View Full Version : http://redirect.trafficz.com
msobczak
2012-11-06, 15:24
I've used HJT and MalwareBytes to remove/disable SkyTel.exe and RichVideo.exe
DDS (Ver_2012-11-05.02) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by msobczak at 7:51:32 on 2012-11-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2227 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Notes\SUService.exe
C:\Notes\nsd.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxdwcoms.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSERVER2008R2\MSSQL\Binn\sqlservr.exe
C:\PlasticSCM4\server\plasticd.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
C:\Program Files\Lexmark 7600 Series\lxdwMsdMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\shup\shup.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [DiscWizardMonitor.exe] "c:\program files\seagate\discwizard\DiscWizardMonitor.exe"
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [lxdwmon.exe] "c:\program files\lexmark 7600 series\lxdwmon.exe"
mRun: [lxdwamon] "c:\program files\lexmark 7600 series\lxdwamon.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Client Access Service] c:\program files\ibm\client access\cwbsvstr.exe
StartupFolder: c:\docume~1\msobczak\startm~1\programs\startup\shup.lnk - c:\program files\shup\shup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: internet
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://secure2.andersonsinc.com/,DanaInfo=andmail1.andent.andersonsinc.com,ST=1+/dwa85W.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://69.153.173.130/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340456778703
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340706629390
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure2.andersonsinc.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{D2D09479-D355-466E-8CFE-ACA07256E4FF} : DHCPNameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\msobczak\application data\mozilla\firefox\profiles\a62qguqr.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\msobczak\application data\mozilla\firefox\profiles\a62qguqr.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll
FF - plugin: c:\documents and settings\msobczak\application data\mozilla\firefox\profiles\a62qguqr.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-10-20 12:48; http://forums.spybot.info/misc.php?do=email_dev&email=TG9nTWVJbkNsaWVudEBsb2dtZWluLmNvbQ==; c:\documents and settings\msobczak\application data\mozilla\firefox\profiles\a62qguqr.default\extensions\LogMeInClient@logmein.com
.
============= SERVICES / DRIVERS ===============
.
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2012-6-23 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2012-6-23 83392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-24 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-24 355632]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2012-6-25 13696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-10-28 242240]
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2012-9-15 87064]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-24 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-24 44808]
R2 LNSUSvc;Lotus Notes Smart Upgrade Service;c:\notes\SUService.exe [2011-9-16 189832]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 MSSQL$SQLSERVER2008R2;SQL Server (SQLSERVER2008R2);c:\program files\microsoft sql server\mssql10_50.sqlserver2008r2\mssql\binn\sqlservr.exe [2012-6-29 43129288]
R2 Plastic Server 4;Plastic Server 4;c:\plasticscm4\server\plasticd.exe [2012-11-3 66880]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2011-6-30 845808]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\sonicwall\sonicwall global vpn client\SWGVCSvc.exe [2009-3-5 227352]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-9 493248]
R2 wgsslvpnsrc;WatchGuard SSLVPN Service;c:\program files\watchguard\watchguard mobile vpn with ssl\wgsslvpnsrc.exe [2012-9-5 58368]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [2012-6-25 98984]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 Aktion_83_2.0.101_Prod_9955;EasyAsk Server Aktion 83 2.0.101 Prod (Port 9955);d:\easyask10\server-aktion83\easyaskserver_aktion_83_2.0.101_prod_9955.exe -zglaxservice aktion_83_2.0.101_prod_9955 -serverproperties easyaskserver_aktion_83_2.0.101_prod_9955.properties --> d:\easyask10\server-aktion83\EasyAskServer_Aktion_83_2.0.101_Prod_9955.exe -zglaxservice Aktion_83_2.0.101_Prod_9955 -serverproperties EasyAskServer_Aktion_83_2.0.101_Prod_9955.properties [?]
S3 Aktion_83_2.0.101_Staging_9956;EasyAsk Server Aktion 83 2.0.101 Staging (Port 9956);d:\easyask10\server-aktion83\easyaskserver_aktion_83_2.0.101_staging_9956.exe -zglaxservice aktion_83_2.0.101_staging_9956 -serverproperties easyaskserver_aktion_83_2.0.101_staging_9956.properties --> d:\easyask10\server-aktion83\EasyAskServer_Aktion_83_2.0.101_Staging_9956.exe -zglaxservice Aktion_83_2.0.101_Staging_9956 -serverproperties EasyAskServer_Aktion_83_2.0.101_Staging_9956.properties [?]
