 . 2012-07-01 20:04 -------- d-----w- c:\documents and settings\Cleveland's\Librarys
2012-06-13 06:34 . 2012-07-01 20:04 -------- d-----w- c:\windows\system32\config\systemprofile\Librarys
2012-06-13 06:30 . 2012-06-13 06:30 -------- d-----w- c:\windows\system32\URTTEMP
2012-06-13 01:15 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-07 15:50 . 2012-06-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2012-06-07 15:50 . 2012-06-07 15:50 -------- d-----w- c:\program files\HP Photo Creations
2012-06-07 15:50 . 2012-06-07 15:50 -------- d-----w- c:\documents and settings\Cleveland's\Application Data\HpUpdate
2012-06-07 15:50 . 2010-06-14 20:19 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll
2012-06-07 15:50 . 2010-06-14 20:19 264552 ----a-w- c:\windows\system32\hpinksts8911LM.dll
2012-06-07 15:50 . 2010-06-14 20:19 232296 ----a-w- c:\windows\system32\hpinksts8911.dll
2012-06-07 15:50 . 2010-06-14 20:19 213352 ----a-w- c:\windows\system32\hpinkcoi8911.dll
2012-06-07 15:49 . 2012-06-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2012-06-07 15:49 . 2012-06-07 15:50 -------- d-----w- c:\program files\HP
2012-06-07 15:48 . 2012-06-07 15:48 -------- d-----w- c:\documents and settings\Cleveland's\Local Settings\Application Data\HP
2012-06-05 04:43 . 2012-07-01 01:58 -------- d-----w- c:\documents and settings\Cleveland's\Tracing
2012-06-05 04:25 . 2010-04-28 12:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2012-06-05 04:21 . 2012-06-06 02:47 -------- d-----w- c:\program files\Microsoft
2012-06-05 04:21 . 2012-06-05 04:21 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-06-05 04:21 . 2012-06-05 04:25 -------- d-----w- c:\program files\Windows Live
2012-06-05 04:16 . 2008-06-17 21:13 484632 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\DXSETUP.exe
2012-06-05 04:16 . 2008-06-17 21:13 74520 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\DSETUP.dll
2012-06-05 04:16 . 2008-06-17 21:13 1670936 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\dsetup32.dll
2012-06-05 04:16 . 2008-07-11 09:50 1013800 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa2034281cd42d1\WindowsXP-KB954708-x86-ENU.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 18:33 . 2012-05-09 04:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-28 18:33 . 2011-07-19 04:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 20:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-04-18 03:39 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2009-04-18 03:39 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2009-04-18 03:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2009-04-18 03:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2009-04-18 03:39 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2009-04-18 03:39 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2009-04-18 03:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2009-06-17 21:46 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18 . 2009-06-17 21:46 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2009-06-17 21:46 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:19 . 2004-08-10 11:00 599552 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-05-24 15:48 . 2012-01-01 16:00 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-10 11:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-04-18 03:35 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-13 07:36 . 2012-05-14 12:07 6734704 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C669D62-418E-4F9A-93B6-3D8DC7CAED6F}\mpengine.dll
2012-04-04 20:56 . 2011-08-29 04:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 18:28 . 2012-01-16 18:28 371272 ----a-w- c:\program files\Skype.lnk
2011-12-13 01:18 . 2011-12-13 01:12 69341552 ----a-w- c:\program files\iTunesSetup.exe
2011-06-21 02:41 . 2011-06-21 02:36 20398464 ----a-w- c:\program files\TomTomHOME2winlatest.exe
2009-10-31 17:36 . 2009-10-31 17:34 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2009-06-17 12:11 . 2009-06-17 12:10 4909440 ----a-w- c:\program files\Silverlight.2.0.exe
2009-06-16 16:38 . 2009-06-16 16:38 1988392 ----a-w- c:\program files\SkypeSetup-Beta.exe
2009-05-09 04:45 . 2009-05-09 04:42 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe
2012-06-22 01:05 . 2012-01-11 00:37 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"ChromeFrameHelper"="c:\documents and settings\Cleveland's\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\chrome_frame_helper.exe" [2012-06-28 96792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"Skype@phone"="c:\program files\SkypeUSBPhoneDriver\Skype@phone.exe" [2006-01-05 843776]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 98304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WN111 Smart Wizard.lnk - c:\program files\NETGEAR\WN111\wn111.exe [2008-4-1 2121728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 23:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioNowMediaManagerApp]
2011-08-03 02:37 2785776 ----a-w- c:\program files\Roxio\RoxioNow Player\RNowShell.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\mektek.net\\MTX\\mtx.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher2.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcherx.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatchery.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\SEGA\\Iron Man\\IronMan.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum goty\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hitman blood money\\HitmanBloodMoney.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hitman blood money\\configure.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum goty\\Binaries\\BmLauncher.exe"=
"c:\\Program Files\\Roxio\\RoxioNow Player\\RNowShell.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\EACoreServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"=
"c:\\Program Files\\MediaMall\\MediaMallServer.exe"=
"c:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [10/16/2009 9:35 PM 40560]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7/17/2011 10:09 PM 13496]
R0 SockHook;SockHook;c:\windows\system32\drivers\SOCKHOOK.SYS [7/26/2009 10:58 PM 15000]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [1/1/2012 10:28 AM 913792]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/28/2011 11:57 PM 654408]
R2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [4/12/2012 2:32 AM 2976632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [7/5/2010 5:53 PM 10680]
R2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [8/2/2011 9:37 PM 400368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2/8/2007 1:06 AM 49152]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [1/18/2012 6:44 AM 450848]
R2 WebGuideTranscode;WebGuideTranscode;c:\program files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe [2/20/2007 12:37 PM 40960]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [3/22/2012 10:32 PM 100368]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [4/20/2009 6:55 PM 2944]
R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [4/20/2009 6:55 PM 60416]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [4/20/2009 6:55 PM 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [4/20/2009 6:55 PM 10368]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [1/18/2012 6:44 AM 22176]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 5:45 PM 57440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/28/2011 11:57 PM 22344]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [8/21/2011 10:28 PM 374152]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/7/2012 7:12 PM 160944]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [1/19/2012 12:36 AM 25832]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup; [x]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2012 11:11 PM 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys --> c:\windows\system32\DRIVERS\RT2860.sys [?]
S3 RTL8192su;RNX-N2LX Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys --> c:\windows\system32\DRIVERS\RTL8192su.sys [?]
S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [8/6/2008 6:21 PM 20504]
S3 TdiPbk;TdiPbk;c:\windows\system32\drivers\TdiPbk.SYS [7/26/2009 10:58 PM 24328]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\ASC5_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 5\AutoSweep.exe [2012-01-01 15:45]
.
2012-06-30 c:\windows\Tasks\ASC5_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 5\AutoUpdate.exe [2012-01-01 23:33]
.
2012-07-01 c:\windows\Tasks\At49.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2012-07-01 c:\windows\Tasks\At50.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2012-07-01 c:\windows\Tasks\At51.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2012-07-01 c:\windows\Tasks\At52.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-616249376-839522115-1003Core.job
- c:\documents and settings\Cleveland's\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-26 02:18]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-616249376-839522115-1003UA.job
- c:\documents and settings\Cleveland's\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-26 02:18]
.
2012-07-01 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-07-18 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: cinemanow.com
Trusted Zone: cnet.com\download
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Cleveland's\Application Data\Mozilla\Firefox\Profiles\coh6frck.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-01 15:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\RESE.tmp 0 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,57,92,bc,b9,b1,e7,46,bc,90,5e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,57,92,bc,b9,b1,e7,46,bc,90,5e,\
.
[HKEY_USERS\S-1-5-21-329068152-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A12F4AD9-8A8D-122C-3FB6-ED26529D8D7B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-329068152-616249376-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7b,fc,78,d4,d6,e3,11,c9,50,ef,63,e0,27,7b,d5,86,0f,b6,9e,82,63,f0,35,
a3,7f,65,8b,cc,8e,c7,5d,fc,cd,7f,2f,9f,89,4d,f1,02,78,a1,c8,c5,84,ec,50,e5,\
"??"=hex:16,18,32,b0,43,17,e3,d4,74,ee,5e,a6,73,d2,51,2d
.
