Jump to content

Texasheli1

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Texasheli1
    Thanks, sent a little appreciation.
  2. Texasheli1
    Machine seems to operate better and the redirect issues have gone.
  3. Texasheli1
    Done
  4. Texasheli1
    Status: Deleted (events: 12) 7/4/2012 6:43:56 AM Deleted Trojan program Trojan.Win32.Agent.smnt C:\System Volume Information\_restore{C5B3AA7B-FB53-4FF2-9C76-1B3F928336FC}\RP1443\A0320926.exe High 7/4/2012 6:44:09 AM Deleted Trojan program Rootkit.Boot.Wistler.a C:\TDSSKiller_Quarantine\30.06.2012_09.44.32\mbr0000\mbr0000\tsk0000.dta High 7/4/2012 6:44:08 AM Deleted Trojan program Rootkit.Boot.Wistler.a C:\TDSSKiller_Quarantine\30.06.2012_09.44.32\mbr0000\mbr0000\tsk0001.dta High 7/4/2012 6:44:08 AM Deleted Trojan program Rootkit.Boot.Wistler.a C:\TDSSKiller_Quarantine\30.06.2012_09.44.32\mbr0000\mbr0000\tsk0001.dta//mbr High 7/4/2012 7:06:22 AM Deleted Trojan program Trojan.Win32.Swisyn.clmh C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\25\4bf87e99-31c90614 High 7/4/2012 7:06:22 AM Deleted Trojan program Trojan.Win32.Swisyn.clmh C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\25\4bf87e99-31c90614//PE-Crypt.XorPE High 7/4/2012 7:06:32 AM Deleted Trojan program Packed.Win32.Black.d C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-70e90ef5 High 7/4/2012 7:06:32 AM Deleted Trojan program Packed.Win32.Black.d C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-70e90ef5//PE-Crypt.XorPE High 7/4/2012 7:06:32 AM Deleted Trojan program Packed.Win32.Black.d C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-70e90ef5//PE-Crypt.XorPE//PE_Patch High 7/4/2012 7:06:32 AM Deleted Trojan program Packed.Win32.Black.d C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-70e90ef5//PE-Crypt.XorPE//PE_Patch//ASProtect14 High 7/4/2012 7:06:35 AM Deleted Trojan program Trojan.Win32.Agent.smnt C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\55\6a462177-31e5a45f High 7/4/2012 7:06:35 AM Deleted Trojan program Trojan.Win32.Agent.smnt C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\55\6a462177-31e5a45f//PE-Crypt.XorPE High
  5. Texasheli1
    ComboFix 12-07-01.04 - Cleveland's 07/01/2012 20:57:19.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2465 [GMT -5:00] Running from: c:\documents and settings\Cleveland's\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Cleveland's\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . FILE :: "c:\windows\TEMP\RESE.tmp" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\EventSystem.log . . ((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 ))))))))))))))))))))))))))))))) . . 2012-06-30 14:46 . 2012-06-30 14:46 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-25 05:17 . 2012-06-25 05:17 -------- d-----w- c:\program files\PlayReady 2012-06-22 01:07 . 2012-06-22 01:07 -------- d-----w- c:\program files\Common Files\Skype 2012-06-22 01:05 . 2012-06-22 01:05 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-22 01:05 . 2012-06-22 01:05 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-15 04:22 . 2012-06-15 04:22 -------- d-----w- c:\windows\system32\config\systemprofile\Applications 2012-06-13 23:47 . 2012-06-13 23:47 -------- d-----w- c:\documents and settings\Cleveland's\Applications 2012-06-13 12:43 . 2012-07-01 20:04 -------- d-----w- c:\documents and settings\Cleveland's\Librarys 2012-06-13 06:34 . 2012-07-01 20:04 -------- d-----w- c:\windows\system32\config\systemprofile\Librarys 2012-06-13 06:30 . 2012-06-13 06:30 -------- d-----w- c:\windows\system32\URTTEMP 2012-06-13 01:15 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-07 15:50 . 2012-06-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations 2012-06-07 15:50 . 2012-06-07 15:50 -------- d-----w- c:\program files\HP Photo Creations 2012-06-07 15:50 . 2012-06-07 15:50 -------- d-----w- c:\documents and settings\Cleveland's\Application Data\HpUpdate 2012-06-07 15:50 . 2010-06-14 20:19 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll 2012-06-07 15:50 . 2010-06-14 20:19 264552 ----a-w- c:\windows\system32\hpinksts8911LM.dll 2012-06-07 15:50 . 2010-06-14 20:19 232296 ----a-w- c:\windows\system32\hpinksts8911.dll 2012-06-07 15:50 . 2010-06-14 20:19 213352 ----a-w- c:\windows\system32\hpinkcoi8911.dll 2012-06-07 15:49 . 2012-06-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2012-06-07 15:49 . 2012-06-07 15:50 -------- d-----w- c:\program files\HP 2012-06-07 15:48 . 2012-06-07 15:48 -------- d-----w- c:\documents and settings\Cleveland's\Local Settings\Application Data\HP 2012-06-05 04:43 . 2012-07-01 01:58 -------- d-----w- c:\documents and settings\Cleveland's\Tracing 2012-06-05 04:25 . 2010-04-28 12:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2012-06-05 04:21 . 2012-06-06 02:47 -------- d-----w- c:\program files\Microsoft 2012-06-05 04:21 . 2012-06-05 04:21 -------- d-----w- c:\program files\Windows Live SkyDrive 2012-06-05 04:21 . 2012-06-05 04:25 -------- d-----w- c:\program files\Windows Live 2012-06-05 04:16 . 2008-06-17 21:13 484632 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\DXSETUP.exe 2012-06-05 04:16 . 2008-06-17 21:13 74520 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\DSETUP.dll 2012-06-05 04:16 . 2008-06-17 21:13 1670936 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\dsetup32.dll 2012-06-05 04:16 . 2008-07-11 09:50 1013800 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa2034281cd42d1\WindowsXP-KB954708-x86-ENU.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-28 18:33 . 2012-05-09 04:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-28 18:33 . 2011-07-19 04:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 20:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19 . 2009-04-18 03:39 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 20:19 . 2009-04-18 03:39 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 20:19 . 2009-04-18 03:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19 . 2009-04-18 03:39 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 20:19 . 2009-04-18 03:39 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 20:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 20:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:19 . 2009-04-18 03:39 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 20:19 . 2009-04-18 03:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 20:18 . 2009-06-17 21:46 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:18 . 2009-06-17 21:46 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18 . 2009-06-17 21:46 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:19 . 2004-08-10 11:00 599552 ----a-w- c:\windows\system32\crypt32.dll 2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\system32\GPhotos.scr 2012-05-24 15:48 . 2012-01-01 16:00 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20 . 2004-08-10 11:00 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2009-04-18 03:35 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-13 07:36 . 2012-05-14 12:07 6734704 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C669D62-418E-4F9A-93B6-3D8DC7CAED6F}\mpengine.dll 2012-04-04 20:56 . 2011-08-29 04:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-16 18:28 . 2012-01-16 18:28 371272 ----a-w- c:\program files\Skype.lnk 2011-12-13 01:18 . 2011-12-13 01:12 69341552 ----a-w- c:\program files\iTunesSetup.exe 2011-06-21 02:41 . 2011-06-21 02:36 20398464 ----a-w- c:\program files\TomTomHOME2winlatest.exe 2009-10-31 17:36 . 2009-10-31 17:34 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe 2009-06-17 12:11 . 2009-06-17 12:10 4909440 ----a-w- c:\program files\Silverlight.2.0.exe 2009-06-16 16:38 . 2009-06-16 16:38 1988392 ----a-w- c:\program files\SkypeSetup-Beta.exe 2009-05-09 04:45 . 2009-05-09 04:42 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe 2012-06-22 01:05 . 2012-01-11 00:37 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128] "ChromeFrameHelper"="c:\documents and settings\Cleveland's\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\chrome_frame_helper.exe" [2012-06-28 96792] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "Skype@phone"="c:\program files\SkypeUSBPhoneDriver\Skype@phone.exe" [2006-01-05 843776] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 98304] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ NETGEAR WN111 Smart Wizard.lnk - c:\program files\NETGEAR\WN111\wn111.exe [2008-4-1 2121728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-01-16 23:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioNowMediaManagerApp] 2011-08-03 02:37 2785776 ----a-w- c:\program files\Roxio\RoxioNow Player\RNowShell.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\mektek.net\\MTX\\mtx.exe"= "c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher2.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcherx.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatchery.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\SEGA\\Iron Man\\IronMan.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum goty\\Binaries\\ShippingPC-BmGame.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\hitman blood money\\HitmanBloodMoney.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\hitman blood money\\configure.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum goty\\Binaries\\BmLauncher.exe"= "c:\\Program Files\\Roxio\\RoxioNow Player\\RNowShell.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\EACoreServer.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"= "c:\\Program Files\\MediaMall\\MediaMallServer.exe"= "c:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "1542:TCP"= 1542:TCP:Realtek WPS TCP Prot "1542:UDP"= 1542:UDP:Realtek WPS UDP Prot "53:UDP"= 53:UDP:Realtek AP UDP Prot "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) . R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [10/16/2009 9:35 PM 40560] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7/17/2011 10:09 PM 13496] R0 SockHook;SockHook;c:\windows\system32\drivers\SOCKHOOK.SYS [7/26/2009 10:58 PM 15000] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [1/1/2012 10:28 AM 913792] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/28/2011 11:57 PM 654408] R2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [4/12/2012 2:32 AM 2976632] R2 regi;regi;c:\windows\system32\drivers\regi.sys [7/5/2010 5:53 PM 10680] R2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [8/2/2011 9:37 PM 400368] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592] R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2/8/2007 1:06 AM 49152] R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [1/18/2012 6:44 AM 450848] R2 WebGuideTranscode;WebGuideTranscode;c:\program files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe [2/20/2007 12:37 PM 40960] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [3/22/2012 10:32 PM 100368] R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [4/20/2009 6:55 PM 2944] R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [4/20/2009 6:55 PM 60416] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [4/20/2009 6:55 PM 11008] R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [4/20/2009 6:55 PM 10368] R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [1/18/2012 6:44 AM 22176] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 5:45 PM 57440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/28/2011 11:57 PM 22344] S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [8/21/2011 10:28 PM 374152] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/7/2012 7:12 PM 160944] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [1/19/2012 12:36 AM 25832] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149] S3 jswpsapi;Jumpstart Wifi Protected Setup; [x] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2012 11:11 PM 113120] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys --> c:\windows\system32\DRIVERS\RT2860.sys [?] S3 RTL8192su;RNX-N2LX Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys --> c:\windows\system32\DRIVERS\RTL8192su.sys [?] S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [8/6/2008 6:21 PM 20504] S3 TdiPbk;TdiPbk;c:\windows\system32\drivers\TdiPbk.SYS [7/26/2009 10:58 PM 24328] . Contents of the 'Scheduled Tasks' folder . 