S3 Aktion_D8_1.5.313_Prod_9555;EasyAsk Server Aktion D8 1.5.313 Prod (Port 9555);d:\easyask10\server\easyaskserver_aktion_d8_1.5.313_prod_9555.exe -zglaxservice aktion_d8_1.5.313_prod_9555 -serverproperties easyaskserver_aktion_d8_1.5.313_prod_9555.properties --> d:\easyask10\server\EasyAskServer_Aktion_D8_1.5.313_Prod_9555.exe -zglaxservice Aktion_D8_1.5.313_Prod_9555 -serverproperties EasyAskServer_Aktion_D8_1.5.313_Prod_9555.properties [?]
S3 Aktion_D8_1.5.313_Staging_9556;EasyAsk Server Aktion D8 1.5.313 Staging (Port 9556);d:\easyask10\server\easyaskserver_aktion_d8_1.5.313_staging_9556.exe -zglaxservice aktion_d8_1.5.313_staging_9556 -serverproperties easyaskserver_aktion_d8_1.5.313_staging_9556.properties --> d:\easyask10\server\EasyAskServer_Aktion_D8_1.5.313_Staging_9556.exe -zglaxservice Aktion_D8_1.5.313_Staging_9556 -serverproperties EasyAskServer_Aktion_D8_1.5.313_Staging_9556.properties [?]
S3 msftesql$SQLSERVER2005;SQL Server FullText Search (SQLSERVER2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2005-8-26 92880]
S3 MSSQL$SQLSERVER2005;SQL Server (SQLSERVER2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2005-10-14 28768528]
S3 MSSQL$SQLSERVER2008;SQL Server (SQLSERVER2008);c:\program files\microsoft sql server\mssql10.sqlserver2008\mssql\binn\sqlservr.exe [2009-3-30 43010392]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-23 224896]
S3 SQLAgent$SQLSERVER2005;SQL Server Agent (SQLSERVER2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2005-10-14 318680]
S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 RsFx0153;RsFx0153 Driver;c:\windows\system32\drivers\RsFx0153.sys [2012-6-29 249288]
S4 SQLAgent$SQLSERVER2008;SQL Server Agent (SQLSERVER2008);c:\program files\microsoft sql server\mssql10.sqlserver2008\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
S4 SQLAgent$SQLSERVER2008R2;SQL Server Agent (SQLSERVER2008R2);c:\program files\microsoft sql server\mssql10_50.sqlserver2008r2\mssql\binn\SQLAGENT.EXE [2012-6-29 379848]
.
=============== Created Last 30 ================
.
2012-11-04 21:27:39 -------- d-----w- c:\documents and settings\msobczak\application data\Malwarebytes
2012-11-04 21:27:29 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-11-04 21:27:28 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-04 21:27:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-04 19:11:47 -------- d-----w- c:\documents and settings\msobczak\application data\smkits
2012-11-04 19:06:29 -------- d-----w- C:\HJT
2012-11-03 12:42:00 -------- d-----w- c:\documents and settings\msobczak\local settings\application data\plastic4
2012-11-03 12:23:44 -------- d-----w- C:\PlasticSCM4
2012-10-31 00:05:03 57288 ----a-w- c:\windows\system32\perf-MSSQL10_50.SQLSERVER2008R2-sqlagtctr.dll
2012-10-31 00:04:36 82888 ----a-w- c:\windows\system32\perf-MSSQL$SQLSERVER2008R2-sqlctr10.52.4000.0.dll
2012-10-30 02:19:45 92184 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-10-30 02:09:31 348256 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\ssis_scriptcomponent\9.0\1033\ResourceCache.dll
2012-10-30 02:09:15 348256 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\ssis_scripttask\9.0\1033\ResourceCache.dll
2012-10-30 02:07:58 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLSERVER2008-sqlagtctr10.0.1600.22.dll
2012-10-30 02:07:36 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLSERVER2008-sqlctr10.0.1600.22.dll
2012-10-30 02:05:04 416 ----a-w- c:\documents and settings\all users\application data\microsoft\msdn\9.0\1033\ResourceCache.dll
2012-10-30 02:03:01 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-10-30 02:02:23 -------- d-----w- c:\windows\system32\RsFx
2012-10-30 02:01:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-10-30 02:01:13 -------- d-----w- c:\program files\MSXML 6.0
2012-10-30 01:38:56 -------- d-----w- c:\documents and settings\msobczak\local settings\application data\Microsoft_Corporation
2012-10-29 22:04:44 -------- d--h--w- c:\program files\Zero G Registry
2012-10-29 22:02:58 -------- d--h--w- c:\documents and settings\msobczak\InstallAnywhere
2012-10-29 21:45:40 -------- d-----w- c:\documents and settings\msobczak\application data\Subversion
2012-10-29 21:24:00 -------- d-----w- C:\PortQryV2
2012-10-29 20:55:30 -------- d-----w- c:\program files\Infor Global Solutions
2012-10-28 20:26:03 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-10-28 20:19:44 -------- d-----w- c:\program files\Microsoft SQL Server
2012-10-28 20:17:32 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-28 20:17:25 -------- d-----w- c:\documents and settings\msobczak\application data\DAEMON Tools Lite
2012-10-28 20:17:21 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-10-28 20:16:44 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2012-10-28 18:00:49 -------- d-----w- C:\PCS
2012-10-27 18:18:17 -------- d-----w- c:\program files\shup
2012-10-25 22:10:11 -------- d-----w- c:\documents and settings\msobczak\local settings\application data\Cisco
2012-10-25 22:09:52 -------- d-----w- c:\program files\Cisco
2012-10-25 22:09:44 -------- d-----w- c:\documents and settings\all users\application data\Cisco
2012-10-13 14:08:20 -------- d-----w- c:\documents and settings\msobczak\.metadata
2012-10-13 14:08:13 -------- d-----w- c:\documents and settings\msobczak\.vec
2012-10-13 14:07:37 -------- d-----w- c:\documents and settings\msobczak\local settings\application data\Help
2012-10-13 14:07:33 -------- d-----w- c:\documents and settings\all users\application data\IBM
2012-10-13 14:07:32 -------- d-----w- c:\documents and settings\msobczak\application data\IBM
.