[HKEY_USERS\S-1-5-21-329068152-616249376-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b1,77,27,5e,5b,e2,c5,d0,e4,6e,54,59,a7,61,34,bb,88,3b,12,f3,a2,
cf,80,0e,35,a4,22,f5,85,ad,d5,da,95,4d,72,29,83,c3,de,62,1b,dd,6e,a5,62,d3,\
"rkeysecu"=hex:48,63,b0,1e,44,30,43,b7,c3,1b,8c,fc,d3,86,b7,79
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(4996)
c:\windows\system32\WININET.dll
c:\documents and settings\Cleveland's\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\chrome_frame_helper.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\Microsoft Office\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehSched.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\BRMFRSMG.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\Microsoft ActiveSync\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-07-01 15:15:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-01 20:15
ComboFix2.txt 2012-05-04 02:31
.
Pre-Run: 443,187,724,288 bytes free
Post-Run: 443,171,086,336 bytes free
.
- - End Of File - - 3F190706D5F50905BEFD21C0BDDF4B34
-
Sorry hit the enter before finishing statement. I tried downloading the install file a couple of times for combofix. I just ran the file ignoring the one which would not unarchive. Log posted above.
-
Log below. I could not get Combofix to install without ignoring file C:\32788R22RWJFW\pev.exe. I
ComboFix 12-07-01.03 - Cleveland's 07/01/2012 14:53:19.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2408 [GMT -5:00]
Running from: c:\documents and settings\Cleveland's\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\771CF41A4D.sys
c:\documents and settings\Cleveland's\Librarys\wgesdwx
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\config\systemprofile\Librarys\wgesdwx
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MSIRSTS
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-06-30 14:46 . 2012-06-30 14:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 05:17 . 2012-06-25 05:17 -------- d-----w- c:\program files\PlayReady
2012-06-22 01:07 . 2012-06-22 01:07 -------- d-----w- c:\program files\Common Files\Skype
2012-06-22 01:05 . 2012-06-22 01:05 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-22 01:05 . 2012-06-22 01:05 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-15 04:22 . 2012-06-15 04:22 -------- d-----w- c:\windows\system32\config\systemprofile\Applications
2012-06-13 23:47 . 2012-06-13 23:47 -------- d-----w- c:\documents and settings\Cleveland's\Applications
2012-06-13 12:43 . 2012-07-01 20:04 -------- d-----w- c:\documents and settings\Cleveland's\Librarys
2012-06-13 06:34 . 2012-07-01 20:04 -------- d-----w- c:\windows\system32\config\systemprofile\Librarys
2012-06-13 06:30 . 2012-06-13 06:30 -------- d-----w- c:\windows\system32\URTTEMP
2012-06-13 01:15 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-07 15:50 . 2012-06-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2012-06-07 15:50 . 2012-06-07 15:50 -------- d-----w- c:\program files\HP Photo Creations
2012-06-07 15:50 . 2012-06-07 15:50 -------- d-----w- c:\documents and settings\Cleveland's\Application Data\HpUpdate
2012-06-07 15:50 . 2010-06-14 20:19 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll
2012-06-07 15:50 . 2010-06-14 20:19 264552 ----a-w- c:\windows\system32\hpinksts8911LM.dll
2012-06-07 15:50 . 2010-06-14 20:19 232296 ----a-w- c:\windows\system32\hpinksts8911.dll
2012-06-07 15:50 . 2010-06-14 20:19 213352 ----a-w- c:\windows\system32\hpinkcoi8911.dll
2012-06-07 15:49 . 2012-06-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2012-06-07 15:49 . 2012-06-07 15:50 -------- d-----w- c:\program files\HP
2012-06-07 15:48 . 2012-06-07 15:48 -------- d-----w- c:\documents and settings\Cleveland's\Local Settings\Application Data\HP
2012-06-05 04:43 . 2012-07-01 01:58 -------- d-----w- c:\documents and settings\Cleveland's\Tracing
2012-06-05 04:25 . 2010-04-28 12:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2012-06-05 04:21 . 2012-06-06 02:47 -------- d-----w- c:\program files\Microsoft
2012-06-05 04:21 . 2012-06-05 04:21 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-06-05 04:21 . 2012-06-05 04:25 -------- d-----w- c:\program files\Windows Live
2012-06-05 04:16 . 2008-06-17 21:13 484632 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\DXSETUP.exe
2012-06-05 04:16 . 2008-06-17 21:13 74520 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\DSETUP.dll
2012-06-05 04:16 . 2008-06-17 21:13 1670936 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\dsetup32.dll
2012-06-05 04:16 . 2008-07-11 09:50 1013800 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa2034281cd42d1\WindowsXP-KB954708-x86-ENU.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 18:33 . 2012-05-09 04:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-28 18:33 . 2011-07-19 04:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 20:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-04-18 03:39 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2009-04-18 03:39 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2009-04-18 03:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2009-04-18 03:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2009-04-18 03:39 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2009-04-18 03:39 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2009-04-18 03:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2009-06-17 21:46 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18 . 2009-06-17 21:46 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2009-06-17 21:46 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:19 . 2004-08-10 11:00 599552 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-05-24 15:48 . 2012-01-01 16:00 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-10 11:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-04-18 03:35 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-13 07:36 . 2012-05-14 12:07 6734704 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C669D62-418E-4F9A-93B6-3D8DC7CAED6F}\mpengine.dll
2012-04-04 20:56 . 2011-08-29 04:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 18:28 . 2012-01-16 18:28 371272 ----a-w- c:\program files\Skype.lnk
2011-12-13 01:18 . 2011-12-13 01:12 69341552 ----a-w- c:\program files\iTunesSetup.exe
2011-06-21 02:41 . 2011-06-21 02:36 20398464 ----a-w- c:\program files\TomTomHOME2winlatest.exe
2009-10-31 17:36 . 2009-10-31 17:34 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2009-06-17 12:11 . 2009-06-17 12:10 4909440 ----a-w- c:\program files\Silverlight.2.0.exe
2009-06-16 16:38 . 2009-06-16 16:38 1988392 ----a-w- c:\program files\SkypeSetup-Beta.exe
2009-05-09 04:45 . 2009-05-09 04:42 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe
2012-06-22 01:05 . 2012-01-11 00:37 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
-
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-30 15:44:43
-----------------------------
15:44:43.078 OS Version: Windows 5.1.2600 Service Pack 3
15:44:43.078 Number of processors: 2 586 0x605
15:44:43.078 ComputerName: BEDROOM UserName:
15:44:45.703 Initialize success
15:45:08.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
15:45:08.078 Disk 0 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610480MB BusType: 3
15:45:08.093 Disk 0 MBR read successfully
15:45:08.093 Disk 0 MBR scan
15:45:08.093 Disk 0 Windows XP default MBR code
15:45:08.093 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610469 MB offset 63
15:45:08.109 Disk 0 scanning sectors +1250242560
15:45:08.171 Disk 0 scanning C:\WINDOWS\system32\drivers
15:45:20.578 Service scanning
15:45:31.875 Modules scanning
15:45:36.359 Disk 0 trace - called modules:
15:45:36.375 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:45:36.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aec1ab8]
15:45:36.375 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8ae76b00]
15:45:36.375 Scan finished successfully
20:02:00.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Cleveland's\Desktop\MBR.dat"
20:02:00.171 The log file has been saved successfully to "C:\Documents and Settings\Cleveland's\Desktop\aswMBR.txt"
-
This machine is basically used by the kids for internet gaming and the wife Facebooking. I am now more worried about the other computer I mentioned in the previous post. My wife uses it to do accounting on for her workplace at times. It is also used for online banking. That said the computer you are helping me with the requested logs follow:
9:44:32.0359 4048 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
09:44:32.0781 4048 ============================================================
09:44:32.0781 4048 Current date / time: 2012/06/30 09:44:32.0781
09:44:32.0781 4048 SystemInfo:
09:44:32.0781 4048
09:44:32.0781 4048 OS Version: 5.1.2600 ServicePack: 3.0
09:44:32.0781 4048 Product type: Workstation
09:44:32.0781 4048 ComputerName: BEDROOM
09:44:32.0781 4048 UserName: Cleveland's
09:44:32.0781 4048 Windows directory: C:\WINDOWS
09:44:32.0781 4048 System windows directory: C:\WINDOWS
09:44:32.0781 4048 Processor architecture: Intel x86
09:44:32.0781 4048 Number of processors: 2
09:44:32.0781 4048 Page size: 0x1000
09:44:32.0781 4048 Boot type: Normal boot
09:44:32.0781 4048 ============================================================
09:44:34.0656 4048 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:44:34.0718 4048 ============================================================
09:44:34.0718 4048 \Device\Harddisk0\DR0:
09:44:34.0718 4048 MBR partitions:
09:44:34.0718 4048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852FC1
09:44:34.0718 4048 ============================================================
09:44:34.0765 4048 C: <-> \Device\Harddisk0\DR0\Partition0
09:44:34.0765 4048 ============================================================
09:44:34.0765 4048 Initialize success
09:44:34.0765 4048 ============================================================
09:44:39.0140 0840 ============================================================
09:44:39.0140 0840 Scan started
09:44:39.0140 0840 Mode: Manual;
09:44:39.0140 0840 ============================================================
09:44:39.0984 0840 Abiosdsk - ok
09:44:40.0000 0840 abp480n5 - ok
09:44:40.0031 0840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:44:40.0031 0840 ACPI - ok
09:44:40.0062 0840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:44:40.0078 0840 ACPIEC - ok
09:44:40.0093 0840 adpu160m - ok
09:44:40.0234 0840 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
09:44:40.0250 0840 AdvancedSystemCareService5 - ok
09:44:40.0265 0840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:44:40.0281 0840 aec - ok
09:44:40.0312 0840 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:44:40.0328 0840 AFD - ok
09:44:40.0328 0840 Aha154x - ok
09:44:40.0328 0840 aic78u2 - ok
09:44:40.0343 0840 aic78xx - ok
09:44:40.0375 0840 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:44:40.0375 0840 Alerter - ok
09:44:40.0390 0840 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:44:40.0406 0840 ALG - ok
09:44:40.0406 0840 AliIde - ok
09:44:40.0437 0840 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
09:44:40.0484 0840 AmdLLD - ok
09:44:40.0484 0840 amsint - ok
09:44:40.0531 0840 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:44:40.0531 0840 Apple Mobile Device - ok
09:44:40.0562 0840 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:44:40.0562 0840 AppMgmt - ok
09:44:40.0578 0840 asc - ok
09:44:40.0578 0840 asc3350p - ok
09:44:40.0578 0840 asc3550 - ok
09:44:40.0625 0840 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
09:44:40.0640 0840 Aspi32 - ok
09:44:40.0687 0840 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:44:40.0703 0840 aspnet_state - ok
09:44:40.0718 0840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:44:40.0734 0840 AsyncMac - ok
09:44:40.0781 0840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:44:40.0781 0840 atapi - ok
09:44:40.0781 0840 Atdisk - ok
09:44:40.0843 0840 Ati HotKey Poller (c434b72352fadd9249d5541274021570) C:\WINDOWS\system32\Ati2evxx.exe
09:44:40.0859 0840 Ati HotKey Poller - ok
09:44:40.0906 0840 ATI Smart (2b2cc2c47f5de490f27d4292f0edc034) C:\WINDOWS\system32\ati2sgag.exe
09:44:40.0906 0840 ATI Smart - ok
09:44:41.0265 0840 ati2mtag (b4368b39a18630c3ec8d7f496f76f19b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:44:41.0390 0840 ati2mtag - ok
09:44:41.0500 0840 AtiHDAudioService (bd9ca8136738040d3257363ed12be693) C:\WINDOWS\system32\drivers\AtihdXP3.sys
09:44:41.0500 0840 AtiHDAudioService - ok
09:44:41.0531 0840 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
09:44:41.0546 0840 AtiHdmiService - ok
09:44:41.0578 0840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:44:41.0593 0840 Atmarpc - ok
09:44:41.0625 0840 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:44:41.0625 0840 AudioSrv - ok
09:44:41.0656 0840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:44:41.0671 0840 audstub - ok
09:44:41.0687 0840 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
09:44:41.0703 0840 BANTExt - ok
09:44:41.0781 0840 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
09:44:41.0796 0840 BBSvc - ok
09:44:41.0828 0840 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
09:44:41.0843 0840 BBUpdate - ok
09:44:41.0859 0840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:44:41.0859 0840 Beep - ok
09:44:41.0890 0840 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:44:41.0906 0840 BITS - ok
09:44:41.0984 0840 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
09:44:41.0984 0840 Bonjour Service - ok
09:44:42.0015 0840 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
09:44:42.0031 0840 brfilt - ok
09:44:42.0046 0840 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:44:42.0046 0840 Browser - ok
09:44:42.0062 0840 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
09:44:42.0078 0840 BrSerWDM - ok
09:44:42.0093 0840 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
09:44:42.0109 0840 BrUsbMdm - ok
09:44:42.0125 0840 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
09:44:42.0140 0840 BrUsbScn - ok
09:44:42.0171 0840 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
09:44:42.0187 0840 BthEnum - ok
09:44:42.0203 0840 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
09:44:42.0218 0840 BthPan - ok
09:44:42.0265 0840 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
09:44:42.0265 0840 BTHPORT - ok
09:44:42.0281 0840 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
09:44:42.0281 0840 BthServ - ok
09:44:42.0296 0840 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
09:44:42.0328 0840 BTHUSB - ok
09:44:42.0328 0840 catchme - ok
09:44:42.0343 0840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:44:42.0359 0840 cbidf2k - ok
09:44:42.0406 0840 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:44:42.0421 0840 CCDECODE - ok
09:44:42.0421 0840 cd20xrnt - ok
09:44:42.0437 0840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:44:42.0468 0840 Cdaudio - ok
09:44:42.0484 0840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:44:42.0500 0840 Cdfs - ok
09:44:42.0515 0840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:44:42.0531 0840 Cdrom - ok
09:44:42.0546 0840 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
09:44:42.0578 0840 cercsr6 - ok
09:44:42.0578 0840 Changer - ok
09:44:42.0593 0840 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:44:42.0593 0840 CiSvc - ok
09:44:42.0593 0840 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:44:42.0593 0840 ClipSrv - ok
09:44:42.0687 0840 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:44:42.0687 0840 clr_optimization_v2.0.50727_32 - ok
09:44:42.0718 0840 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:44:42.0718 0840 clr_optimization_v4.0.30319_32 - ok
09:44:42.0718 0840 CmdIde - ok
09:44:42.0750 0840 CompFilter (9704b9c442e3ef2989746d08f80a3743) C:\WINDOWS\system32\DRIVERS\lvbusflt.sys
09:44:42.0750 0840 CompFilter - ok
09:44:42.0750 0840 COMSysApp - ok
09:44:42.0765 0840 Cpqarray - ok
09:44:42.0765 0840 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:44:42.0765 0840 CryptSvc - ok
09:44:42.0781 0840 dac2w2k - ok
09:44:42.0781 0840 dac960nt - ok
09:44:42.0843 0840 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
09:44:42.0843 0840 DAUpdaterSvc - ok
09:44:42.0890 0840 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:44:42.0906 0840 DcomLaunch - ok
09:44:42.0937 0840 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:44:42.0953 0840 Dhcp - ok
09:44:42.0953 0840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:44:42.0968 0840 Disk - ok
09:44:42.0968 0840 dmadmin - ok
09:44:43.0031 0840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:44:43.0062 0840 dmboot - ok
09:44:43.0078 0840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:44:43.0078 0840 dmio - ok
09:44:43.0093 0840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:44:43.0093 0840 dmload - ok
09:44:43.0125 0840 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:44:43.0125 0840 dmserver - ok
09:44:43.0140 0840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:44:43.0156 0840 DMusic - ok
09:44:43.0171 0840 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
09:44:43.0187 0840 DNINDIS5 - ok
09:44:43.0203 0840 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:44:43.0203 0840 Dnscache - ok
09:44:43.0234 0840 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:44:43.0234 0840 Dot3svc - ok
09:44:43.0234 0840 dpti2o - ok
09:44:43.0250 0840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:44:43.0265 0840 drmkaud - ok
09:44:43.0296 0840 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:44:43.0328 0840 E100B - ok
09:44:43.0343 0840 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
09:44:43.0343 0840 eamon - ok
09:44:43.0359 0840 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:44:43.0359 0840 EapHost - ok
09:44:43.0375 0840 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
09:44:43.0390 0840 ehdrv - ok
09:44:43.0437 0840 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
09:44:43.0437 0840 ehRecvr - ok
09:44:43.0484 0840 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
09:44:43.0484 0840 ehSched - ok
09:44:43.0515 0840 EhttpSrv (68d91a34ce51cf15c45dd68f7f1257e8) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
09:44:43.0515 0840 EhttpSrv - ok
09:44:43.0546 0840 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
09:44:43.0562 0840 ekrn - ok
09:44:43.0593 0840 epfwtdir (aa0667eb9a92414abb784c101a6c7fec) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
09:44:43.0609 0840 epfwtdir - ok
09:44:43.0687 0840 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
09:44:43.0687 0840 EPSON_PM_RPCV4_01 - ok
09:44:43.0703 0840 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:44:43.0703 0840 ERSvc - ok
09:44:43.0734 0840 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:44:43.0734 0840 Eventlog - ok
09:44:43.0781 0840 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:44:43.0781 0840 EventSystem - ok