2012-07-01 c:\windows\Tasks\ASC5_AutoClean.job - c:\program files\IObit\Advanced SystemCare 5\AutoSweep.exe [2012-01-01 15:45] . 2012-07-01 c:\windows\Tasks\ASC5_AutoUpdate.job - c:\program files\IObit\Advanced SystemCare 5\AutoUpdate.exe [2012-01-01 23:33] . 2012-07-01 c:\windows\Tasks\At49.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07] . 2012-07-02 c:\windows\Tasks\At50.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07] . 2012-07-01 c:\windows\Tasks\At51.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07] . 2012-07-01 c:\windows\Tasks\At52.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07] . 2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-616249376-839522115-1003Core.job - c:\documents and settings\Cleveland's\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-26 02:18] . 2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-616249376-839522115-1003UA.job - c:\documents and settings\Cleveland's\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-26 02:18] . 2012-07-01 c:\windows\Tasks\SmartDefrag_Startup.job - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-07-18 01:19] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 Trusted Zone: cinemanow.com Trusted Zone: cnet.com\download Trusted Zone: roxio.com Trusted Zone: roxionow.com Trusted Zone: sonic.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Cleveland's\Application Data\Mozilla\Firefox\Profiles\coh6frck.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.urlbar.autoFill - false FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 FF - user.js: browser.urlbar.hideGoButton - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-01 21:06 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,57,92,bc,b9,b1,e7,46,bc,90,5e,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,57,92,bc,b9,b1,e7,46,bc,90,5e,\ . [HKEY_USERS\S-1-5-21-329068152-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A12F4AD9-8A8D-122C-3FB6-ED26529D8D7B}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-329068152-616249376-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7b,fc,78,d4,d6,e3,11,c9,50,ef,63,e0,27,7b,d5,86,0f,b6,9e,82,63,f0,35, a3,7f,65,8b,cc,8e,c7,5d,fc,cd,7f,2f,9f,89,4d,f1,02,78,a1,c8,c5,84,ec,50,e5,\ "??"=hex:16,18,32,b0,43,17,e3,d4,74,ee,5e,a6,73,d2,51,2d . [HKEY_USERS\S-1-5-21-329068152-616249376-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:b1,77,27,5e,5b,e2,c5,d0,e4,6e,54,59,a7,61,34,bb,88,3b,12,f3,a2, cf,80,0e,35,a4,22,f5,85,ad,d5,da,95,4d,72,29,83,c3,de,62,1b,dd,6e,a5,62,d3,\ "rkeysecu"=hex:48,63,b0,1e,44,30,43,b7,c3,1b,8c,fc,d3,86,b7,79 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1144) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Completion time: 2012-07-01 21:08:29 ComboFix-quarantined-files.txt 2012-07-02 02:08 ComboFix2.txt 2012-07-01 20:15 ComboFix3.txt 2012-05-04 02:31 . Pre-Run: 443,089,076,224 bytes free Post-Run: 443,082,637,312 bytes free . - - End Of File - - 4E1769E840118CC570EDF05EA873B883
  6. Texasheli1
    ComboFix 12-07-01.03 - Cleveland's 07/01/2012 14:53:19.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2408 [GMT -5:00] Running from: c:\documents and settings\Cleveland's\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\771CF41A4D.sys c:\documents and settings\Cleveland's\Librarys\wgesdwx c:\windows\system32\AegisI5Installer.exe c:\windows\system32\config\systemprofile\Librarys\wgesdwx . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\ERDNT\cache\services.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MSIRSTS . . ((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 ))))))))))))))))))))))))))))))) . . 2012-06-30 14:46 . 2012-06-30 14:46 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-25 05:17 . 2012-06-25 05:17 -------- d-----w- c:\program files\PlayReady 2012-06-22 01:07 . 2012-06-22 01:07 -------- d-----w- c:\program files\Common Files\Skype 2012-06-22 01:05 . 2012-06-22 01:05 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-22 01:05 . 2012-06-22 01:05 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-15 04:22 . 2012-06-15 04:22 -------- d-----w- c:\windows\system32\config\systemprofile\Applications 2012-06-13 23:47 . 2012-06-13 23:47 -------- d-----w- c:\documents and settings\Cleveland's\Applications 2012-06-13 12:43 . 2012-07-01 20:04 -------- d-----w- c:\documents and settings\Cleveland's\Librarys 2012-06-13 06:34 . 2012-07-01 20:04 -------- d-----w- c:\windows\system32\config\systemprofile\Librarys 2012-06-13 06:30 . 2012-06-13 06:30 -------- d-----w- c:\windows\system32\URTTEMP 2012-06-13 01:15 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-07 15:50 . 2012-06-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations 2012-06-07 15:50 . 2012-06-07 15:50 -------- d-----w- c:\program files\HP Photo Creations 2012-06-07 15:50 . 2012-06-07 15:50 -------- d-----w- c:\documents and settings\Cleveland's\Application Data\HpUpdate 2012-06-07 15:50 . 2010-06-14 20:19 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll 2012-06-07 15:50 . 2010-06-14 20:19 264552 ----a-w- c:\windows\system32\hpinksts8911LM.dll 2012-06-07 15:50 . 2010-06-14 20:19 232296 ----a-w- c:\windows\system32\hpinksts8911.dll 2012-06-07 15:50 . 2010-06-14 20:19 213352 ----a-w- c:\windows\system32\hpinkcoi8911.dll 2012-06-07 15:49 . 2012-06-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2012-06-07 15:49 . 2012-06-07 15:50 -------- d-----w- c:\program files\HP 2012-06-07 15:48 . 2012-06-07 15:48 -------- d-----w- c:\documents and settings\Cleveland's\Local Settings\Application Data\HP 2012-06-05 04:43 . 2012-07-01 01:58 -------- d-----w- c:\documents and settings\Cleveland's\Tracing 2012-06-05 04:25 . 2010-04-28 12:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2012-06-05 04:21 . 2012-06-06 02:47 -------- d-----w- c:\program files\Microsoft 2012-06-05 04:21 . 2012-06-05 04:21 -------- d-----w- c:\program files\Windows Live SkyDrive 2012-06-05 04:21 . 2012-06-05 04:25 -------- d-----w- c:\program files\Windows Live 2012-06-05 04:16 . 2008-06-17 21:13 484632 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\DXSETUP.exe 2012-06-05 04:16 . 2008-06-17 21:13 74520 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\DSETUP.dll 2012-06-05 04:16 . 2008-06-17 21:13 1670936 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\dsetup32.dll 2012-06-05 04:16 . 2008-07-11 09:50 1013800 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa2034281cd42d1\WindowsXP-KB954708-x86-ENU.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-28 18:33 . 2012-05-09 04:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-28 18:33 . 2011-07-19 04:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 20:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19 . 2009-04-18 03:39 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 20:19 . 2009-04-18 03:39 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 20:19 . 2009-04-18 03:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19 . 2009-04-18 03:39 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 20:19 . 2009-04-18 03:39 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 20:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 20:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:19 . 2009-04-18 03:39 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 20:19 . 2009-04-18 03:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 20:18 . 2009-06-17 21:46 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:18 . 2009-06-17 21:46 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18 . 2009-06-17 21:46 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:19 . 2004-08-10 11:00 599552 ----a-w- c:\windows\system32\crypt32.dll 2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\system32\GPhotos.scr 2012-05-24 15:48 . 2012-01-01 16:00 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20 . 2004-08-10 11:00 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2009-04-18 03:35 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-13 07:36 . 2012-05-14 12:07 6734704 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C669D62-418E-4F9A-93B6-3D8DC7CAED6F}\mpengine.dll 2012-04-04 20:56 . 2011-08-29 04:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-16 18:28 . 2012-01-16 18:28 371272 ----a-w- c:\program files\Skype.lnk 2011-12-13 01:18 . 2011-12-13 01:12 69341552 ----a-w- c:\program files\iTunesSetup.exe 2011-06-21 02:41 . 2011-06-21 02:36 20398464 ----a-w- c:\program files\TomTomHOME2winlatest.exe 2009-10-31 17:36 . 2009-10-31 17:34 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe 2009-06-17 12:11 . 2009-06-17 12:10 4909440 ----a-w- c:\program files\Silverlight.2.0.exe 2009-06-16 16:38 . 2009-06-16 16:38 1988392 ----a-w- c:\program files\SkypeSetup-Beta.exe 2009-05-09 04:45 . 2009-05-09 04:42 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe 2012-06-22 01:05 . 2012-01-11 00:37 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128] "ChromeFrameHelper"="c:\documents and settings\Cleveland's\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\chrome_frame_helper.exe" [2012-06-28 96792] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "Skype@phone"="c:\program files\SkypeUSBPhoneDriver\Skype@phone.exe" [2006-01-05 843776] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 98304] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ NETGEAR WN111 Smart Wizard.lnk - c:\program files\NETGEAR\WN111\wn111.exe [2008-4-1 2121728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-01-16 23:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioNowMediaManagerApp] 2011-08-03 02:37 2785776 ----a-w- c:\program files\Roxio\RoxioNow Player\RNowShell.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\mektek.net\\MTX\\mtx.exe"= "c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher2.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcherx.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatchery.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\SEGA\\Iron Man\\IronMan.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum goty\\Binaries\\ShippingPC-BmGame.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\hitman blood money\\HitmanBloodMoney.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\hitman blood money\\configure.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum goty\\Binaries\\BmLauncher.exe"= "c:\\Program Files\\Roxio\\RoxioNow Player\\RNowShell.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\EACoreServer.