==================== Find3M ====================
.
2012-10-27 20:34:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-27 20:34:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-11 13:51:40 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-11 13:51:39 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-11 13:51:39 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-11 13:51:39 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 7:52:04.34 ===============
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-06 07:54:05
-----------------------------
07:54:05.500 OS Version: Windows 5.1.2600 Service Pack 3
07:54:05.500 Number of processors: 2 586 0xF0B
07:54:05.500 ComputerName: HOME-BIOSTAR UserName: msobczak
07:54:07.828 Initialize success
07:54:09.421 AVAST engine defs: 12110600
07:54:20.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-18
07:54:20.062 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
07:54:20.062 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-20
07:54:20.062 Disk 1 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
07:54:20.062 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-2b
07:54:20.062 Disk 2 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
07:54:20.093 Disk 0 MBR read successfully
07:54:20.093 Disk 0 MBR scan
07:54:20.187 Disk 0 Windows XP default MBR code
07:54:20.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
07:54:20.203 Disk 0 scanning sectors +976752000
07:54:20.296 Disk 0 scanning C:\WINDOWS\system32\drivers
07:54:28.687 Service scanning
07:54:56.328 Modules scanning
07:55:03.625 Disk 0 trace - called modules:
07:55:03.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll ACPI.sys atapi.sys pciide.sys
07:55:03.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aeaaab8]
07:55:03.640 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> [0x8aeb6c78]
07:55:03.640 5 vsflt53.sys[b7f60c2b] -> nt!IofCallDriver -> \Device\00000082[0x8ae6b9e8]
07:55:03.640 7 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-18[0x8ae18d98]
07:55:07.984 AVAST engine scan C:\WINDOWS
07:55:16.468 AVAST engine scan C:\WINDOWS\system32
07:59:08.921 AVAST engine scan C:\WINDOWS\system32\drivers
07:59:27.375 AVAST engine scan C:\Documents and Settings\msobczak
08:05:45.734 AVAST engine scan C:\Documents and Settings\All Users
08:07:00.437 Scan finished successfully
08:18:30.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\msobczak\Desktop\MBR.dat"
08:18:30.203 The log file has been saved successfully to "C:\Documents and Settings\msobczak\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-06 07:54:05
-----------------------------
07:54:05.500 OS Version: Windows 5.1.2600 Service Pack 3
07:54:05.500 Number of processors: 2 586 0xF0B
07:54:05.500 ComputerName: HOME-BIOSTAR UserName: msobczak
07:54:07.828 Initialize success
07:54:09.421 AVAST engine defs: 12110600
07:54:20.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-18
07:54:20.062 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
07:54:20.062 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-20
07:54:20.062 Disk 1 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
07:54:20.062 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-2b
07:54:20.062 Disk 2 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
07:54:20.093 Disk 0 MBR read successfully
07:54:20.093 Disk 0 MBR scan
07:54:20.187 Disk 0 Windows XP default MBR code
07:54:20.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
07:54:20.203 Disk 0 scanning sectors +976752000
07:54:20.296 Disk 0 scanning C:\WINDOWS\system32\drivers
07:54:28.687 Service scanning
07:54:56.328 Modules scanning
07:55:03.625 Disk 0 trace - called modules:
07:55:03.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll ACPI.sys atapi.sys pciide.sys
07:55:03.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aeaaab8]
07:55:03.640 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> [0x8aeb6c78]
07:55:03.640 5 vsflt53.sys[b7f60c2b] -> nt!IofCallDriver -> \Device\00000082[0x8ae6b9e8]
07:55:03.640 7 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-18[0x8ae18d98]
07:55:07.984 AVAST engine scan C:\WINDOWS
07:55:16.468 AVAST engine scan C:\WINDOWS\system32
07:59:08.921 AVAST engine scan C:\WINDOWS\system32\drivers
07:59:27.375 AVAST engine scan C:\Documents and Settings\msobczak
08:05:45.734 AVAST engine scan C:\Documents and Settings\All Users
08:07:00.437 Scan finished successfully
08:18:30.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\msobczak\Desktop\MBR.dat"
08:18:30.203 The log file has been saved successfully to "C:\Documents and Settings\msobczak\Desktop\aswMBR.txt"
shelf life
2012-11-20, 21:30
hi msobczak,
Your post is several days old. If you still need help simply reply back.