09:44:43.0796 0840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:44:43.0812 0840 Fastfat - ok
09:44:43.0859 0840 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:44:43.0859 0840 FastUserSwitchingCompatibility - ok
09:44:43.0859 0840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:44:43.0890 0840 Fdc - ok
09:44:43.0890 0840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:44:43.0906 0840 Fips - ok
09:44:43.0906 0840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:44:43.0937 0840 Flpydisk - ok
09:44:43.0937 0840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:44:43.0937 0840 FltMgr - ok
09:44:44.0015 0840 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:44:44.0015 0840 FontCache3.0.0.0 - ok
09:44:44.0031 0840 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
09:44:44.0046 0840 fssfltr - ok
09:44:44.0125 0840 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
09:44:44.0140 0840 fsssvc - ok
09:44:44.0171 0840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:44:44.0203 0840 Fs_Rec - ok
09:44:44.0218 0840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:44:44.0218 0840 Ftdisk - ok
09:44:44.0250 0840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:44:44.0265 0840 GEARAspiWDM - ok
09:44:44.0265 0840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:44:44.0281 0840 Gpc - ok
09:44:44.0343 0840 gusvc (a452e9aae84ff0ad57d6bb6c18d338c7) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:44:44.0343 0840 gusvc - ok
09:44:44.0375 0840 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:44:44.0406 0840 HDAudBus - ok
09:44:44.0500 0840 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:44:44.0500 0840 helpsvc - ok
09:44:44.0515 0840 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys
09:44:44.0531 0840 HidBth - ok
09:44:44.0562 0840 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:44:44.0578 0840 HidServ - ok
09:44:44.0578 0840 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:44:44.0609 0840 hidusb - ok
09:44:44.0625 0840 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:44:44.0625 0840 hkmsvc - ok
09:44:44.0656 0840 hotcore3 (8e0968b308040261c53b216e3ce7559a) C:\WINDOWS\system32\DRIVERS\hotcore3.sys
09:44:44.0656 0840 hotcore3 - ok
09:44:44.0656 0840 hpn - ok
09:44:44.0671 0840 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:44:44.0687 0840 HSFHWBS2 - ok
09:44:44.0734 0840 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:44:44.0781 0840 HSF_DP - ok
09:44:44.0796 0840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:44:44.0812 0840 HTTP - ok
09:44:44.0812 0840 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:44:44.0812 0840 HTTPFilter - ok
09:44:44.0812 0840 i2omgmt - ok
09:44:44.0828 0840 i2omp - ok
09:44:44.0843 0840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
09:44:44.0875 0840 i8042prt - ok
09:44:45.0031 0840 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:44:45.0046 0840 idsvc - ok
09:44:45.0062 0840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:44:45.0078 0840 Imapi - ok
09:44:45.0125 0840 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:44:45.0125 0840 ImapiService - ok
09:44:45.0125 0840 ini910u - ok
09:44:45.0140 0840 IntelIde - ok
09:44:45.0187 0840 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:44:45.0203 0840 intelppm - ok
09:44:45.0218 0840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:44:45.0250 0840 Ip6Fw - ok
09:44:45.0265 0840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:44:45.0312 0840 IpFilterDriver - ok
09:44:45.0328 0840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:44:45.0343 0840 IpInIp - ok
09:44:45.0359 0840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:44:45.0375 0840 IpNat - ok
09:44:45.0453 0840 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
09:44:45.0453 0840 iPod Service - ok
09:44:45.0468 0840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:44:45.0484 0840 IPSec - ok
09:44:45.0500 0840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:44:45.0531 0840 IRENUM - ok
09:44:45.0562 0840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:44:45.0562 0840 isapnp - ok
09:44:45.0625 0840 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
09:44:45.0625 0840 JavaQuickStarterService - ok
09:44:45.0671 0840 JL2005C (78648c0450b9af8d1bbc5fd86dec1642) C:\WINDOWS\system32\Drivers\jl2005c.sys
09:44:45.0687 0840 JL2005C - ok
09:44:45.0703 0840 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
09:44:45.0734 0840 JSWSCIMD - ok
09:44:45.0734 0840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:44:45.0750 0840 Kbdclass - ok
09:44:45.0750 0840 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:44:45.0781 0840 kbdhid - ok
09:44:45.0796 0840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:44:45.0796 0840 kmixer - ok
09:44:45.0812 0840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:44:45.0812 0840 KSecDD - ok
09:44:45.0843 0840 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:44:45.0843 0840 lanmanserver - ok
09:44:45.0890 0840 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:44:45.0890 0840 lanmanworkstation - ok
09:44:45.0890 0840 lbrtfdc - ok
09:44:45.0906 0840 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:44:45.0906 0840 LmHosts - ok
09:44:45.0984 0840 LMIGuardianSvc (c6a4fa0beed6e4198ddd8b8ee136cf80) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
09:44:46.0000 0840 LMIGuardianSvc - ok
09:44:46.0000 0840 lmimirr - ok
09:44:46.0046 0840 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\WINDOWS\system32\DRIVERS\lvrs.sys
09:44:46.0062 0840 LVRS - ok
09:44:46.0281 0840 LVUVC (5bc80451109a8dd7f2ddd35bce2929a3) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
09:44:46.0359 0840 LVUVC - ok
09:44:46.0421 0840 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
09:44:46.0437 0840 MBAMProtector - ok
09:44:46.0500 0840 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:44:46.0515 0840 MBAMService - ok
09:44:46.0562 0840 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
09:44:46.0562 0840 McrdSvc - ok
09:44:46.0593 0840 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:44:46.0609 0840 mdmxsdk - ok
09:44:46.0781 0840 MediaMall Server (dabf5c502202e7999b273a39602f8a0d) C:\Program Files\MediaMall\MediaMallServer.exe
09:44:46.0812 0840 MediaMall Server - ok
09:44:46.0906 0840 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:44:46.0906 0840 Messenger - ok
09:44:46.0937 0840 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
09:44:46.0953 0840 mf - ok
09:44:46.0984 0840 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
09:44:46.0984 0840 MHN - ok
09:44:47.0000 0840 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
09:44:47.0015 0840 MHNDRV - ok
09:44:47.0046 0840 Microsoft SharePoint Workspace Audit Service - ok
09:44:47.0078 0840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:44:47.0093 0840 mnmdd - ok
09:44:47.0125 0840 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:44:47.0125 0840 mnmsrvc - ok
09:44:47.0156 0840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:44:47.0171 0840 Modem - ok
09:44:47.0187 0840 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:44:47.0203 0840 MODEMCSA - ok
09:44:47.0203 0840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:44:47.0218 0840 Mouclass - ok
09:44:47.0250 0840 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:44:47.0265 0840 mouhid - ok
09:44:47.0281 0840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:44:47.0281 0840 MountMgr - ok
09:44:47.0328 0840 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:44:47.0328 0840 MozillaMaintenance - ok
09:44:47.0359 0840 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
09:44:47.0359 0840 MpFilter - ok
09:44:47.0359 0840 mraid35x - ok
09:44:47.0390 0840 MRVW245 (513179a0e168b4d4cc6ff302b9c27568) C:\WINDOWS\system32\DRIVERS\MRVW245.sys
09:44:47.0390 0840 MRVW245 - ok
09:44:47.0421 0840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:44:47.0468 0840 MRxDAV - ok
09:44:47.0515 0840 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:44:47.0515 0840 MRxSmb - ok
09:44:47.0546 0840 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:44:47.0546 0840 MSDTC - ok
09:44:47.0578 0840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:44:47.0578 0840 Msfs - ok
09:44:47.0578 0840 MSIServer - ok
09:44:47.0593 0840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:44:47.0609 0840 MSKSSRV - ok
09:44:47.0656 0840 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:44:47.0656 0840 MsMpSvc - ok
09:44:47.0687 0840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:44:47.0703 0840 MSPCLOCK - ok
09:44:47.0703 0840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:44:47.0734 0840 MSPQM - ok
09:44:47.0750 0840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:44:47.0765 0840 mssmbios - ok
09:44:47.0796 0840 MSSQL$MSSMLBIZ - ok
09:44:47.0828 0840 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
09:44:47.0828 0840 MSSQLServerADHelper - ok
09:44:47.0875 0840 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:44:47.0890 0840 MSTEE - ok
09:44:47.0906 0840 msvad_simple (ba03a176197d06ecaf0da86942375156) C:\WINDOWS\system32\drivers\povrtdev.sys
09:44:47.0921 0840 msvad_simple - ok
09:44:47.0937 0840 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:44:47.0937 0840 Mup - ok
09:44:47.0968 0840 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:44:47.0984 0840 NABTSFEC - ok
09:44:48.0015 0840 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:44:48.0031 0840 napagent - ok