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"= "c:\\Program Files\\MediaMall\\MediaMallServer.exe"= "c:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "1542:TCP"= 1542:TCP:Realtek WPS TCP Prot "1542:UDP"= 1542:UDP:Realtek WPS UDP Prot "53:UDP"= 53:UDP:Realtek AP UDP Prot "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) . R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [10/16/2009 9:35 PM 40560] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7/17/2011 10:09 PM 13496] R0 SockHook;SockHook;c:\windows\system32\drivers\SOCKHOOK.SYS [7/26/2009 10:58 PM 15000] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [1/1/2012 10:28 AM 913792] R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/28/2011 11:57 PM 654408] R2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [4/12/2012 2:32 AM 2976632] R2 regi;regi;c:\windows\system32\drivers\regi.sys [7/5/2010 5:53 PM 10680] R2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [8/2/2011 9:37 PM 400368] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592] R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2/8/2007 1:06 AM 49152] R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [1/18/2012 6:44 AM 450848] R2 WebGuideTranscode;WebGuideTranscode;c:\program files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe [2/20/2007 12:37 PM 40960] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [3/22/2012 10:32 PM 100368] R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [4/20/2009 6:55 PM 2944] R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [4/20/2009 6:55 PM 60416] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [4/20/2009 6:55 PM 11008] R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [4/20/2009 6:55 PM 10368] R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [1/18/2012 6:44 AM 22176] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 5:45 PM 57440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/28/2011 11:57 PM 22344] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [8/21/2011 10:28 PM 374152] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/7/2012 7:12 PM 160944] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [1/19/2012 12:36 AM 25832] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149] S3 jswpsapi;Jumpstart Wifi Protected Setup; [x] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2012 11:11 PM 113120] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys --> c:\windows\system32\DRIVERS\RT2860.sys [?] S3 RTL8192su;RNX-N2LX Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys --> c:\windows\system32\DRIVERS\RTL8192su.sys [?] S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [8/6/2008 6:21 PM 20504] S3 TdiPbk;TdiPbk;c:\windows\system32\drivers\TdiPbk.SYS [7/26/2009 10:58 PM 24328] . Contents of the 'Scheduled Tasks' folder . 2012-07-01 c:\windows\Tasks\ASC5_AutoClean.job - c:\program files\IObit\Advanced SystemCare 5\AutoSweep.exe [2012-01-01 15:45] . 2012-06-30 c:\windows\Tasks\ASC5_AutoUpdate.job - c:\program files\IObit\Advanced SystemCare 5\AutoUpdate.exe [2012-01-01 23:33] . 2012-07-01 c:\windows\Tasks\At49.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07] . 2012-07-01 c:\windows\Tasks\At50.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07] . 2012-07-01 c:\windows\Tasks\At51.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07] . 2012-07-01 c:\windows\Tasks\At52.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 21:07] . 2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-616249376-839522115-1003Core.job - c:\documents and settings\Cleveland's\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-26 02:18] . 2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-616249376-839522115-1003UA.job - c:\documents and settings\Cleveland's\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-26 02:18] . 2012-07-01 c:\windows\Tasks\SmartDefrag_Startup.job - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-07-18 01:19] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 Trusted Zone: cinemanow.com Trusted Zone: cnet.com\download Trusted Zone: roxio.com Trusted Zone: roxionow.com Trusted Zone: sonic.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Cleveland's\Application Data\Mozilla\Firefox\Profiles\coh6frck.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.urlbar.autoFill - false FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 FF - user.js: browser.urlbar.hideGoButton - true . - - - - ORPHANS REMOVED - - - - . HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-01 15:06 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\windows\TEMP\RESE.tmp 0 bytes . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,57,92,bc,b9,b1,e7,46,bc,90,5e,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,57,92,bc,b9,b1,e7,46,bc,90,5e,\ . [HKEY_USERS\S-1-5-21-329068152-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A12F4AD9-8A8D-122C-3FB6-ED26529D8D7B}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-329068152-616249376-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7b,fc,78,d4,d6,e3,11,c9,50,ef,63,e0,27,7b,d5,86,0f,b6,9e,82,63,f0,35, a3,7f,65,8b,cc,8e,c7,5d,fc,cd,7f,2f,9f,89,4d,f1,02,78,a1,c8,c5,84,ec,50,e5,\ "??"=hex:16,18,32,b0,43,17,e3,d4,74,ee,5e,a6,73,d2,51,2d . [HKEY_USERS\S-1-5-21-329068152-616249376-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:b1,77,27,5e,5b,e2,c5,d0,e4,6e,54,59,a7,61,34,bb,88,3b,12,f3,a2, cf,80,0e,35,a4,22,f5,85,ad,d5,da,95,4d,72,29,83,c3,de,62,1b,dd,6e,a5,62,d3,\ "rkeysecu"=hex:48,63,b0,1e,44,30,43,b7,c3,1b,8c,fc,d3,86,b7,79 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1144) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(4996) c:\windows\system32\WININET.dll c:\documents and settings\Cleveland's\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\chrome_frame_helper.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\Microsoft Office\Office14\1033\GrooveIntlResource.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehSched.exe c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\BRMFRSMG.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\dllhost.exe c:\windows\stsystra.exe c:\windows\system32\rundll32.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\progra~1\Microsoft ActiveSync\rapimgr.exe c:\program files\iPod\bin\iPodService.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Completion time: 2012-07-01 15:15:41 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-01 20:15 ComboFix2.txt 2012-05-04 02:31 . Pre-Run: 443,187,724,288 bytes free Post-Run: 443,171,086,336 bytes free . - - End Of File - - 3F190706D5F50905BEFD21C0BDDF4B34
  7. Texasheli1
    Sorry hit the enter before finishing statement. I tried downloading the install file a couple of times for combofix. I just ran the file ignoring the one which would not unarchive. Log posted above.
  8. Texasheli1
    Log below. I could not get Combofix to install without ignoring file C:\32788R22RWJFW\pev.exe. I ComboFix 12-07-01.03 - Cleveland's 07/01/2012 14:53:19.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2408 [GMT -5:00] Running from: c:\documents and settings\Cleveland's\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\771CF41A4D.sys c:\documents and settings\Cleveland's\Librarys\wgesdwx c:\windows\system32\AegisI5Installer.exe c:\windows\system32\config\systemprofile\Librarys\wgesdwx . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\ERDNT\cache\services.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MSIRSTS . . ((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 ))))))))))))))))))))))))))))))) . . 2012-06-30 14:46 . 2012-06-30 14:46 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-25 05:17 . 2012-06-25 05:17 -------- d-----w- c:\program files\PlayReady 2012-06-22 01:07 . 2012-06-22 01:07 -------- d-----w- c:\program files\Common Files\Skype 2012-06-22 01:05 . 2012-06-22 01:05 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-22 01:05 . 2012-06-22 01:05 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-15 04:22 . 2012-06-15 04:22 -------- d-----w- c:\windows\system32\config\systemprofile\Applications 2012-06-13 23:47 . 2012-06-13 23:47 -------- d-----w- c:\documents and settings\Cleveland's\Applications 2012-06-13 12:43 . 2012-07-01 20:04 -------- d-----w- c:\documents and settings\Cleveland's\Librarys 2012-06-13 06:34 . 2012-07-01 20:04 -------- d-----w- c:\windows\system32\config\systemprofile\Librarys 2012-06-13 06:30 . 2012-06-13 06:30 -------- d-----w- c:\windows\system32\URTTEMP 2012-06-13 01:15 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-07 15:50 . 2012-06-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations 2012-06-07 15:50 . 2012-06-07 15:50 -------- d-----w- c:\program files\HP Photo Creations 2012-06-07 15:50 . 2012-06-07 15:50 -------- d-----w- c:\documents and settings\Cleveland's\Application Data\HpUpdate 2012-06-07 15:50 . 2010-06-14 20:19 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll 2012-06-07 15:50 . 2010-06-14 20:19 264552 ----a-w- c:\windows\system32\hpinksts8911LM.dll 2012-06-07 15:50 . 2010-06-14 20:19 232296 ----a-w- c:\windows\system32\hpinksts8911.dll 2012-06-07 15:50 . 2010-06-14 20:19 213352 ----a-w- c:\windows\system32\hpinkcoi8911.dll 2012-06-07 15:49 . 2012-06-07 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2012-06-07 15:49 . 2012-06-07 15:50 -------- d-----w- c:\program files\HP 2012-06-07 15:48 . 2012-06-07 15:48 -------- d-----w- c:\documents and settings\Cleveland's\Local Settings\Application Data\HP 2012-06-05 04:43 . 2012-07-01 01:58 -------- d-----w- c:\documents and settings\Cleveland's\Tracing 2012-06-05 04:25 . 2010-04-28 12:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2012-06-05 04:21 . 2012-06-06 02:47 -------- d-----w- c:\program files\Microsoft 2012-06-05 04:21 . 2012-06-05 04:21 -------- d-----w- c:\program files\Windows Live SkyDrive 2012-06-05 04:21 . 2012-06-05 04:25 -------- d-----w- c:\program files\Windows Live 2012-06-05 04:16 . 2008-06-17 21:13 484632 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\DXSETUP.exe 2012-06-05 04:16 . 2008-06-17 21:13 74520 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\DSETUP.dll 2012-06-05 04:16 . 2008-06-17 21:13 1670936 ----a-w- c:\program files\Common Files\Windows Live\.cache\a73ae721cd42d2\dsetup32.dll 2012-06-05 04:16 . 2008-07-11 09:50 1013800 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa2034281cd42d1\WindowsXP-KB954708-x86-ENU.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-28 18:33 . 2012-05-09 04:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-28 18:33 . 2011-07-19 04:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 20:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19 . 2009-04-18 03:39 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 20:19 . 2009-04-18 03:39 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 20:19 . 2009-04-18 03:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19 . 2009-04-18 03:39 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 20:19 . 2009-04-18 03:39 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 20:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 20:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:19 . 2009-04-18 03:39 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 20:19 . 2009-04-18 03:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 20:18 . 2009-06-17 21:46 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:18 . 2009-06-17 21:46 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18 . 2009-06-17 21:46 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:19 . 2004-08-10 11:00 599552 ----a-w- c:\windows\system32\crypt32.dll 2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\system32\GPhotos.scr 2012-05-24 15:48 . 2012-01-01 16:00 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20 . 2004-08-10 11:00 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2009-04-18 03:35 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-13 07:36 . 2012-05-14 12:07 6734704 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C669D62-418E-4F9A-93B6-3D8DC7CAED6F}\mpengine.dll 2012-04-04 20:56 . 2011-08-29 04:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-16 18:28 . 2012-01-16 18:28 371272 ----a-w- c:\program files\Skype.lnk 2011-12-13 01:18 . 2011-12-13 01:12 69341552 ----a-w- c:\program files\iTunesSetup.exe 2011-06-21 02:41 . 2011-06-21 02:36 20398464 ----a-w- c:\program files\TomTomHOME2winlatest.exe 2009-10-31 17:36 . 2009-10-31 17:34 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe 2009-06-17 12:11 . 2009-06-17 12:10 4909440 ----a-w- c:\program files\Silverlight.2.0.exe 2009-06-16 16:38 . 2009-06-16 16:38 1988392 ----a-w- c:\program files\SkypeSetup-Beta.exe 2009-05-09 04:45 . 2009-05-09 04:42 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe 2012-06-22 01:05 . 2012-01-11 00:37 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . .
  9. Texasheli1
    aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-30 15:44:43 ----------------------------- 15:44:43.078 OS Version: Windows 5.1.2600 Service Pack 3 15:44:43.078 Number of processors: 2 586 0x605 15:44:43.078 ComputerName: BEDROOM UserName: 15:44:45.703 Initialize success 15:45:08.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 15:45:08.078 Disk 0 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610480MB BusType: 3 15:45:08.093 Disk 0 MBR read successfully 15:45:08.093 Disk 0 MBR scan 15:45:08.093 Disk 0 Windows XP default MBR code 15:45:08.093 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610469 MB offset 63 15:45:08.109 Disk 0 scanning sectors +1250242560 15:45:08.171 Disk 0 scanning C:\WINDOWS\system32\drivers 15:45:20.578 Service scanning 15:45:31.875 Modules scanning 15:45:36.359 Disk 0 trace - called modules: 15:45:36.375 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 15:45:36.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aec1ab8] 15:45:36.375 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8ae76b00] 15:45:36.375 Scan finished successfully 20:02:00.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Cleveland's\Desktop\MBR.dat" 20:02:00.171 The log file has been saved successfully to "C:\Documents and Settings\Cleveland's\Desktop\aswMBR.txt"
  10. Texasheli1
    This machine is basically used by the kids for internet gaming and the wife Facebooking. I am now more worried about the other computer I mentioned in the previous post. My wife uses it to do accounting on for her workplace at times. It is also used for online banking. That said the computer you are helping me with the requested logs follow: 9:44:32.0359 4048 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22 09:44:32.0781 4048 ============================================================ 09:44:32.0781 4048 Current date / time: 2012/06/30 09:44:32.0781 09:44:32.0781 4048 SystemInfo: 09:44:32.0781 4048 09:44:32.0781 4048 OS Version: 5.1.2600 ServicePack: 3.0 09:44:32.0781 4048 Product type: Workstation 09:44:32.0781 4048 ComputerName: BEDROOM 09:44:32.0781 4048 UserName: Cleveland's 09:44:32.0781 4048 Windows directory: C:\WINDOWS 09:44:32.0781 4048 System windows directory: C:\WINDOWS 09:44:32.0781 4048 Processor architecture: Intel x86 09:44:32.0781 4048 Number of processors: 2 09:44:32.0781 4048 Page size: 0x1000 09:44:32.0781 4048 Boot type: Normal boot 09:44:32.0781 4048 ============================================================ 09:44:34.0656 4048 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 09:44:34.0718 4048 ============================================================ 09:44:34.0718 4048 \Device\Harddisk0\DR0: 09:44:34.0718 4048 MBR partitions: 09:44:34.0718 4048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852FC1 09:44:34.0718 4048 ============================================================ 09:44:34.0765 4048 C: <-> \Device\Harddisk0\DR0\Partition0 09:44:34.0765 4048 ============================================================ 09:44:34.0765 4048 Initialize success 09:44:34.0765 4048 ============================================================ 09:44:39.0140 0840 ============================================================ 09:44:39.0140 0840 Scan started 09:44:39.0140 0840 Mode: Manual; 09:44:39.0140 0840 ============================================================ 09:44:39.0984 0840 Abiosdsk - ok 09:44:40.0000 0840 abp480n5 - ok 09:44:40.0031 0840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 09:44:40.0031 0840 ACPI - ok 09:44:40.0062 0840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 09:44:40.0078 0840 ACPIEC - ok 09:44:40.0093 0840 adpu160m - ok 09:44:40.0234 0840 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe 09:44:40.0250 0840 AdvancedSystemCareService5 - ok 09:44:40.0265 0840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 09:44:40.0281 0840 aec - ok 09:44:40.0312 0840 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 09:44:40.0328 0840 AFD - ok 09:44:40.0328 0840 Aha154x - ok 09:44:40.0328 0840 aic78u2 - ok 09:44:40.0343 0840 aic78xx - ok 09:44:40.0375 0840 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 09:44:40.0375 0840 Alerter - ok 09:44:40.0390 0840 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 09:44:40.0406 0840 ALG - ok 09:44:40.0406 0840 AliIde - ok 09:44:40.0437 0840 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys 09:44:40.0484 0840 AmdLLD - ok 09:44:40.0484 0840 amsint - ok 09:44:40.0531 0840 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 09:44:40.0531 0840 Apple Mobile Device - ok 09:44:40.0562 0840 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 09:44:40.0562 0840 AppMgmt - ok 09:44:40.0578 0840 asc - ok 09:44:40.0578 0840 asc3350p - ok 09:44:40.0578 0840 asc3550 - ok 09:44:40.0625 0840 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys 09:44:40.0640 0840 Aspi32 - ok 09:44:40.0687 0840 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 09:44:40.0703 0840 aspnet_state - ok 09:44:40.0718 0840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 09:44:40.0734 0840 AsyncMac - ok 09:44:40.0781 0840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 09:44:40.0781 0840 atapi - ok 09:44:40.0781 0840 Atdisk - ok 09:44:40.0843 0840 Ati HotKey Poller (c434b72352fadd9249d5541274021570) C:\WINDOWS\system32\Ati2evxx.exe 09:44:40.0859 0840 Ati HotKey Poller - ok 09:44:40.0906 0840 ATI Smart (2b2cc2c47f5de490f27d4292f0edc034) C:\WINDOWS\system32\ati2sgag.exe 09:44:40.0906 0840 ATI Smart - ok 09:44:41.0265 0840 ati2mtag (b4368b39a18630c3ec8d7f496f76f19b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 09:44:41.0390 0840 ati2mtag - ok 09:44:41.0500 0840 AtiHDAudioService (bd9ca8136738040d3257363ed12be693) C:\WINDOWS\system32\drivers\AtihdXP3.sys 09:44:41.0500 0840 AtiHDAudioService - ok 09:44:41.0531 0840 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys 09:44:41.0546 0840 AtiHdmiService - ok 09:44:41.0578 0840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 09:44:41.0593 0840 Atmarpc - ok 09:44:41.0625 0840 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 09:44:41.0625 0840 AudioSrv - ok 09:44:41.0656 0840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 09:44:41.0671 0840 audstub - ok 09:44:41.0687 0840 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys 09:44:41.0703 0840 BANTExt - ok 09:44:41.0781 0840 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE 09:44:41.0796 0840 BBSvc - ok 09:44:41.0828 0840 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE 09:44:41.0843 0840 BBUpdate - ok 09:44:41.0859 0840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 09:44:41.0859 0840 Beep - ok 09:44:41.0890 0840 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 09:44:41.0906 0840 BITS - ok 09:44:41.0984 0840 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 09:44:41.0984 0840 Bonjour Service - ok 09:44:42.0015 0840 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys 09:44:42.0031 0840 brfilt - ok 09:44:42.0046 0840 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 09:44:42.0046 0840 Browser - ok 09:44:42.0062 0840 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys 09:44:42.0078 0840 BrSerWDM - ok 09:44:42.0093 0840 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys 09:44:42.0109 0840 BrUsbMdm - ok 09:44:42.0125 0840 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys 09:44:42.0140 0840 BrUsbScn - ok 09:44:42.0171 0840 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 09:44:42.0187 0840 BthEnum - ok 09:44:42.0203 0840 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 09:44:42.0218 0840 BthPan - ok 09:44:42.0265 0840 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys 09:44:42.0265 0840 BTHPORT - ok 09:44:42.0281 0840 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll 09:44:42.0281 0840 BthServ - ok 09:44:42.0296 0840 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 09:44:42.0328 0840 BTHUSB - ok 09:44:42.0328 0840 catchme - ok 09:44:42.0343 0840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 09:44:42.0359 0840 cbidf2k - ok 09:44:42.0406 0840 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 09:44:42.0421 0840 CCDECODE - ok 09:44:42.0421 0840 cd20xrnt - ok 09:44:42.0437 0840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 09:44:42.0468 0840 Cdaudio - ok 09:44:42.0484 0840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 09:44:42.0500 0840 Cdfs - ok 09:44:42.0515 0840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 09:44:42.0531 0840 Cdrom - ok 09:44:42.0546 0840 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 09:44:42.0578 0840 cercsr6 - ok 09:44:42.0578 0840 Changer - ok 09:44:42.0593 0840 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 09:44:42.0593 0840 CiSvc - ok 09:44:42.0593 0840 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 09:44:42.0593 0840 ClipSrv - ok 09:44:42.0687 0840 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:44:42.0687 0840 clr_optimization_v2.0.50727_32 - ok 09:44:42.0718 0840 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:44:42.0718 0840 clr_optimization_v4.0.30319_32 - ok 09:44:42.0718 0840 CmdIde - ok 09:44:42.0750 0840 CompFilter (9704b9c442e3ef2989746d08f80a3743) C:\WINDOWS\system32\DRIVERS\lvbusflt.sys 09:44:42.0750 0840 CompFilter - ok 09:44:42.0750 0840 COMSysApp - ok 09:44:42.0765 0840 Cpqarray - ok 09:44:42.0765 0840 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 09:44:42.0765 0840 CryptSvc - ok 09:44:42.0781 0840 dac2w2k - ok 09:44:42.0781 0840 dac960nt - ok 09:44:42.0843 0840 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe 09:44:42.0843 0840 DAUpdaterSvc - ok 09:44:42.0890 0840 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 09:44:42.0906 0840 DcomLaunch - ok 09:44:42.0937 0840 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 09:44:42.0953 0840 Dhcp - ok 09:44:42.0953 0840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 09:44:42.0968 0840 Disk - ok 09:44:42.0968 0840 dmadmin - ok 09:44:43.0031 0840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 09:44:43.0062 0840 dmboot - ok 09:44:43.0078 0840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 09:44:43.0078 0840 dmio - ok 09:44:43.0093 0840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 09:44:43.0093 0840 dmload - ok 09:44:43.0125 0840 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 09:44:43.0125 0840 dmserver - ok 09:44:43.0140 0840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 09:44:43.0156 0840 DMusic - ok 09:44:43.0171 0840 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS 09:44:43.0187 0840 DNINDIS5 - ok 09:44:43.0203 0840 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 09:44:43.0203 0840 Dnscache - ok 09:44:43.0234 0840 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 09:44:43.0234 0840 Dot3svc - ok 09:44:43.0234 0840 dpti2o - ok 09:44:43.0250 0840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 09:44:43.0265 0840 drmkaud - ok 09:44:43.0296 0840 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys 09:44:43.0328 0840 E100B - ok 09:44:43.0343 0840 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys 09:44:43.0343 0840 eamon - ok 09:44:43.0359 0840 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 09:44:43.0359 0840 EapHost - ok 09:44:43.0375 0840 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys 09:44:43.0390 0840 ehdrv - ok 09:44:43.0437 0840 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe 09:44:43.0437 0840 ehRecvr - ok 09:44:43.0484 0840 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe 09:44:43.0484 0840 ehSched - ok 09:44:43.0515 0840 EhttpSrv (68d91a34ce51cf15c45dd68f7f1257e8) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe 09:44:43.0515 0840 EhttpSrv - ok 09:44:43.0546 0840 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 09:44:43.0562 0840 ekrn - ok 09:44:43.0593 0840 epfwtdir (aa0667eb9a92414abb784c101a6c7fec) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 09:44:43.0609 0840 epfwtdir - ok 09:44:43.0687 0840 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE 09:44:43.0687 0840 EPSON_PM_RPCV4_01 - ok 09:44:43.0703 0840 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 09:44:43.0703 0840 ERSvc - ok 09:44:43.0734 0840 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 09:44:43.0734 0840 Eventlog - ok 09:44:43.0781 0840 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 09:44:43.0781 0840 EventSystem - ok 09:44:43.0796 