msobczak
2012-11-20, 21:43
Waiting patiently. Thanks for checking!
shelf life
2012-11-21, 02:12
That all looks ok. You think you still have malware on-board?
msobczak
2012-11-21, 02:40
I had a page get redirected to a site I didn't intend to go to.
shelf life
2012-11-21, 04:27
get redirected to a site I didn't intend to go to
Thats certainly a sign of malware. Lets start with tdsskiller:
Download
tdsskiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) to your desktop
Click the icon, then on Change Parameters. Check the option: Detect TDLFS file system, then click ok and start the scan.
Once the scan is done you will find a .txt file in your root drive Local Disk labeled as: TDSSKILLER.2.8.13.0_15.10.2012_17.34.06_log.txt (version,date time)
Please copy/paste the log file in your reply.
msobczak
2012-11-21, 14:22
07:20:34.0937 6396 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:20:35.0687 6396 ============================================================
07:20:35.0687 6396 Current date / time: 2012/11/21 07:20:35.0687
07:20:35.0687 6396 SystemInfo:
07:20:35.0687 6396
07:20:35.0687 6396 OS Version: 5.1.2600 ServicePack: 3.0
07:20:35.0687 6396 Product type: Workstation
07:20:35.0687 6396 ComputerName: HOME-BIOSTAR
07:20:35.0687 6396 UserName: msobczak
07:20:35.0687 6396 Windows directory: C:\WINDOWS
07:20:35.0703 6396 System windows directory: C:\WINDOWS
07:20:35.0703 6396 Processor architecture: Intel x86
07:20:35.0703 6396 Number of processors: 2
07:20:35.0703 6396 Page size: 0x1000
07:20:35.0703 6396 Boot type: Normal boot
07:20:35.0703 6396 ============================================================
07:20:37.0093 6396 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:20:37.0109 6396 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:20:37.0125 6396 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:20:37.0140 6396 ============================================================
07:20:37.0140 6396 \Device\Harddisk0\DR0:
07:20:37.0140 6396 MBR partitions:
07:20:37.0140 6396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
07:20:37.0140 6396 \Device\Harddisk1\DR1:
07:20:37.0140 6396 MBR partitions:
07:20:37.0140 6396 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x3A380D41
07:20:37.0140 6396 \Device\Harddisk2\DR2:
07:20:37.0140 6396 MBR partitions:
07:20:37.0140 6396 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385800
07:20:37.0140 6396 ============================================================
07:20:37.0171 6396 C: <-> \Device\Harddisk0\DR0\Partition1
07:20:37.0187 6396 H: <-> \Device\Harddisk1\DR1\Partition1
07:20:37.0218 6396 D: <-> \Device\Harddisk2\DR2\Partition1
07:20:37.0218 6396 ============================================================
07:20:37.0218 6396 Initialize success
07:20:37.0218 6396 ============================================================
07:20:56.0843 3180 ============================================================
07:20:56.0843 3180 Scan started
07:20:56.0843 3180 Mode: Manual; TDLFS;
07:20:56.0843 3180 ============================================================
07:20:57.0187 3180 ================ Scan system memory ========================
07:20:57.0187 3180 System memory - ok
07:20:57.0203 3180 ================ Scan services =============================
07:20:57.0328 3180 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
07:20:57.0328 3180 Aavmker4 - ok
07:20:57.0328 3180 Abiosdsk - ok
07:20:57.0328 3180 abp480n5 - ok
07:20:57.0375 3180 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:20:57.0406 3180 ACPI - ok
07:20:57.0437 3180 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
07:20:57.0437 3180 ACPIEC - ok
07:20:57.0453 3180 adpu160m - ok
07:20:57.0500 3180 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:20:57.0500 3180 aec - ok
07:20:57.0546 3180 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
07:20:57.0562 3180 AegisP - ok
07:20:57.0609 3180 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:20:57.0609 3180 AFD - ok
07:20:57.0625 3180 Aha154x - ok
07:20:57.0625 3180 aic78u2 - ok
07:20:57.0625 3180 aic78xx - ok
07:20:57.0703 3180 Aktion_83_2.0.101_Prod_9955 - ok
07:20:57.0703 3180 Aktion_83_2.0.101_Staging_9956 - ok
07:20:57.0765 3180 Aktion_D8_1.5.313_Prod_9555 - ok
07:20:57.0781 3180 Aktion_D8_1.5.313_Staging_9556 - ok
07:20:57.0875 3180 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:20:57.0875 3180 Alerter - ok
07:20:57.0906 3180 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
07:20:57.0906 3180 ALG - ok
07:20:57.0906 3180 AliIde - ok
07:20:57.0906 3180 amsint - ok
07:20:58.0015 3180 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:20:58.0031 3180 Apple Mobile Device - ok
07:20:58.0046 3180 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
07:20:58.0062 3180 AppMgmt - ok
07:20:58.0062 3180 asc - ok
07:20:58.0078 3180 asc3350p - ok