09:44:48.0031 0840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:44:48.0031 0840 NDIS - ok
09:44:48.0062 0840 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:44:48.0078 0840 NdisIP - ok
09:44:48.0093 0840 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:44:48.0093 0840 NdisTapi - ok
09:44:48.0125 0840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:44:48.0140 0840 Ndisuio - ok
09:44:48.0140 0840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:44:48.0171 0840 NdisWan - ok
09:44:48.0187 0840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:44:48.0187 0840 NDProxy - ok
09:44:48.0187 0840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:44:48.0187 0840 NetBIOS - ok
09:44:48.0203 0840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:44:48.0234 0840 NetBT - ok
09:44:48.0250 0840 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:44:48.0250 0840 NetDDE - ok
09:44:48.0250 0840 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:44:48.0250 0840 NetDDEdsdm - ok
09:44:48.0281 0840 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:44:48.0281 0840 Netlogon - ok
09:44:48.0312 0840 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:44:48.0312 0840 Netman - ok
09:44:48.0390 0840 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:44:48.0406 0840 NetTcpPortSharing - ok
09:44:48.0421 0840 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:44:48.0421 0840 Nla - ok
09:44:48.0437 0840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:44:48.0453 0840 Npfs - ok
09:44:48.0484 0840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:44:48.0484 0840 Ntfs - ok
09:44:48.0484 0840 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:44:48.0500 0840 NtLmSsp - ok
09:44:48.0531 0840 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:44:48.0546 0840 NtmsSvc - ok
09:44:48.0562 0840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:44:48.0578 0840 Null - ok
09:44:48.0593 0840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:44:48.0625 0840 NwlnkFlt - ok
09:44:48.0640 0840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:44:48.0656 0840 NwlnkFwd - ok
09:44:48.0703 0840 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:44:48.0718 0840 ose - ok
09:44:48.0984 0840 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:44:49.0015 0840 osppsvc - ok
09:44:49.0109 0840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:44:49.0125 0840 Parport - ok
09:44:49.0140 0840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:44:49.0156 0840 PartMgr - ok
09:44:49.0171 0840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:44:49.0187 0840 ParVdm - ok
09:44:49.0218 0840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:44:49.0218 0840 PCI - ok
09:44:49.0218 0840 PciCon - ok
09:44:49.0218 0840 PCIDump - ok
09:44:49.0234 0840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:44:49.0234 0840 PCIIde - ok
09:44:49.0250 0840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:44:49.0281 0840 Pcmcia - ok
09:44:49.0281 0840 PDCOMP - ok
09:44:49.0296 0840 PDFRAME - ok
09:44:49.0296 0840 PDRELI - ok
09:44:49.0296 0840 PDRFRAME - ok
09:44:49.0312 0840 perc2 - ok
09:44:49.0312 0840 perc2hib - ok
09:44:49.0343 0840 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:44:49.0343 0840 PlugPlay - ok
09:44:49.0359 0840 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:44:49.0359 0840 PolicyAgent - ok
09:44:49.0390 0840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:44:49.0406 0840 PptpMiniport - ok
09:44:49.0406 0840 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:44:49.0406 0840 ProtectedStorage - ok
09:44:49.0421 0840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:44:49.0453 0840 PSched - ok
09:44:49.0484 0840 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
09:44:49.0500 0840 PSI_SVC_2 - ok
09:44:49.0515 0840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:44:49.0531 0840 Ptilink - ok
09:44:49.0531 0840 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:44:49.0546 0840 PxHelp20 - ok
09:44:49.0546 0840 ql1080 - ok
09:44:49.0546 0840 Ql10wnt - ok
09:44:49.0546 0840 ql12160 - ok
09:44:49.0562 0840 ql1240 - ok
09:44:49.0562 0840 ql1280 - ok
09:44:49.0578 0840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:44:49.0593 0840 RasAcd - ok
09:44:49.0625 0840 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:44:49.0625 0840 RasAuto - ok
09:44:49.0640 0840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:44:49.0671 0840 Rasl2tp - ok
09:44:49.0687 0840 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:44:49.0687 0840 RasMan - ok
09:44:49.0687 0840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:44:49.0718 0840 RasPppoe - ok
09:44:49.0718 0840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:44:49.0734 0840 Raspti - ok
09:44:49.0750 0840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:44:49.0750 0840 Rdbss - ok
09:44:49.0765 0840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:44:49.0781 0840 RDPCDD - ok
09:44:49.0796 0840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:44:49.0812 0840 rdpdr - ok
09:44:49.0843 0840 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
09:44:49.0875 0840 RDPWD - ok
09:44:49.0906 0840 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:44:49.0906 0840 RDSessMgr - ok
09:44:49.0937 0840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:44:49.0953 0840 redbook - ok
09:44:49.0968 0840 regi (c1e596e42e77f94d5c1c18fd9b2b3274) C:\WINDOWS\system32\drivers\regi.sys
09:44:49.0984 0840 regi - ok
09:44:49.0984 0840 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:44:49.0984 0840 RemoteAccess - ok
09:44:50.0000 0840 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:44:50.0000 0840 RemoteRegistry - ok
09:44:50.0015 0840 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
09:44:50.0046 0840 RFCOMM - ok
09:44:50.0109 0840 RoxioNow Service (6bfc6c564e75b1ccaa3d24342dc77c13) C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
09:44:50.0125 0840 RoxioNow Service - ok
09:44:50.0140 0840 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:44:50.0140 0840 RpcLocator - ok
09:44:50.0203 0840 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
09:44:50.0203 0840 RpcSs - ok
09:44:50.0250 0840 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:44:50.0250 0840 RSVP - ok
09:44:50.0250 0840 rt2870 - ok
09:44:50.0250 0840 RT80x86 - ok
09:44:50.0250 0840 RTL8192su - ok
09:44:50.0296 0840 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:44:50.0296 0840 SamSs - ok
09:44:50.0296 0840 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:44:50.0312 0840 SCardSvr - ok
09:44:50.0328 0840 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:44:50.0328 0840 Schedule - ok
09:44:50.0343 0840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:44:50.0375 0840 Secdrv - ok
09:44:50.0375 0840 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:44:50.0375 0840 seclogon - ok
09:44:50.0390 0840 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:44:50.0390 0840 SENS - ok
09:44:50.0437 0840 Ser2pl (b4664c1ee39a5b7fc112f4077f8d21a5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
09:44:50.0437 0840 Ser2pl - ok
09:44:50.0437 0840 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:44:50.0453 0840 Serenum - ok
09:44:50.0484 0840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:44:50.0515 0840 Serial - ok
09:44:50.0531 0840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:44:50.0546 0840 Sfloppy - ok
09:44:50.0609 0840 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:44:50.0609 0840 SharedAccess - ok
09:44:50.0656 0840 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:44:50.0656 0840 ShellHWDetection - ok
09:44:50.0656 0840 Simbad - ok
09:44:50.0781 0840 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
09:44:50.0796 0840 SkypeUpdate - ok
09:44:50.0843 0840 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:44:50.0859 0840 SLIP - ok
09:44:50.0890 0840 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
09:44:50.0890 0840 SmartDefragDriver - ok
09:44:50.0906 0840 SockHook (1414b82019d4c9e7de9981c4971c3438) C:\WINDOWS\system32\drivers\SOCKHOOK.SYS
09:44:50.0906 0840 SockHook - ok
09:44:50.0921 0840 Sparrow - ok
09:44:50.0937 0840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:44:50.0953 0840 splitter - ok
09:44:50.0984 0840 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:44:50.0984 0840 Spooler - ok
09:44:51.0062 0840 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:44:51.0062 0840 SQLBrowser - ok
09:44:51.0078 0840 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:44:51.0078 0840 SQLWriter - ok
09:44:51.0093 0840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:44:51.0093 0840 sr - ok
09:44:51.0109 0840 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:44:51.0125 0840 srservice - ok
09:44:51.0156 0840 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:44:51.0156 0840 Srv - ok
09:44:51.0187 0840 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:44:51.0187 0840 SSDPSRV - ok
09:44:51.0218 0840 SSLDrv (a7a577c32309fe723fa2ef927464ec6f) C:\WINDOWS\system32\DRIVERS\SSLDrv.sys
09:44:51.0234 0840 SSLDrv - ok
09:44:51.0281 0840 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
09:44:51.0281 0840 STHDA - ok
09:44:51.0328 0840 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:44:51.0343 0840 stisvc - ok
09:44:51.0359 0840 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:44:51.0375 0840 streamip - ok