0840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 09:44:43.0812 0840 Fastfat - ok 09:44:43.0859 0840 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 09:44:43.0859 0840 FastUserSwitchingCompatibility - ok 09:44:43.0859 0840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 09:44:43.0890 0840 Fdc - ok 09:44:43.0890 0840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 09:44:43.0906 0840 Fips - ok 09:44:43.0906 0840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 09:44:43.0937 0840 Flpydisk - ok 09:44:43.0937 0840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 09:44:43.0937 0840 FltMgr - ok 09:44:44.0015 0840 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 09:44:44.0015 0840 FontCache3.0.0.0 - ok 09:44:44.0031 0840 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 09:44:44.0046 0840 fssfltr - ok 09:44:44.0125 0840 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe 09:44:44.0140 0840 fsssvc - ok 09:44:44.0171 0840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 09:44:44.0203 0840 Fs_Rec - ok 09:44:44.0218 0840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 09:44:44.0218 0840 Ftdisk - ok 09:44:44.0250 0840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 09:44:44.0265 0840 GEARAspiWDM - ok 09:44:44.0265 0840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 09:44:44.0281 0840 Gpc - ok 09:44:44.0343 0840 gusvc (a452e9aae84ff0ad57d6bb6c18d338c7) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 09:44:44.0343 0840 gusvc - ok 09:44:44.0375 0840 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 09:44:44.0406 0840 HDAudBus - ok 09:44:44.0500 0840 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 09:44:44.0500 0840 helpsvc - ok 09:44:44.0515 0840 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys 09:44:44.0531 0840 HidBth - ok 09:44:44.0562 0840 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 09:44:44.0578 0840 HidServ - ok 09:44:44.0578 0840 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 09:44:44.0609 0840 hidusb - ok 09:44:44.0625 0840 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 09:44:44.0625 0840 hkmsvc - ok 09:44:44.0656 0840 hotcore3 (8e0968b308040261c53b216e3ce7559a) C:\WINDOWS\system32\DRIVERS\hotcore3.sys 09:44:44.0656 0840 hotcore3 - ok 09:44:44.0656 0840 hpn - ok 09:44:44.0671 0840 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 09:44:44.0687 0840 HSFHWBS2 - ok 09:44:44.0734 0840 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 09:44:44.0781 0840 HSF_DP - ok 09:44:44.0796 0840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 09:44:44.0812 0840 HTTP - ok 09:44:44.0812 0840 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 09:44:44.0812 0840 HTTPFilter - ok 09:44:44.0812 0840 i2omgmt - ok 09:44:44.0828 0840 i2omp - ok 09:44:44.0843 0840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys 09:44:44.0875 0840 i8042prt - ok 09:44:45.0031 0840 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 09:44:45.0046 0840 idsvc - ok 09:44:45.0062 0840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 09:44:45.0078 0840 Imapi - ok 09:44:45.0125 0840 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 09:44:45.0125 0840 ImapiService - ok 09:44:45.0125 0840 ini910u - ok 09:44:45.0140 0840 IntelIde - ok 09:44:45.0187 0840 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 09:44:45.0203 0840 intelppm - ok 09:44:45.0218 0840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 09:44:45.0250 0840 Ip6Fw - ok 09:44:45.0265 0840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 09:44:45.0312 0840 IpFilterDriver - ok 09:44:45.0328 0840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 09:44:45.0343 0840 IpInIp - ok 09:44:45.0359 0840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 09:44:45.0375 0840 IpNat - ok 09:44:45.0453 0840 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe 09:44:45.0453 0840 iPod Service - ok 09:44:45.0468 0840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 09:44:45.0484 0840 IPSec - ok 09:44:45.0500 0840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 09:44:45.0531 0840 IRENUM - ok 09:44:45.0562 0840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 09:44:45.0562 0840 isapnp - ok 09:44:45.0625 0840 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe 09:44:45.0625 0840 JavaQuickStarterService - ok 09:44:45.0671 0840 JL2005C (78648c0450b9af8d1bbc5fd86dec1642) C:\WINDOWS\system32\Drivers\jl2005c.sys 09:44:45.0687 0840 JL2005C - ok 09:44:45.0703 0840 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys 09:44:45.0734 0840 JSWSCIMD - ok 09:44:45.0734 0840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 09:44:45.0750 0840 Kbdclass - ok 09:44:45.0750 0840 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 09:44:45.0781 0840 kbdhid - ok 09:44:45.0796 0840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 09:44:45.0796 0840 kmixer - ok 09:44:45.0812 0840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 09:44:45.0812 0840 KSecDD - ok 09:44:45.0843 0840 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 09:44:45.0843 0840 lanmanserver - ok 09:44:45.0890 0840 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 09:44:45.0890 0840 lanmanworkstation - ok 09:44:45.0890 0840 lbrtfdc - ok 09:44:45.0906 0840 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 09:44:45.0906 0840 LmHosts - ok 09:44:45.0984 0840 LMIGuardianSvc (c6a4fa0beed6e4198ddd8b8ee136cf80) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe 09:44:46.0000 0840 LMIGuardianSvc - ok 09:44:46.0000 0840 lmimirr - ok 09:44:46.0046 0840 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\WINDOWS\system32\DRIVERS\lvrs.sys 09:44:46.0062 0840 LVRS - ok 09:44:46.0281 0840 LVUVC (5bc80451109a8dd7f2ddd35bce2929a3) C:\WINDOWS\system32\DRIVERS\lvuvc.sys 09:44:46.0359 0840 LVUVC - ok 09:44:46.0421 0840 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 09:44:46.0437 0840 MBAMProtector - ok 09:44:46.0500 0840 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 09:44:46.0515 0840 MBAMService - ok 09:44:46.0562 0840 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe 09:44:46.0562 0840 McrdSvc - ok 09:44:46.0593 0840 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 09:44:46.0609 0840 mdmxsdk - ok 09:44:46.0781 0840 MediaMall Server (dabf5c502202e7999b273a39602f8a0d) C:\Program Files\MediaMall\MediaMallServer.exe 09:44:46.0812 0840 MediaMall Server - ok 09:44:46.0906 0840 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 09:44:46.0906 0840 Messenger - ok 09:44:46.0937 0840 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys 09:44:46.0953 0840 mf - ok 09:44:46.0984 0840 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll 09:44:46.0984 0840 MHN - ok 09:44:47.0000 0840 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 09:44:47.0015 0840 MHNDRV - ok 09:44:47.0046 0840 Microsoft SharePoint Workspace Audit Service - ok 09:44:47.0078 0840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 09:44:47.0093 0840 mnmdd - ok 09:44:47.0125 0840 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 09:44:47.0125 0840 mnmsrvc - ok 09:44:47.0156 0840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 09:44:47.0171 0840 Modem - ok 09:44:47.0187 0840 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 09:44:47.0203 0840 MODEMCSA - ok 09:44:47.0203 0840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 09:44:47.0218 0840 Mouclass - ok 09:44:47.0250 0840 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 09:44:47.0265 0840 mouhid - ok 09:44:47.0281 0840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 09:44:47.0281 0840 MountMgr - ok 09:44:47.0328 0840 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 09:44:47.0328 0840 MozillaMaintenance - ok 09:44:47.0359 0840 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 09:44:47.0359 0840 MpFilter - ok 09:44:47.0359 0840 mraid35x - ok 09:44:47.0390 0840 MRVW245 (513179a0e168b4d4cc6ff302b9c27568) C:\WINDOWS\system32\DRIVERS\MRVW245.sys 09:44:47.0390 0840 MRVW245 - ok 09:44:47.0421 0840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 09:44:47.0468 0840 MRxDAV - ok 09:44:47.0515 0840 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 09:44:47.0515 0840 MRxSmb - ok 09:44:47.0546 0840 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 09:44:47.0546 0840 MSDTC - ok 09:44:47.0578 0840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 09:44:47.0578 0840 Msfs - ok 09:44:47.0578 0840 MSIServer - ok 09:44:47.0593 0840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 09:44:47.0609 0840 MSKSSRV - ok 09:44:47.0656 0840 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe 09:44:47.0656 0840 MsMpSvc - ok 09:44:47.0687 0840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 09:44:47.0703 0840 MSPCLOCK - ok 09:44:47.0703 0840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 09:44:47.0734 0840 MSPQM - ok 09:44:47.0750 0840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 09:44:47.0765 0840 mssmbios - ok 09:44:47.0796 0840 MSSQL$MSSMLBIZ - ok 09:44:47.0828 0840 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 09:44:47.0828 0840 MSSQLServerADHelper - ok 09:44:47.0875 0840 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 09:44:47.0890 0840 MSTEE - ok 09:44:47.0906 0840 msvad_simple (ba03a176197d06ecaf0da86942375156) C:\WINDOWS\system32\drivers\povrtdev.sys 09:44:47.0921 0840 msvad_simple - ok 09:44:47.0937 0840 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 09:44:47.0937 0840 Mup - ok 09:44:47.0968 0840 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 09:44:47.0984 0840 NABTSFEC - ok 09:44:48.0015 0840 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 09:44:48.0031 0840 napagent - ok 09:44:48.0031 0840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 09:44:48.0031 0840 NDIS - ok 09:44:48.0062 0840 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 09:44:48.0078 0840 NdisIP - ok 09:44:48.0093 0840 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 09:44:48.0093 0840 NdisTapi - ok 09:44:48.0125 0840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 09:44:48.0140 0840 Ndisuio - ok 09:44:48.0140 0840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 09:44:48.0171 0840 NdisWan - ok 09:44:48.0187 0840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 09:44:48.0187 0840 NDProxy - ok 09:44:48.0187 0840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 09:44:48.0187 0840 NetBIOS - ok 09:44:48.0203 0840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 09:44:48.0234 0840 NetBT - ok 09:44:48.0250 0840 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 09:44:48.0250 0840 NetDDE - ok 09:44:48.0250 0840 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 09:44:48.0250 0840 NetDDEdsdm - ok 09:44:48.0281 0840 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:44:48.0281 0840 Netlogon - ok 09:44:48.0312 0840 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 09:44:48.0312 0840 Netman - ok 09:44:48.0390 0840 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 09:44:48.0406 0840 NetTcpPortSharing - ok 09:44:48.0421 0840 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 09:44:48.0421 0840 Nla - ok 09:44:48.0437 0840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 09:44:48.0453 0840 Npfs - ok 09:44:48.0484 0840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 09:44:48.0484 0840 Ntfs - ok 09:44:48.0484 0840 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:44:48.0500 0840 NtLmSsp - ok 09:44:48.0531 0840 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 09:44:48.0546 0840 NtmsSvc - ok 09:44:48.0562 0840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 09:44:48.0578 0840 Null - ok 09:44:48.0593 0840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 09:44:48.0625 0840 NwlnkFlt - ok 09:44:48.0640 0840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 09:44:48.0656 0840 NwlnkFwd - ok 09:44:48.0703 0840 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:44:48.0718 0840 ose - ok 09:44:48.0984 0840 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 09:44:49.0015 0840 osppsvc - ok 09:44:49.0109 0840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 09:44:49.0125 0840 Parport - ok 09:44:49.0140 0840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 09:44:49.0156 0840 PartMgr - ok 09:44:49.0171 0840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 09:44:49.0187 0840 ParVdm - ok 09:44:49.0218 0840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 09:44:49.0218 0840 