07:20:58.0078 3180 asc3550 - ok
07:20:58.0187 3180 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:20:58.0203 3180 aspnet_state - ok
07:20:58.0218 3180 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
07:20:58.0218 3180 aswFsBlk - ok
07:20:58.0234 3180 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
07:20:58.0234 3180 aswMon2 - ok
07:20:58.0265 3180 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
07:20:58.0265 3180 AswRdr - ok
07:20:58.0328 3180 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
07:20:58.0390 3180 aswSnx - ok
07:20:58.0421 3180 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
07:20:58.0453 3180 aswSP - ok
07:20:58.0468 3180 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
07:20:58.0468 3180 aswTdi - ok
07:20:58.0484 3180 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:20:58.0484 3180 AsyncMac - ok
07:20:58.0515 3180 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:20:58.0515 3180 atapi - ok
07:20:58.0515 3180 Atdisk - ok
07:20:58.0546 3180 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:20:58.0546 3180 Atmarpc - ok
07:20:58.0562 3180 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:20:58.0562 3180 AudioSrv - ok
07:20:58.0609 3180 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:20:58.0609 3180 audstub - ok
07:20:58.0656 3180 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:20:58.0656 3180 avast! Antivirus - ok
07:20:58.0703 3180 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:20:58.0703 3180 Beep - ok
07:20:58.0734 3180 [ BE5D50529799B9BAB6BE879EC768B6CF ] BIOS C:\WINDOWS\system32\drivers\BIOS.sys
07:20:58.0734 3180 BIOS - ok
07:20:58.0781 3180 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
07:20:58.0859 3180 BITS - ok
07:20:58.0953 3180 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:20:59.0000 3180 Bonjour Service - ok
07:20:59.0046 3180 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
07:20:59.0046 3180 Browser - ok
07:20:59.0500 3180 [ A916AA6D05FDE966903BCC20CDA41050 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
07:20:59.0875 3180 CarboniteService - ok
07:20:59.0890 3180 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:20:59.0906 3180 cbidf2k - ok
07:20:59.0906 3180 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:20:59.0921 3180 CCDECODE - ok
07:20:59.0921 3180 cd20xrnt - ok
07:20:59.0953 3180 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:20:59.0953 3180 Cdaudio - ok
07:21:00.0015 3180 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:21:00.0015 3180 Cdfs - ok
07:21:00.0062 3180 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:21:00.0062 3180 Cdrom - ok
07:21:00.0078 3180 Changer - ok
07:21:00.0093 3180 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:21:00.0093 3180 CiSvc - ok
07:21:00.0093 3180 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:21:00.0109 3180 ClipSrv - ok
07:21:00.0156 3180 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:21:00.0218 3180 clr_optimization_v2.0.50727_32 - ok
07:21:00.0265 3180 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:21:00.0281 3180 clr_optimization_v4.0.30319_32 - ok
07:21:00.0296 3180 CmdIde - ok
07:21:00.0296 3180 COMSysApp - ok
07:21:00.0296 3180 Cpqarray - ok
07:21:00.0343 3180 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:21:00.0359 3180 CryptSvc - ok
07:21:00.0359 3180 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
07:21:00.0359 3180 CVirtA - ok
07:21:00.0500 3180 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
07:21:00.0640 3180 CVPND - ok
07:21:00.0671 3180 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
07:21:00.0687 3180 CVPNDRVA - ok
07:21:00.0750 3180 [ 4AD2227BAA67172D1E0FBA95FF72A734 ] Cwbrxd C:\WINDOWS\cwbrxd.exe
07:21:01.0000 3180 Cwbrxd - ok
07:21:01.0000 3180 dac2w2k - ok
07:21:01.0000 3180 dac960nt - ok
07:21:01.0046 3180 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:21:01.0093 3180 DcomLaunch - ok
07:21:01.0140 3180 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:21:01.0156 3180 Dhcp - ok
07:21:01.0171 3180 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:21:01.0171 3180 Disk - ok
07:21:01.0171 3180 dmadmin - ok
07:21:01.0281 3180 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:21:01.0343 3180 dmboot - ok
07:21:01.0390 3180 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:21:01.0406 3180 dmio - ok
07:21:01.0406 3180 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:21:01.0406 3180 dmload - ok
07:21:01.0437 3180 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
07:21:01.0437 3180 dmserver - ok
07:21:01.0500 3180 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:21:01.0500 3180 DMusic - ok
07:21:01.0531 3180 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
07:21:01.0531 3180 DNE - ok
07:21:01.0546 3180 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:21:01.0546 3180 Dnscache - ok