09:44:51.0390 0840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:44:51.0406 0840 swenum - ok
09:44:51.0421 0840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:44:51.0453 0840 swmidi - ok
09:44:51.0453 0840 SwPrv - ok
09:44:51.0468 0840 symc810 - ok
09:44:51.0468 0840 symc8xx - ok
09:44:51.0468 0840 sym_hi - ok
09:44:51.0484 0840 sym_u3 - ok
09:44:51.0500 0840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:44:51.0500 0840 sysaudio - ok
09:44:51.0500 0840 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:44:51.0515 0840 SysmonLog - ok
09:44:51.0531 0840 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:44:51.0531 0840 TapiSrv - ok
09:44:51.0578 0840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:44:51.0578 0840 Tcpip - ok
09:44:51.0593 0840 TdiPbk (84be1808e93519e0bed43d8ab1dc5bec) C:\WINDOWS\system32\Drivers\TdiPbk.SYS
09:44:51.0593 0840 TdiPbk - ok
09:44:51.0609 0840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:44:51.0625 0840 TDPIPE - ok
09:44:51.0625 0840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:44:51.0656 0840 TDTCP - ok
09:44:51.0671 0840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:44:51.0718 0840 TermDD - ok
09:44:51.0734 0840 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:44:51.0750 0840 TermService - ok
09:44:51.0781 0840 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:44:51.0781 0840 Themes - ok
09:44:51.0796 0840 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:44:51.0796 0840 TlntSvr - ok
09:44:51.0875 0840 TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
09:44:51.0890 0840 TomTomHOMEService - ok
09:44:51.0890 0840 TosIde - ok
09:44:51.0890 0840 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:44:51.0906 0840 TrkWks - ok
09:44:51.0937 0840 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
09:44:51.0953 0840 tunmp - ok
09:44:51.0968 0840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:44:51.0984 0840 Udfs - ok
09:44:52.0015 0840 UltiDev Cassini Web Server for ASP.NET 2.0 (bee8c1f7838a1d69d5e5a36a3efbd722) C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
09:44:52.0015 0840 UltiDev Cassini Web Server for ASP.NET 2.0 - ok
09:44:52.0015 0840 ultra - ok
09:44:52.0078 0840 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
09:44:52.0078 0840 UMVPFSrv - ok
09:44:52.0093 0840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:44:52.0140 0840 Update - ok
09:44:52.0156 0840 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:44:52.0156 0840 upnphost - ok
09:44:52.0156 0840 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:44:52.0156 0840 UPS - ok
09:44:52.0203 0840 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:44:52.0218 0840 USBAAPL - ok
09:44:52.0250 0840 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:44:52.0265 0840 usbaudio - ok
09:44:52.0265 0840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:44:52.0296 0840 usbccgp - ok
09:44:52.0328 0840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:44:52.0343 0840 usbehci - ok
09:44:52.0359 0840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:44:52.0375 0840 usbhub - ok
09:44:52.0375 0840 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:44:52.0390 0840 usbprint - ok
09:44:52.0421 0840 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:44:52.0453 0840 usbscan - ok
09:44:52.0453 0840 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:44:52.0484 0840 USBSTOR - ok
09:44:52.0515 0840 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:44:52.0531 0840 usbuhci - ok
09:44:52.0562 0840 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:44:52.0578 0840 usbvideo - ok
09:44:52.0593 0840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:44:52.0609 0840 VgaSave - ok
09:44:52.0609 0840 ViaIde - ok
09:44:52.0625 0840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:44:52.0625 0840 VolSnap - ok
09:44:52.0640 0840 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:44:52.0640 0840 VSS - ok
09:44:52.0671 0840 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:44:52.0671 0840 W32Time - ok
09:44:52.0671 0840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:44:52.0703 0840 Wanarp - ok
09:44:52.0734 0840 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
09:44:52.0734 0840 wceusbsh - ok
09:44:52.0734 0840 WDICA - ok
09:44:52.0750 0840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:44:52.0796 0840 wdmaud - ok
09:44:52.0828 0840 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:44:52.0843 0840 WebClient - ok
09:44:52.0875 0840 WebGuideTranscode (6be87e1bb2c8837ae587dab781ee4895) C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
09:44:52.0890 0840 WebGuideTranscode - ok
09:44:52.0937 0840 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:44:52.0953 0840 winachsf - ok
09:44:53.0015 0840 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:44:53.0031 0840 winmgmt - ok
09:44:53.0093 0840 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
09:44:53.0125 0840 WinRM - ok
09:44:53.0234 0840 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:44:53.0234 0840 wlidsvc - ok
09:44:53.0296 0840 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
09:44:53.0296 0840 WmdmPmSN - ok
09:44:53.0359 0840 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:44:53.0375 0840 Wmi - ok
09:44:53.0406 0840 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:44:53.0406 0840 WmiApSrv - ok
09:44:53.0515 0840 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:44:53.0531 0840 WMPNetworkSvc - ok
09:44:53.0562 0840 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:44:53.0578 0840 WpdUsb - ok
09:44:53.0687 0840 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:44:53.0703 0840 WPFFontCache_v0400 - ok
09:44:53.0765 0840 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:44:53.0781 0840 WS2IFSL - ok
09:44:53.0812 0840 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:44:53.0812 0840 wscsvc - ok
09:44:53.0843 0840 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
09:44:53.0875 0840 WSIMD - ok
09:44:53.0906 0840 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:44:53.0921 0840 WSTCODEC - ok
09:44:53.0953 0840 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:44:53.0953 0840 wuauserv - ok
09:44:53.0984 0840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:44:53.0984 0840 WudfPf - ok
09:44:54.0015 0840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:44:54.0015 0840 WudfRd - ok
09:44:54.0031 0840 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:44:54.0046 0840 WudfSvc - ok
09:44:54.0093 0840 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:44:54.0109 0840 WZCSVC - ok
09:44:54.0125 0840 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:44:54.0125 0840 xmlprov - ok
09:44:54.0156 0840 MBR (0x1B8) (87d88fa4d3efd4431866ea91949644bf) \Device\Harddisk0\DR0
09:44:54.0171 0840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
09:44:54.0171 0840 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
09:44:54.0171 0840 Boot (0x1200) (b17574f46cdda63b40b8c447de715daf) \Device\Harddisk0\DR0\Partition0
09:44:54.0187 0840 \Device\Harddisk0\DR0\Partition0 - ok
09:44:54.0187 0840 ============================================================
09:44:54.0187 0840 Scan finished
09:44:54.0187 0840 ============================================================
09:44:54.0187 8072 Detected object count: 1
09:44:54.0187 8072 Actual detected object count: 1
09:46:04.0625 8072 \Device\Harddisk0\DR0\# - copied to quarantine
09:46:04.0625 8072 \Device\Harddisk0\DR0 - copied to quarantine
09:46:04.0640 8072 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot
09:46:04.0640 8072 \Device\Harddisk0\DR0 - ok
09:46:04.0640 8072 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
09:46:12.0875 8180 Deinitialize success
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Cleveland's at 9:49:43 on 2012-06-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2311 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\MediaMall\MediaMallServer.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\SkypeUSBPhoneDriver\Skype@phone.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
C:\Documents and Settings\Cleveland's\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\chrome_frame_helper.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\Program Files\Microsoft Silverlight\5.1.10411.0\agcp.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ChromeFrameHelper] "c:\documents and settings\cleveland's\local settings\application data\google\chrome\application\19.0.1084.56\chrome_frame_helper.exe" --startup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [sigmatelSysTrayApp] stsystra.exe
mRun: [skype@phone] c:\program files\skypeusbphonedriver\Skype@phone.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgear wn111 smart wizard.lnk - c:\program files\netgear\wn111\wn111.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11\REFIEBAR.DLL
Trusted Zone: cinemanow.com
Trusted Zone: cnet.com\download
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.vmeprocess.com/NELX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{97A05BB9-35CE-4553-B5B4-7AA5552180BA} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\documents and settings\cleveland's\local settings\application data\google\chrome\application\19.0.1084.56\npchrome_frame.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cleveland's\application data\mozilla\firefox\profiles\coh6frck.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\cleveland's\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\cleveland's\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\cleveland's\application data\mozilla\firefox\profiles\coh6frck.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npRNowPlugin.dll