PCI - ok 09:44:49.0218 0840 PciCon - ok 09:44:49.0218 0840 PCIDump - ok 09:44:49.0234 0840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 09:44:49.0234 0840 PCIIde - ok 09:44:49.0250 0840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 09:44:49.0281 0840 Pcmcia - ok 09:44:49.0281 0840 PDCOMP - ok 09:44:49.0296 0840 PDFRAME - ok 09:44:49.0296 0840 PDRELI - ok 09:44:49.0296 0840 PDRFRAME - ok 09:44:49.0312 0840 perc2 - ok 09:44:49.0312 0840 perc2hib - ok 09:44:49.0343 0840 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 09:44:49.0343 0840 PlugPlay - ok 09:44:49.0359 0840 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:44:49.0359 0840 PolicyAgent - ok 09:44:49.0390 0840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 09:44:49.0406 0840 PptpMiniport - ok 09:44:49.0406 0840 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:44:49.0406 0840 ProtectedStorage - ok 09:44:49.0421 0840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 09:44:49.0453 0840 PSched - ok 09:44:49.0484 0840 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 09:44:49.0500 0840 PSI_SVC_2 - ok 09:44:49.0515 0840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 09:44:49.0531 0840 Ptilink - ok 09:44:49.0531 0840 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 09:44:49.0546 0840 PxHelp20 - ok 09:44:49.0546 0840 ql1080 - ok 09:44:49.0546 0840 Ql10wnt - ok 09:44:49.0546 0840 ql12160 - ok 09:44:49.0562 0840 ql1240 - ok 09:44:49.0562 0840 ql1280 - ok 09:44:49.0578 0840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 09:44:49.0593 0840 RasAcd - ok 09:44:49.0625 0840 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 09:44:49.0625 0840 RasAuto - ok 09:44:49.0640 0840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 09:44:49.0671 0840 Rasl2tp - ok 09:44:49.0687 0840 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 09:44:49.0687 0840 RasMan - ok 09:44:49.0687 0840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 09:44:49.0718 0840 RasPppoe - ok 09:44:49.0718 0840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 09:44:49.0734 0840 Raspti - ok 09:44:49.0750 0840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 09:44:49.0750 0840 Rdbss - ok 09:44:49.0765 0840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 09:44:49.0781 0840 RDPCDD - ok 09:44:49.0796 0840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 09:44:49.0812 0840 rdpdr - ok 09:44:49.0843 0840 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys 09:44:49.0875 0840 RDPWD - ok 09:44:49.0906 0840 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 09:44:49.0906 0840 RDSessMgr - ok 09:44:49.0937 0840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 09:44:49.0953 0840 redbook - ok 09:44:49.0968 0840 regi (c1e596e42e77f94d5c1c18fd9b2b3274) C:\WINDOWS\system32\drivers\regi.sys 09:44:49.0984 0840 regi - ok 09:44:49.0984 0840 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 09:44:49.0984 0840 RemoteAccess - ok 09:44:50.0000 0840 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 09:44:50.0000 0840 RemoteRegistry - ok 09:44:50.0015 0840 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 09:44:50.0046 0840 RFCOMM - ok 09:44:50.0109 0840 RoxioNow Service (6bfc6c564e75b1ccaa3d24342dc77c13) C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe 09:44:50.0125 0840 RoxioNow Service - ok 09:44:50.0140 0840 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 09:44:50.0140 0840 RpcLocator - ok 09:44:50.0203 0840 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 09:44:50.0203 0840 RpcSs - ok 09:44:50.0250 0840 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 09:44:50.0250 0840 RSVP - ok 09:44:50.0250 0840 rt2870 - ok 09:44:50.0250 0840 RT80x86 - ok 09:44:50.0250 0840 RTL8192su - ok 09:44:50.0296 0840 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:44:50.0296 0840 SamSs - ok 09:44:50.0296 0840 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 09:44:50.0312 0840 SCardSvr - ok 09:44:50.0328 0840 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 09:44:50.0328 0840 Schedule - ok 09:44:50.0343 0840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 09:44:50.0375 0840 Secdrv - ok 09:44:50.0375 0840 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 09:44:50.0375 0840 seclogon - ok 09:44:50.0390 0840 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 09:44:50.0390 0840 SENS - ok 09:44:50.0437 0840 Ser2pl (b4664c1ee39a5b7fc112f4077f8d21a5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys 09:44:50.0437 0840 Ser2pl - ok 09:44:50.0437 0840 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 09:44:50.0453 0840 Serenum - ok 09:44:50.0484 0840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 09:44:50.0515 0840 Serial - ok 09:44:50.0531 0840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 09:44:50.0546 0840 Sfloppy - ok 09:44:50.0609 0840 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 09:44:50.0609 0840 SharedAccess - ok 09:44:50.0656 0840 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 09:44:50.0656 0840 ShellHWDetection - ok 09:44:50.0656 0840 Simbad - ok 09:44:50.0781 0840 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe 09:44:50.0796 0840 SkypeUpdate - ok 09:44:50.0843 0840 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 09:44:50.0859 0840 SLIP - ok 09:44:50.0890 0840 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys 09:44:50.0890 0840 SmartDefragDriver - ok 09:44:50.0906 0840 SockHook (1414b82019d4c9e7de9981c4971c3438) C:\WINDOWS\system32\drivers\SOCKHOOK.SYS 09:44:50.0906 0840 SockHook - ok 09:44:50.0921 0840 Sparrow - ok 09:44:50.0937 0840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 09:44:50.0953 0840 splitter - ok 09:44:50.0984 0840 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 09:44:50.0984 0840 Spooler - ok 09:44:51.0062 0840 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 09:44:51.0062 0840 SQLBrowser - ok 09:44:51.0078 0840 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 09:44:51.0078 0840 SQLWriter - ok 09:44:51.0093 0840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 09:44:51.0093 0840 sr - ok 09:44:51.0109 0840 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 09:44:51.0125 0840 srservice - ok 09:44:51.0156 0840 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 09:44:51.0156 0840 Srv - ok 09:44:51.0187 0840 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 09:44:51.0187 0840 SSDPSRV - ok 09:44:51.0218 0840 SSLDrv (a7a577c32309fe723fa2ef927464ec6f) C:\WINDOWS\system32\DRIVERS\SSLDrv.sys 09:44:51.0234 0840 SSLDrv - ok 09:44:51.0281 0840 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys 09:44:51.0281 0840 STHDA - ok 09:44:51.0328 0840 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 09:44:51.0343 0840 stisvc - ok 09:44:51.0359 0840 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 09:44:51.0375 0840 streamip - ok 09:44:51.0390 0840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 09:44:51.0406 0840 swenum - ok 09:44:51.0421 0840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 09:44:51.0453 0840 swmidi - ok 09:44:51.0453 0840 SwPrv - ok 09:44:51.0468 0840 symc810 - ok 09:44:51.0468 0840 symc8xx - ok 09:44:51.0468 0840 sym_hi - ok 09:44:51.0484 0840 sym_u3 - ok 09:44:51.0500 0840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 09:44:51.0500 0840 sysaudio - ok 09:44:51.0500 0840 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 09:44:51.0515 0840 SysmonLog - ok 09:44:51.0531 0840 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 09:44:51.0531 0840 TapiSrv - ok 09:44:51.0578 0840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 09:44:51.0578 0840 Tcpip - ok 09:44:51.0593 0840 TdiPbk (84be1808e93519e0bed43d8ab1dc5bec) C:\WINDOWS\system32\Drivers\TdiPbk.SYS 09:44:51.0593 0840 TdiPbk - ok 09:44:51.0609 0840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 09:44:51.0625 0840 TDPIPE - ok 09:44:51.0625 0840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 09:44:51.0656 0840 TDTCP - ok 09:44:51.0671 0840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 09:44:51.0718 0840 TermDD - ok 09:44:51.0734 0840 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 09:44:51.0750 0840 TermService - ok 09:44:51.0781 0840 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 09:44:51.0781 0840 Themes - ok 09:44:51.0796 0840 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 09:44:51.0796 0840 TlntSvr - ok 09:44:51.0875 0840 TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 09:44:51.0890 0840 TomTomHOMEService - ok 09:44:51.0890 0840 TosIde - ok 09:44:51.0890 0840 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 09:44:51.0906 0840 TrkWks - ok 09:44:51.0937 0840 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 09:44:51.0953 0840 tunmp - ok 09:44:51.0968 0840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 09:44:51.0984 0840 Udfs - ok 09:44:52.0015 0840 UltiDev Cassini Web Server for ASP.NET 2.0 (bee8c1f7838a1d69d5e5a36a3efbd722) C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe 09:44:52.0015 0840 UltiDev Cassini Web Server for ASP.NET 2.0 - ok 09:44:52.0015 0840 ultra - ok 09:44:52.0078 0840 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 09:44:52.0078 0840 UMVPFSrv - ok 09:44:52.0093 0840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 09:44:52.0140 0840 Update - ok 09:44:52.0156 0840 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 09:44:52.0156 0840 upnphost - ok 09:44:52.0156 0840 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 09:44:52.0156 0840 UPS - ok 09:44:52.0203 0840 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 09:44:52.0218 0840 USBAAPL - ok 09:44:52.0250 0840 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 09:44:52.0265 0840 usbaudio - ok 09:44:52.0265 0840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 09:44:52.0296 0840 usbccgp - ok 09:44:52.0328 0840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 09:44:52.0343 0840 usbehci - ok 09:44:52.0359 0840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 09:44:52.0375 0840 usbhub - ok 09:44:52.0375 0840 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 09:44:52.0390 0840 usbprint - ok 09:44:52.0421 0840 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 09:44:52.0453 0840 usbscan - ok 09:44:52.0453 0840 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 09:44:52.0484 0840 USBSTOR - ok 09:44:52.0515 0840 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 09:44:52.0531 0840 usbuhci - ok 09:44:52.0562 0840 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 09:44:52.0578 0840 usbvideo - ok 09:44:52.0593 0840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 09:44:52.0609 0840 VgaSave - ok 09:44:52.0609 0840 ViaIde - ok 09:44:52.0625 0840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 09:44:52.0625 0840 VolSnap - ok 09:44:52.0640 0840 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 09:44:52.0640 0840 VSS - ok 09:44:52.0671 0840 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 09:44:52.0671 0840 W32Time - ok 09:44:52.0671 0840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 09:44:52.0703 0840 Wanarp - ok 09:44:52.0734 0840 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 09:44:52.0734 0840 wceusbsh - ok 09:44:52.0734 0840 WDICA - ok 09:44:52.0750 0840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 09:44:52.0796 0840 wdmaud - ok 09:44:52.0828 0840 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 09:44:52.0843 0840 WebClient - ok 09:44:52.0875 0840 WebGuideTranscode (6be87e1bb2c8837ae587dab781ee4895) C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe 09:44:52.0890 0840 WebGuideTranscode - ok 09:44:52.0937 0840 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 09:44:52.0953 0840 winachsf - ok 09:44:53.0015 0840 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 09:44:53.0031 0840 winmgmt - ok 09:44:53.0093 0840 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll 09:44:53.0125 0840 WinRM - ok 09:44:53.0234 0840 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 09:44:53.0234 0840 wlidsvc - ok 09:44:53.0296 0840 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll 09:44:53.0296 0840 WmdmPmSN - ok 09:44:53.0359 0840 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 09:44:53.0375 0840 Wmi - ok 09:44:53.0406 0840 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 09:44:53.0406 0840 WmiApSrv - ok 09:44:53.0515 0840 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe 09:44:53.0531 0840 WMPNetworkSvc - ok 09:44:53.0562 0840 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 09:44:53.0578 0840 WpdUsb - ok 09:44:53.0687 0840 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 09:44:53.0703 0840 WPFFontCache_v0400 - ok 09:44:53.0765 0840 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 09:44:53.0781 0840 WS2IFSL - ok 09:44:53.0812 0840 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 09:44:53.0812 0840 wscsvc - ok 09:44:53.0843 0840 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys 09:44:53.0875 0840 WSIMD - ok 09:44:53.0906 0840 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 09:44:53.0921 0840 WSTCODEC - ok 09:44:53.0953 0840 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 09:44:53.0953 0840 wuauserv - ok 09:44:53.0984 0840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 09:44:53.0984 0840 WudfPf - ok 09:44:54.0015 0840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 09:44:54.0015 0840 WudfRd - ok 09:44:54.0031 0840 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 09:44:54.0046 0840 WudfSvc - ok 09:44:54.0093 0840 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 09:44:54.0109 0840 WZCSVC - ok 09:44:54.0125 0840 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 09:44:54.0125 0840 xmlprov - ok 09:44:54.0156 0840 MBR (0x1B8) (87d88fa4d3efd4431866ea91949644bf) \Device\Harddisk0\DR0 09:44:54.0171 0840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected 09:44:54.0171 0840 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0) 09:44:54.0171 0840 Boot (0x1200) (b17574f46cdda63b40b8c447de715daf) \Device\Harddisk0\DR0\Partition0 09:44:54.0187 0840 \Device\Harddisk0\DR0\Partition0 - ok 09:44:54.0187 0840 ============================================================ 09:44:54.0187 0840 Scan finished 09:44:54.0187 0840 ============================================================ 09:44:54.0187 8072 Detected object count: 1 09:44:54.0187 8072 Actual detected object count: 1 09:46:04.0625 8072 \Device\Harddisk0\DR0\# - copied to quarantine 09:46:04.0625 8072 \Device\Harddisk0\DR0 - copied to quarantine 09:46:04.0640 8072 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot 09:46:04.0640 8072 \Device\Harddisk0\DR0 - ok 09:46:04.0640 8072 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure 09:46:12.0875 8180 Deinitialize success . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by Cleveland's at 9:49:43 on 2012-06-30 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2311 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes =============== . C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Microsoft\BingBar\BBSvc.EXE C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\MediaMall\MediaMallServer.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\BRMFRSMG.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\SkypeUSBPhoneDriver\Skype@phone.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe C:\Documents and Settings\Cleveland's\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\chrome_frame_helper.exe C:\Program Files\NETGEAR\WN111\wn111.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\Program Files\Microsoft Silverlight\5.1.10411.0\agcp.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\microsoft office\office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [ChromeFrameHelper] "c:\documents and settings\cleveland's\local settings\application data\google\chrome\application\19.0.1084.56\chrome_frame_helper.exe" --startup mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [skype@phone] c:\program files\skypeusbphonedriver\Skype@phone.exe mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgear wn111 smart wizard.lnk - c:\program files\netgear\wn111\wn111.exe uPolicies-explorer: NoInstrumentation = 1 (0x1) mPolicies-explorer: NoResolveTrack = 1 (0x1) mPolicies-explorer: NoFileAssociate = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11\REFIEBAR.DLL Trusted Zone: cinemanow.com Trusted Zone: cnet.com\download Trusted Zone: roxio.com Trusted Zone: roxionow.com Trusted Zone: sonic.com DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.vmeprocess.com/NELX.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{97A05BB9-35CE-4553-B5B4-7AA5552180BA} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\documents and settings\cleveland's\local settings\application data\google\chrome\application\19.0.1084.56\npchrome_frame.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\cleveland's\application data\mozilla\firefox\profiles\coh6frck.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\documents and settings\cleveland's\application data\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\documents and settings\cleveland's\application data\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\documents and settings\cleveland's\application data\mozilla\firefox\profiles\coh6frck.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npRNowPlugin.dll FF - plugin: c:\documents and settings\cleveland's\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\progra~1\microsoft office\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\microsoft office\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.urlbar.autoFill - false FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 FF - user.js: browser.urlbar.hideGoButton - true . ============= SERVICES / DRIVERS =============== . R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-10-16 40560] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-17 13496] R0 SockHook;SockHook;c:\windows\system32\drivers\SOCKHOOK.SYS [2009-7-26 15000] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-1-1 913792] R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176] R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-6-4 54760] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-28 654408] R2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2012-4-12 2976632] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-7-5 10680] R2 RoxioNow Service;RoxioNow Service;c:\program files\roxio\roxionow player\RNowSvc.exe [2011-8-2 400368] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592] R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\ultidev\cassini web server for asp.net 2.0\UltiDevCassinWebServer2a.exe [2007-2-8 49152] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848] R2 WebGuideTranscode;WebGuideTranscode;c:\program files\webguide\webguide4\bin\WebGuideTranscodeService.exe [2007-2-20 40960] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-3-22 100368] R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2009-4-20 2944] R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-4-20 60416] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2009-4-20 11008] R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2009-4-20 10368] R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2012-1-18 22176] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-28 22344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-8-21 374152] S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2012-1-19 25832] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 jswpsapi;Jumpstart Wifi Protected Setup; [x] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys --> c:\windows\system32\drivers\RT2860.sys [?] S3 RTL8192su;RNX-N2LX Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys --> c:\windows\system32\drivers\RTL8192su.sys [?] S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2008-8-6 20504] S3 TdiPbk;TdiPbk;c:\windows\system32\drivers\TdiPbk.SYS [2009-7-26 24328] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-06-30 14:46:04 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-25 05:17:02 -------- d-----w- c:\program files\PlayReady 2012-06-22 01:05:25 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-06-22 01:05:25 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-06-13 23:47:56 -------- d-----w- c:\documents and settings\cleveland's\Applications 2012-06-13 12:43:05 -------- d-----w- c:\documents and settings\cleveland's\Librarys 2012-06-13 06:30:54 -------- d-----w- c:\windows\system32\URTTEMP 2012-06-13 01:15:55 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-07 15:50:55 -------- d-----w- c:\program files\HP Photo Creations 2012-06-07 15:50:55 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations 2012-06-07 15:50:41 -------- d-----w- c:\documents and settings\cleveland's\application data\HpUpdate 2012-06-07 15:50:12 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll 2012-06-07 15:50:09 264552 ----a-w- c:\windows\system32\hpinksts8911LM.dll 2012-06-07 15:50:08 232296 ----a-w- c:\windows\system32\hpinksts8911.dll 2012-06-07 15:50:08 213352 ----a-w- c:\windows\system32\hpinkcoi8911.dll 2012-06-07 15:49:25 -------- d-----w- c:\program files\HP 2012-06-07 15:48:53 -------- d-----w- c:\documents and settings\cleveland's\local settings\application data\HP 2012-06-05 04:43:39 -------- d-----w- c:\documents and settings\cleveland's\Tracing 2012-06-05 04:25:12 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2012-06-05 04:21:43 -------- d-----w- c:\program files\Microsoft 2012-06-05 04:21:31 -------- d-----w- c:\program files\Windows Live SkyDrive 2012-06-05 04:16:55 484632 ----a-w- c:\program files\common files\windows live\.cache\a73ae721cd42d2\DXSETUP.exe 2012-06-05 04:16:54 74520 ----a-w- c:\program files\common files\windows live\.cache\a73ae721cd42d2\DSETUP.dll 2012-06-05 04:16:54 1670936 ----a-w- c:\program files\common files\windows live\.cache\a73ae721cd42d2\dsetup32.dll 2012-06-05 04:16:27 1013800 ----a-w- c:\program files\common files\windows live\.cache\fa2034281cd42d1\WindowsXP-KB954708-x86-ENU.exe . ==================== Find3M ==================== . 2012-06-28 18:33:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-28 18:33:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:19:37 599552 ----a-w- c:\windows\system32\crypt32.dll 2012-05-24 21:18:40 4472832 ----a-w- c:\windows\system32\GPhotos.scr 2012-05-24 15:48:10 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-16 18:28:05 371272 ----a-w- c:\program files\Skype.lnk 2011-12-13 01:18:12 69341552 ----a-w- c:\program files\iTunesSetup.exe 2011-06-21 02:41:02 20398464 ----a-w- c:\program files\TomTomHOME2winlatest.exe 2009-10-31 17:36:16 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe 2009-06-17 12:11:49 4909440 ----a-w- c:\program files\Silverlight.2.0.exe 2009-06-16 16:38:52 1988392 ----a-w- c:\program files\SkypeSetup-Beta.exe 2009-05-09 04:45:29 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe . ============= FINISH: 9:53:39.64 ===============
  11. Texasheli1
    . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by Cleveland's at 20:02:19 on 2012-06-29 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2016 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes =============== . "C:\WINDOWS\system32\svchost.exe" "C:\WINDOWS\system32\svchost.exe" C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft\BingBar\BBSvc.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\MediaMall\MediaMallServer.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\SkypeUSBPhoneDriver\Skype@phone.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\BRMFRSMG.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe C:\Documents and Settings\Cleveland's\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\chrome_frame_helper.exe C:\Program Files\NETGEAR\WN111\wn111.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\CLEVEL~1\LOCALS~1\Temp\SkypeSetup.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\MsiExec.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\microsoft office\office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [ChromeFrameHelper] "c:\documents and settings\cleveland's\local settings\application data\google\chrome\application\19.0.1084.56\chrome_frame_helper.exe" --startup mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [skype@phone] c:\program files\skypeusbphonedriver\Skype@phone.exe mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgear wn111 smart wizard.lnk - c:\program files\netgear\wn111\wn111.exe uPolicies-explorer: NoInstrumentation = 1 (0x1) mPolicies-explorer: NoResolveTrack = 1 (0x1) mPolicies-explorer: NoFileAssociate = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\microsoft activesync\INetRepl.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11\REFIEBAR.DLL Trusted Zone: cinemanow.com Trusted Zone: cnet.com\download Trusted Zone: roxio.com Trusted Zone: roxionow.com Trusted Zone: sonic.com DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.vmeprocess.com/NELX.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{97A05BB9-35CE-4553-B5B4-7AA5552180BA} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\documents and settings\cleveland's\local settings\application data\google\chrome\application\19.0.1084.56\npchrome_frame.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\cleveland's\application data\mozilla\firefox\profiles\coh6frck.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - plugin: c:\documents and settings\cleveland's\application data\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\documents and settings\cleveland's\application data\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\documents and settings\cleveland's\application data\mozilla\firefox\profiles\coh6frck.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npRNowPlugin.dll FF - plugin: c:\documents and settings\cleveland's\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\progra~1\microsoft office\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\microsoft office\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.urlbar.autoFill - false FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 FF - user.js: browser.urlbar.hideGoButton - true . ============= SERVICES / DRIVERS =============== . R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-10-16 40560] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-17 13496] R0 SockHook;SockHook;c:\windows\system32\drivers\SOCKHOOK.SYS [2009-7-26 15000] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-1-1 913792] R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176] R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-6-4 54760] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-28 654408] R2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2012-4-12 2976632] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-7-5 10680] R2 RoxioNow Service;RoxioNow Service;c:\program files\roxio\roxionow player\RNowSvc.exe [2011-8-2 400368] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592] R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\ultidev\cassini web server for asp.net 2.0\UltiDevCassinWebServer2a.exe [2007-2-8 49152] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848] R2 WebGuideTranscode;WebGuideTranscode;c:\program files\webguide\webguide4\bin\WebGuideTranscodeService.exe [2007-2-20 40960] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-3-22 100368] R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2009-4-20 2944] R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-4-20 60416] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2009-4-20 11008] R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2009-4-20 10368] R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2012-1-18 22176] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-28 22344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-8-21 374152] S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2012-1-19 25832] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 jswpsapi;Jumpstart Wifi Protected Setup; [x] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys --> c:\windows\system32\drivers\RT2860.sys [?] S3 RTL8192su;RNX-N2LX Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys --> c:\windows\system32\drivers\RTL8192su.sys [?] S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2008-8-6 20504] S3 TdiPbk;TdiPbk;c:\windows\system32\drivers\TdiPbk.SYS [2009-7-26 24328] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-06-25 05:17:02 -------- d-----w- c:\program files\PlayReady 2012-06-22 01:05:25 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-06-22 01:05:25 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-06-13 23:47:56 -------- d-----w- c:\documents and settings\cleveland's\Applications 2012-06-13 12:43:05 -------- d-----w- c:\documents and settings\cleveland's\Librarys 2012-06-13 06:30:54 -------- d-----w- c:\windows\system32\URTTEMP 2012-06-13 01:15:55 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-07 15:50:55 -------- d-----w- c:\program files\HP Photo Creations 2012-06-07 15:50:55 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations 2012-06-07 15:50:41 -------- d-----w- c:\documents and settings\cleveland's\application data\HpUpdate 2012-06-07 15:50:12 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll 2012-06-07 15:50:09 264552 ----a-w- c:\windows\system32\hpinksts8911LM.dll 2012-06-07 15:50:08 232296 ----a-w- c:\windows\system32\hpinksts8911.dll 2012-06-07 15:50:08 213352 ----a-w- c:\windows\system32\hpinkcoi8911.dll 2012-06-07 15:49:25 -------- d-----w- c:\program files\HP 2012-06-07 15:48:53 -------- d-----w- c:\documents and settings\cleveland's\local settings\application data\HP 2012-06-05 04:43:39 -------- d-----w- c:\documents and settings\cleveland's\Tracing 2012-06-05 04:25:12 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2012-06-05 04:21:43 -------- d-----w- c:\program files\Microsoft 2012-06-05 04:21:31 -------- d-----w- c:\program files\Windows Live SkyDrive 2012-06-05 04:16:55 484632 ----a-w- c:\program files\common files\windows live\.cache\a73ae721cd42d2\DXSETUP.exe 2012-06-05 04:16:54 74520 ----a-w- c:\program files\common files\windows live\.cache\a73ae721cd42d2\DSETUP.dll 2012-06-05 04:16:54 1670936 ----a-w- c:\program files\common files\windows live\.cache\a73ae721cd42d2\dsetup32.dll 2012-06-05 04:16:27 1013800 ----a-w- c:\program files\common files\windows live\.cache\fa2034281cd42d1\WindowsXP-KB954708-x86-ENU.exe . ==================== Find3M ==================== . 2012-06-28 18:33:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-28 18:33:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:19:37 599552 ----a-w- c:\windows\system32\crypt32.dll 2012-05-24 21:18:40 4472832 ----a-w- c:\windows\system32\GPhotos.scr 2012-05-24 15:48:10 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-16 18:28:05 371272 ----a-w- c:\program files\Skype.lnk 2011-12-13 01:18:12 69341552 ----a-w- c:\program files\iTunesSetup.exe 2011-06-21 02:41:02 20398464 ----a-w- c:\program files\TomTomHOME2winlatest.exe 2009-10-31 17:36:16 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe 2009-06-17 12:11:49 4909440 ----a-w- c:\program files\Silverlight.2.0.exe 2009-06-16 16:38:52 1988392 ----a-w- c:\program files\SkypeSetup-Beta.exe 2009-05-09 04:45:29 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR . Disk trace: called modules: ntkrnlpa.exe >>UNKNOWN [0x8A3D6A2E]<< _asm { MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; MOV EAX, [EBX+0x60]; PUSH ESI; MOV ESI, [EBP+0x8]; CMP ESI, [0x8a3d9180]; JZ 0x25; PUSH EBX; PUSH ESI; CALL [0x8a3d9178]; } 1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8AEBFAB8] \Driver\Disk[0x8AEC1938] -> IRP_MJ_READ -> 0x8A3D6A2E kernel: MBR read successfully _asm { XOR EAX, EAX; NOP ; MOV DS, AX; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; CLD ; MOV SI, 0x7c00; MOV DI, 0x600; NOP ; MOV CX, 0x80; NOP ; REP MOVSD ; NOP ; JMP FAR 0x0:0x624; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x8A3D70AE \Driver\atapi -> 0x8a3d6f76 IoDeviceObjectType -> ParseProcedure -> 0x8a3d620e \Device\Harddisk0\DR0 -> ParseProcedure -> 0x8a3d620e user != kernel MBR !!! Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. . ============= FINISH: 20:06:16.76 ===============
  12. Texasheli1
    Unfortunately I have deleted the logs before June 1 for Nod 32. I have included below the logs since June 1. Malwarebytes log Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.29.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Cleveland's :: BEDROOM [limited] Protection: Enabled 6/29/2012 3:25:31 PM mbam-log-2012-06-29 (15-25-31).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 800266 Time elapsed: 3 hour(s), 59 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\System Volume Information\_restore{C5B3AA7B-FB53-4FF2-9C76-1B3F928336FC}\RP1446\A0323903.exe (Trojan.Agent.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5B3AA7B-FB53-4FF2-9C76-1B3F928336FC}\RP1446\A0323906.exe (Trojan.Agent.H) -> Quarantined and deleted successfully. (end) Nod32 6/24/2012 12:09:51 AM HTTP filter file http://version.etype.com/AM/Somoto/eTypeSetupSSP.exe a variant of Win32/Somoto.A potentially unwanted application NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe. 6/22/2012 12:32:01 AM Real-time file system protection file C:\Documents and Settings\Cleveland's\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aakpnmmolajegnhokanpkejhigpchdfj\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined BEDROOM\Cleveland's Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe. 6/22/2012 12:32:01 AM Real-time file system protection file C:\Documents and Settings\Cleveland's\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgbdhgfdddddcgfdcgddadegedcdf\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined BEDROOM\Cleveland's Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe. 6/22/2012 12:32:01 AM Real-time file system protection file C:\Documents and Settings\Cleveland's\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgbdhgfdddddcgfdcgddadegedcdf\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined BEDROOM\Cleveland's Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe. 6/7/2012 2:13:51 PM HTTP filter file http://servpadex.com/media/delivery/enginer/721/pres/i/asv.php?n=1783av31&cb=1322212&campaignid=1414374 JS/Kryptik.PF trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe. 6/4/2012 10:11:46 PM HTTP filter file http://ad.manageincrease.com/imp/4/ser.php?ad=iframe&camp=8473920 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe. 6/4/2012 9:16:25 PM Real-time file system protection file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZM4RVIZ6\imp[1].htm JS/Iframe.EA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe. 6/4/2012 9:16:23 PM HTTP filter file http://ad.manageincrease.com/imp/imp.php?ad=iframe&camp=8473923 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe. 6/4/2012 9:16:23 PM HTTP filter file http://ad.helprotectist.com/imp/2/ser.php?ad=iframe&camp=8473914 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe. 6/4/2012 9:12:10 PM HTTP filter file http://ad.helprotectist.com/imp/4/ser.php?ad=iframe&camp=8473910 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe. 6/4/2012 9:12:05 PM Real-time file system protection file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FE7ICNAA\ser[1].htm JS/Iframe.EA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe. 6/4/2012 9:12:04 PM Real-time file system protection file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ETI120AM\ser[1].htm JS/Iframe.EA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe. 6/4/2012 9:12:01 PM HTTP filter file http://ad.experigster.com/imp/2/ser.php?ad=iframe&camp=8473919 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe. 6/4/2012 9:12:01 PM HTTP filter file http://ad.experigster.com/imp/imp.php?ad=iframe&camp=8473918 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe. 6/4/2012 8:24:26 PM Real-time file system protection file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ETI120AM\imp[2].htm JS/Iframe.EA trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe. 6/4/2012 8:24:24 PM HTTP filter file http://ad.manageincrease.com/imp/imp.php?ad=iframe&camp=8473923 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe. 6/4/2012 8:15:46 PM HTTP filter file http://ad.helprotectist.com/imp/4/ser.php?ad=iframe&camp=8473910 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe. 6/4/2012 8:15:45 PM HTTP filter file http://ad.helprotectist.com/imp/4/ser.php?ad=iframe&camp=8473910 JS/Iframe.EA trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe. 6/1/2012 12:46:49 AM Real-time file system protection file C:\WINDOWS\TEMP\74FF.tmp Win32/Olmarik.AWO trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\spoolsv.exe.
  13. Texasheli1
    Hello, Nod32 found Exploit.drop.9 and indicated it was removed. But the chrome browser is affected off and on. Also Nod32 indicates randomly that it has found in again and removes. I am also getting randowm sounds of ads playing in the background. I found exploit.drop.9 on two of my computers. The other seems to be ok, but this one still has random problems. attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.