07:21:01.0578 3180 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:21:01.0593 3180 Dot3svc - ok
07:21:01.0593 3180 dpti2o - ok
07:21:01.0625 3180 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:21:01.0625 3180 drmkaud - ok
07:21:01.0671 3180 [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
07:21:01.0671 3180 dsNcAdpt - ok
07:21:01.0765 3180 [ E6F6D426CDB0A9F0EF9285EA079978C4 ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
07:21:01.0828 3180 dsNcService - ok
07:21:01.0890 3180 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
07:21:01.0890 3180 dtsoftbus01 - ok
07:21:01.0906 3180 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:21:01.0921 3180 EapHost - ok
07:21:01.0968 3180 Earnest_2.0.101_Prod_9665 - ok
07:21:01.0968 3180 Earnest_2.0.101_Staging_9666 - ok
07:21:01.0984 3180 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:21:02.0000 3180 ERSvc - ok
07:21:02.0046 3180 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
07:21:02.0062 3180 Eventlog - ok
07:21:02.0093 3180 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
07:21:02.0125 3180 EventSystem - ok
07:21:02.0156 3180 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:21:02.0171 3180 Fastfat - ok
07:21:02.0218 3180 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:21:02.0250 3180 FastUserSwitchingCompatibility - ok
07:21:02.0281 3180 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
07:21:02.0281 3180 Fdc - ok
07:21:02.0296 3180 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:21:02.0296 3180 Fips - ok
07:21:02.0312 3180 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
07:21:02.0312 3180 Flpydisk - ok
07:21:02.0359 3180 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:21:02.0375 3180 FltMgr - ok
07:21:02.0453 3180 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:21:02.0484 3180 FontCache3.0.0.0 - ok
07:21:02.0484 3180 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:21:02.0484 3180 Fs_Rec - ok
07:21:02.0500 3180 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:21:02.0515 3180 Ftdisk - ok
07:21:02.0546 3180 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:21:02.0546 3180 GEARAspiWDM - ok
07:21:02.0562 3180 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:21:02.0562 3180 Gpc - ok
07:21:02.0609 3180 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:21:02.0625 3180 gupdate - ok
07:21:02.0640 3180 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:21:02.0640 3180 gupdatem - ok
07:21:02.0671 3180 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:21:02.0671 3180 HDAudBus - ok
07:21:02.0718 3180 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:21:02.0718 3180 helpsvc - ok
07:21:02.0718 3180 HidServ - ok
07:21:02.0750 3180 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:21:02.0750 3180 HidUsb - ok
07:21:02.0781 3180 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:21:02.0796 3180 hkmsvc - ok
07:21:02.0796 3180 hpn - ok
07:21:02.0843 3180 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:21:02.0859 3180 HTTP - ok
07:21:02.0875 3180 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:21:02.0890 3180 HTTPFilter - ok
07:21:02.0906 3180 i2omgmt - ok
07:21:02.0906 3180 i2omp - ok
07:21:02.0906 3180 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:21:02.0921 3180 i8042prt - ok
07:21:03.0062 3180 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:21:03.0171 3180 idsvc - ok
07:21:03.0171 3180 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:21:03.0171 3180 Imapi - ok
07:21:03.0234 3180 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
07:21:03.0250 3180 ImapiService - ok
07:21:03.0250 3180 ini910u - ok
07:21:03.0671 3180 [ C464CF7A58C011A70188602B55C64E99 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:21:04.0078 3180 IntcAzAudAddService - ok
07:21:04.0078 3180 IntelIde - ok
07:21:04.0125 3180 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:21:04.0125 3180 intelppm - ok
07:21:04.0140 3180 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:21:04.0140 3180 Ip6Fw - ok
07:21:04.0171 3180 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:21:04.0171 3180 IpFilterDriver - ok
07:21:04.0171 3180 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:21:04.0171 3180 IpInIp - ok
07:21:04.0218 3180 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:21:04.0234 3180 IpNat - ok
07:21:04.0328 3180 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:21:04.0406 3180 iPod Service - ok
07:21:04.0421 3180 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:21:04.0421 3180 IPSec - ok
07:21:04.0453 3180 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:21:04.0453 3180 IRENUM - ok
07:21:04.0484 3180 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:21:04.0484 3180 isapnp - ok
07:21:04.0531 3180 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:21:04.0531 3180 Kbdclass - ok