FF - plugin: c:\documents and settings\cleveland's\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\microsoft office\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\microsoft office\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-10-16 40560]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-17 13496]
R0 SockHook;SockHook;c:\windows\system32\drivers\SOCKHOOK.SYS [2009-7-26 15000]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-1-1 913792]
R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-6-4 54760]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-28 654408]
R2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2012-4-12 2976632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-7-5 10680]
R2 RoxioNow Service;RoxioNow Service;c:\program files\roxio\roxionow player\RNowSvc.exe [2011-8-2 400368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\ultidev\cassini web server for asp.net 2.0\UltiDevCassinWebServer2a.exe [2007-2-8 49152]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R2 WebGuideTranscode;WebGuideTranscode;c:\program files\webguide\webguide4\bin\WebGuideTranscodeService.exe [2007-2-20 40960]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-3-22 100368]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2009-4-20 2944]
R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-4-20 60416]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2009-4-20 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2009-4-20 10368]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2012-1-18 22176]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-28 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-8-21 374152]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2012-1-19 25832]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 jswpsapi;Jumpstart Wifi Protected Setup; [x]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys --> c:\windows\system32\drivers\RT2860.sys [?]
S3 RTL8192su;RNX-N2LX Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys --> c:\windows\system32\drivers\RTL8192su.sys [?]
S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2008-8-6 20504]
S3 TdiPbk;TdiPbk;c:\windows\system32\drivers\TdiPbk.SYS [2009-7-26 24328]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-30 14:46:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 05:17:02 -------- d-----w- c:\program files\PlayReady
2012-06-22 01:05:25 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-22 01:05:25 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-13 23:47:56 -------- d-----w- c:\documents and settings\cleveland's\Applications
2012-06-13 12:43:05 -------- d-----w- c:\documents and settings\cleveland's\Librarys
2012-06-13 06:30:54 -------- d-----w- c:\windows\system32\URTTEMP
2012-06-13 01:15:55 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-07 15:50:55 -------- d-----w- c:\program files\HP Photo Creations
2012-06-07 15:50:55 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations
2012-06-07 15:50:41 -------- d-----w- c:\documents and settings\cleveland's\application data\HpUpdate
2012-06-07 15:50:12 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll
2012-06-07 15:50:09 264552 ----a-w- c:\windows\system32\hpinksts8911LM.dll
2012-06-07 15:50:08 232296 ----a-w- c:\windows\system32\hpinksts8911.dll
2012-06-07 15:50:08 213352 ----a-w- c:\windows\system32\hpinkcoi8911.dll
2012-06-07 15:49:25 -------- d-----w- c:\program files\HP
2012-06-07 15:48:53 -------- d-----w- c:\documents and settings\cleveland's\local settings\application data\HP
2012-06-05 04:43:39 -------- d-----w- c:\documents and settings\cleveland's\Tracing
2012-06-05 04:25:12 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2012-06-05 04:21:43 -------- d-----w- c:\program files\Microsoft
2012-06-05 04:21:31 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-06-05 04:16:55 484632 ----a-w- c:\program files\common files\windows live\.cache\a73ae721cd42d2\DXSETUP.exe
2012-06-05 04:16:54 74520 ----a-w- c:\program files\common files\windows live\.cache\a73ae721cd42d2\DSETUP.dll
2012-06-05 04:16:54 1670936 ----a-w- c:\program files\common files\windows live\.cache\a73ae721cd42d2\dsetup32.dll
2012-06-05 04:16:27 1013800 ----a-w- c:\program files\common files\windows live\.cache\fa2034281cd42d1\WindowsXP-KB954708-x86-ENU.exe
.
==================== Find3M ====================
.
2012-06-28 18:33:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-28 18:33:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:19:37 599552 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 21:18:40 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-05-24 15:48:10 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 18:28:05 371272 ----a-w- c:\program files\Skype.lnk
2011-12-13 01:18:12 69341552 ----a-w- c:\program files\iTunesSetup.exe
2011-06-21 02:41:02 20398464 ----a-w- c:\program files\TomTomHOME2winlatest.exe
2009-10-31 17:36:16 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2009-06-17 12:11:49 4909440 ----a-w- c:\program files\Silverlight.2.0.exe
2009-06-16 16:38:52 1988392 ----a-w- c:\program files\SkypeSetup-Beta.exe
2009-05-09 04:45:29 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe
.
============= FINISH: 9:53:39.64 ===============
-
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Cleveland's at 20:02:19 on 2012-06-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2016 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
"C:\WINDOWS\system32\svchost.exe"
"C:\WINDOWS\system32\svchost.exe"
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\MediaMall\MediaMallServer.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\SkypeUSBPhoneDriver\Skype@phone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
C:\Documents and Settings\Cleveland's\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\chrome_frame_helper.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\CLEVEL~1\LOCALS~1\Temp\SkypeSetup.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ChromeFrameHelper] "c:\documents and settings\cleveland's\local settings\application data\google\chrome\application\19.0.1084.56\chrome_frame_helper.exe" --startup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [sigmatelSysTrayApp] stsystra.exe
mRun: [skype@phone] c:\program files\skypeusbphonedriver\Skype@phone.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgear wn111 smart wizard.lnk - c:\program files\netgear\wn111\wn111.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11\REFIEBAR.DLL
Trusted Zone: cinemanow.com
Trusted Zone: cnet.com\download
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.vmeprocess.com/NELX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{97A05BB9-35CE-4553-B5B4-7AA5552180BA} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\documents and settings\cleveland's\local settings\application data\google\chrome\application\19.0.1084.56\npchrome_frame.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cleveland's\application data\mozilla\firefox\profiles\coh6frck.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\cleveland's\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\cleveland's\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\cleveland's\application data\mozilla\firefox\profiles\coh6frck.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npRNowPlugin.dll
FF - plugin: c:\documents and settings\cleveland's\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\microsoft office\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\microsoft office\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-10-16 40560]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-17 13496]
R0 SockHook;SockHook;c:\windows\system32\drivers\SOCKHOOK.SYS [2009-7-26 15000]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-1-1 913792]
R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-6-4 54760]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-28 654408]
R2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2012-4-12 2976632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-7-5 10680]
R2 RoxioNow Service;RoxioNow Service;c:\program files\roxio\roxionow player\RNowSvc.exe [2011-8-2 400368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\ultidev\cassini web server for asp.net 2.0\UltiDevCassinWebServer2a.exe [2007-2-8 49152]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R2 WebGuideTranscode;WebGuideTranscode;c:\program files\webguide\webguide4\bin\WebGuideTranscodeService.exe [2007-2-20 40960]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-3-22 100368]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2009-4-20 2944]
R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-4-20 60416]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2009-4-20 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2009-4-20 10368]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2012-1-18 22176]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-28 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-8-21 374152]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2012-1-19 25832]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 jswpsapi;Jumpstart Wifi Protected Setup; [x]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys --> c:\windows\system32\drivers\RT2860.sys [?]
S3 RTL8192su;RNX-N2LX Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys --> c:\windows\system32\drivers\RTL8192su.sys [?]
S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2008-8-6 20504]
S3 TdiPbk;TdiPbk;c:\windows\system32\drivers\TdiPbk.SYS [2009-7-26 24328]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-25 05:17:02 -------- d-----w- c:\program files\PlayReady
2012-06-22 01:05:25 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-22 01:05:25 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-13 23:47:56 -------- d-----w- c:\documents and settings\cleveland's\Applications
2012-06-13 12:43:05 -------- d-----w- c:\documents and settings\cleveland's\Librarys
2012-06-13 06:30:54 -------- d-----w- c:\windows\system32\URTTEMP
2012-06-13 01:15:55 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-07 15:50:55 -------- d-----w- c:\program files\HP Photo Creations
2012-06-07 15:50:55 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations
2012-06-07 15:50:41 -------- d-----w- c:\documents and settings\cleveland's\application data\HpUpdate
2012-06-07 15:50:12 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll
2012-06-07 15:50:09 264552 ----a-w- c:\windows\system32\hpinksts8911LM.dll
2012-06-07 15:50:08 232296 ----a-w- c:\windows\system32\hpinksts8911.dll
2012-06-07 15:50:08 213352 ----a-w- c:\windows\system32\hpinkcoi8911.dll
2012-06-07 15:49:25 -------- d-----w- c:\program files\HP
2012-06-07 15:48:53 -------- d-----w- c:\documents and settings\cleveland's\local settings\application data\HP
2012-06-05 04:43:39 -------- d-----w- c:\documents and settings\cleveland's\Tracing
2012-06-05 04:25:12 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2012-06-05 04:21:43 -------- d-----w- c:\program files\Microsoft
2012-06-05 04:21:31 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-06-05 04:16:55 484632 ----a-w- c:\program files\common files\windows live\.cache\a73ae721cd42d2\DXSETUP.exe
2012-06-05 04:16:54 74520 ----a-w- c:\program files\common files\windows live\.cache\a73ae721cd42d2\DSETUP.dll
2012-06-05 04:16:54 1670936 ----a-w- c:\program files\common files\windows live\.cache\a73ae721cd42d2\dsetup32.dll
2012-06-05 04:16:27 1013800 ----a-w- c:\program files\common files\windows live\.cache\fa2034281cd42d1\WindowsXP-KB954708-x86-ENU.exe
.
==================== Find3M ====================
.
2012-06-28 18:33:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-28 18:33:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:19:37 599552 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 21:18:40 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-05-24 15:48:10 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 18:28:05 371272 ----a-w- c:\program files\Skype.lnk
2011-12-13 01:18:12 69341552 ----a-w- c:\program files\iTunesSetup.exe
2011-06-21 02:41:02 20398464 ----a-w- c:\program files\TomTomHOME2winlatest.exe
2009-10-31 17:36:16 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2009-06-17 12:11:49 4909440 ----a-w- c:\program files\Silverlight.2.0.exe
2009-06-16 16:38:52 1988392 ----a-w- c:\program files\SkypeSetup-Beta.exe
2009-05-09 04:45:29 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A3D6A2E]<<
_asm { MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; MOV EAX, [EBX+0x60]; PUSH ESI; MOV ESI, [EBP+0x8]; CMP ESI, [0x8a3d9180]; JZ 0x25; PUSH EBX; PUSH ESI; CALL [0x8a3d9178]; }
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8AEBFAB8]
\Driver\Disk[0x8AEC1938] -> IRP_MJ_READ -> 0x8A3D6A2E
kernel: MBR read successfully
_asm { XOR EAX, EAX; NOP ; MOV DS, AX; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; CLD ; MOV SI, 0x7c00; MOV DI, 0x600; NOP ; MOV CX, 0x80; NOP ; REP MOVSD ; NOP ; JMP FAR 0x0:0x624; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A3D70AE
\Driver\atapi -> 0x8a3d6f76
IoDeviceObjectType -> ParseProcedure -> 0x8a3d620e
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x8a3d620e
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 20:06:16.76 ===============
-
Unfortunately I have deleted the logs before June 1 for Nod 32. I have included below the logs since June 1.
Malwarebytes log
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.06.29.10
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Cleveland's :: BEDROOM [limited]
Protection: Enabled
6/29/2012 3:25:31 PM
mbam-log-2012-06-29 (15-25-31).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 800266
Time elapsed: 3 hour(s), 59 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\System Volume Information\_restore{C5B3AA7B-FB53-4FF2-9C76-1B3F928336FC}\RP1446\A0323903.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5B3AA7B-FB53-4FF2-9C76-1B3F928336FC}\RP1446\A0323906.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
(end)
Nod32
6/24/2012 12:09:51 AM HTTP filter file http://version.etype.com/AM/Somoto/eTypeSetupSSP.exe a variant of Win32/Somoto.A potentially unwanted application NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
6/22/2012 12:32:01 AM Real-time file system protection file C:\Documents and Settings\Cleveland's\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aakpnmmolajegnhokanpkejhigpchdfj\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined BEDROOM\Cleveland's Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
6/22/2012 12:32:01 AM Real-time file system protection file C:\Documents and Settings\Cleveland's\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgbdhgfdddddcgfdcgddadegedcdf\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined BEDROOM\Cleveland's Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
6/22/2012 12:32:01 AM Real-time file system protection file C:\Documents and Settings\Cleveland's\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgbdhgfdddddcgfdcgddadegedcdf\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined BEDROOM\Cleveland's Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
6/7/2012 2:13:51 PM HTTP filter file http://servpadex.com/media/delivery/enginer/721/pres/i/asv.php?n=1783av31&cb=1322212&campaignid=1414374 JS/Kryptik.PF trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
6/4/2012 10:11:46 PM HTTP filter file http://ad.manageincrease.com/imp/4/ser.php?ad=iframe&camp=8473920 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
6/4/2012 9:16:25 PM Real-time file system protection file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZM4RVIZ6\imp[1].htm JS/Iframe.EA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe.
6/4/2012 9:16:23 PM HTTP filter file http://ad.manageincrease.com/imp/imp.php?ad=iframe&camp=8473923 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
6/4/2012 9:16:23 PM HTTP filter file http://ad.helprotectist.com/imp/2/ser.php?ad=iframe&camp=8473914 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
6/4/2012 9:12:10 PM HTTP filter file http://ad.helprotectist.com/imp/4/ser.php?ad=iframe&camp=8473910 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
6/4/2012 9:12:05 PM Real-time file system protection file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FE7ICNAA\ser[1].htm JS/Iframe.EA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe.
6/4/2012 9:12:04 PM Real-time file system protection file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ETI120AM\ser[1].htm JS/Iframe.EA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe.
6/4/2012 9:12:01 PM HTTP filter file http://ad.experigster.com/imp/2/ser.php?ad=iframe&camp=8473919 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
6/4/2012 9:12:01 PM HTTP filter file http://ad.experigster.com/imp/imp.php?ad=iframe&camp=8473918 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
6/4/2012 8:24:26 PM Real-time file system protection file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ETI120AM\imp[2].htm JS/Iframe.EA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe.
6/4/2012 8:24:24 PM HTTP filter file http://ad.manageincrease.com/imp/imp.php?ad=iframe&camp=8473923 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
6/4/2012 8:15:46 PM HTTP filter file http://ad.helprotectist.com/imp/4/ser.php?ad=iframe&camp=8473910 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
6/4/2012 8:15:45 PM HTTP filter file http://ad.helprotectist.com/imp/4/ser.php?ad=iframe&camp=8473910 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
6/1/2012 12:46:49 AM Real-time file system protection file C:\WINDOWS\TEMP\74FF.tmp Win32/Olmarik.AWO trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\spoolsv.exe.
-
Hello,
Nod32 found Exploit.drop.9 and indicated it was removed. But the chrome browser is affected off and on. Also Nod32 indicates randomly that it has found in again and removes. I am also getting randowm sounds of ads playing in the background. I found exploit.drop.9 on two of my computers. The other seems to be ok, but this one still has random problems.
Exploit.drop.9 problems with chrome, Random add soundtracks
in Resolved Malware Removal Logs
Posted
Thanks, sent a little appreciation.