07:21:04.0546 3180 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:21:04.0562 3180 kmixer - ok
07:21:04.0593 3180 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:21:04.0609 3180 KSecDD - ok
07:21:04.0640 3180 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
07:21:04.0656 3180 LanmanServer - ok
07:21:04.0718 3180 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:21:04.0734 3180 lanmanworkstation - ok
07:21:04.0734 3180 lbrtfdc - ok
07:21:04.0765 3180 [ C872D410FB5B0D75658124B197BA1B96 ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
07:21:04.0765 3180 LHidFlt2 - ok
07:21:04.0812 3180 [ 4AF65F3A2253DF7D0B8D80812EAE7A7C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:21:04.0828 3180 LightScribeService - ok
07:21:04.0828 3180 [ 8764D6C21164383A4EB54D0768BF74FA ] LKbdFlt2 C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
07:21:04.0828 3180 LKbdFlt2 - ok
07:21:04.0859 3180 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:21:04.0859 3180 LmHosts - ok
07:21:04.0859 3180 [ 9879AA615C331E98C5774E70BBCCB8D3 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
07:21:04.0875 3180 LMouFlt2 - ok
07:21:04.0968 3180 [ 2098AF12149789FA6608422C8796F77C ] LNSUSvc C:\Notes\SUService.exe
07:21:05.0031 3180 LNSUSvc - ok
07:21:05.0046 3180 Lotus Notes Diagnostics - ok
07:21:05.0093 3180 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
07:21:05.0093 3180 LVPr2Mon - ok
07:21:05.0187 3180 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
07:21:05.0203 3180 LVPrcSrv - ok
07:21:05.0265 3180 [ 87ECCE893D8AEC5A9337B917742D339C ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
07:21:05.0296 3180 LVRS - ok
07:21:05.0343 3180 [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
07:21:05.0343 3180 LVUSBSta - ok
07:21:05.0437 3180 [ 7B7194AE306B29BB82FD165A2694FA2E ] lxdwCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe
07:21:05.0453 3180 lxdwCATSCustConnectService - ok
07:21:05.0453 3180 lxdw_device - ok
07:21:05.0484 3180 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:21:05.0484 3180 Messenger - ok
07:21:05.0515 3180 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:21:05.0515 3180 mnmdd - ok
07:21:05.0562 3180 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:21:05.0562 3180 mnmsrvc - ok
07:21:05.0578 3180 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:21:05.0578 3180 Modem - ok
07:21:05.0609 3180 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:21:05.0625 3180 Mouclass - ok
07:21:05.0625 3180 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:21:05.0625 3180 mouhid - ok
07:21:05.0640 3180 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:21:05.0640 3180 MountMgr - ok
07:21:05.0703 3180 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:21:05.0718 3180 MozillaMaintenance - ok
07:21:05.0718 3180 mraid35x - ok
07:21:05.0734 3180 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:21:05.0750 3180 MRxDAV - ok
07:21:05.0796 3180 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:21:05.0843 3180 MRxSmb - ok
07:21:05.0859 3180 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:21:05.0875 3180 MSDTC - ok
07:21:06.0015 3180 [ 8B6BE9A0C37A741F8A7EC604D6DCE9A7 ] MsDtsServer C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
07:21:06.0031 3180 MsDtsServer - ok
07:21:06.0046 3180 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:21:06.0046 3180 Msfs - ok
07:21:06.0125 3180 [ 64149160CCBAE488D61ABE3F46E8A95F ] msftesql$SQLSERVER2005 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
07:21:06.0187 3180 msftesql$SQLSERVER2005 - ok
07:21:06.0187 3180 MSIServer - ok
07:21:06.0203 3180 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:21:06.0203 3180 MSKSSRV - ok
07:21:06.0203 3180 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:21:06.0203 3180 MSPCLOCK - ok
07:21:06.0218 3180 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:21:06.0218 3180 MSPQM - ok
07:21:06.0218 3180 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:21:06.0218 3180 mssmbios - ok
07:21:06.0234 3180 MSSQL$SQLSERVER2005 - ok
07:21:06.0281 3180 MSSQL$SQLSERVER2008 - ok
07:21:06.0312 3180 MSSQL$SQLSERVER2008R2 - ok
07:21:06.0406 3180 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
07:21:06.0406 3180 MSSQLServerADHelper - ok
07:21:06.0484 3180 [ 8E8E74C953EB0C4F8828D99D6F27FD6F ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
07:21:06.0484 3180 MSSQLServerADHelper100 - ok
07:21:06.0515 3180 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
07:21:06.0515 3180 MSTEE - ok
07:21:06.0546 3180 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:21:06.0562 3180 Mup - ok
07:21:06.0562 3180 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:21:06.0578 3180 NABTSFEC - ok
07:21:06.0609 3180 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:21:06.0640 3180 napagent - ok
07:21:06.0671 3180 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:21:06.0687 3180 NDIS - ok
07:21:06.0687 3180 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:21:06.0703 3180 NdisIP - ok
07:21:06.0703 3180 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:21:06.0703 3180 NdisTapi - ok
07:21:06.0734 3180 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:21:06.0734 3180 Ndisuio - ok
07:21:06.0750 3180 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:21:06.0750 3180 NdisWan - ok
07:21:06.0765 3180 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:21:06.0765 3180 NDProxy - ok
07:21:06.0781 3180 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:21:06.0781 3180 NetBIOS - ok
07:21:06.0796 3180 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:21:06.0812 3180 NetBT - ok
07:21:06.0843 3180 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
07:21:06.0859 3180 NetDDE - ok
07:21:06.0875 3180 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:21:06.0875 3180 NetDDEdsdm - ok
07:21:06.0906 3180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:21:06.0906 3180 Netlogon - ok
07:21:06.0937 3180 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
07:21:06.0968 3180 Netman - ok
07:21:07.0046 3180 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:21:07.0062 3180 NetTcpPortSharing - ok
07:21:07.0109 3180 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
07:21:07.0140 3180 Nla - ok
07:21:07.0171 3180 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:21:07.0171 3180 Npfs - ok
07:21:07.0218 3180 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:21:07.0296 3180 Ntfs - ok
07:21:07.0312 3180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:21:07.0312 3180 NtLmSsp - ok
07:21:07.0359 3180 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:21:07.0437 3180 NtmsSvc - ok
07:21:07.0453 3180 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
07:21:07.0453 3180 Null - ok
07:21:08.0625 3180 [ 0DC79B60CEDC3A8854C27B3C6E4B3414 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:21:09.0765 3180 nv - ok
07:21:09.0812 3180 [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
07:21:09.0812 3180 NVENETFD - ok
07:21:09.0843 3180 [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
07:21:09.0843 3180 nvnetbus - ok
07:21:09.0890 3180 [ 74D8BE0A343D71F83B5A5485F8894F7E ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
07:21:09.0906 3180 NVSvc - ok
07:21:09.0937 3180 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:21:09.0953 3180 NwlnkFlt - ok
07:21:09.0953 3180 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:21:09.0953 3180 NwlnkFwd - ok
07:21:10.0093 3180 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:21:10.0140 3180 odserv - ok
07:21:10.0187 3180 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:21:10.0203 3180 ose - ok
07:21:10.0234 3180 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
07:21:10.0234 3180 Parport - ok
07:21:10.0250 3180 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:21:10.0250 3180 PartMgr - ok
07:21:10.0281 3180 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:21:10.0296 3180 ParVdm - ok
07:21:10.0296 3180 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:21:10.0312 3180 PCI - ok
07:21:10.0312 3180 PCIDump - ok
07:21:10.0312 3180 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:21:10.0312 3180 PCIIde - ok
07:21:10.0359 3180 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:21:10.0359 3180 Pcmcia - ok
07:21:10.0359 3180 PDCOMP - ok
07:21:10.0375 3180 PDFRAME - ok
07:21:10.0375 3180 PDRELI - ok
07:21:10.0375 3180 PDRFRAME - ok
07:21:10.0406 3180 [ B20F958B207E6AAAC5F70D04DD2C30D8 ] pepifilter C:\WINDOWS\system32\DRIVERS\lv302af.sys
07:21:10.0406 3180 pepifilter - ok
07:21:10.0406 3180 perc2 - ok
07:21:10.0406 3180 perc2hib - ok
07:21:10.0453 3180 [ ED2E7F396B4098608C95BC3806BDF6FC ] pfc C:\WINDOWS\system32\drivers\pfc.sys
07:21:10.0453 3180 pfc - ok
07:21:10.0703 3180 [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
07:21:10.0937 3180 PID_PEPI - ok
07:21:11.0046 3180 [ 56E9D4C6A4F5379411AD7633F7D1BB0D ] Plastic Server 4 C:\PlasticSCM4\server\plasticd.exe
07:21:11.0046 3180 Plastic Server 4 - ok
07:21:11.0078 3180 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
07:21:11.0078 3180 PlugPlay - ok
07:21:11.0078 3180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:21:11.0078 3180 PolicyAgent - ok
07:21:11.0093 3180 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:21:11.0093 3180 PptpMiniport - ok
07:21:11.0109 3180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:21:11.0109 3180 ProtectedStorage - ok
07:21:11.0109 3180 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:21:11.0125 3180 PSched - ok
07:21:11.0125 3180 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:21:11.0125 3180 Ptilink - ok
07:21:11.0156 3180 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:21:11.0156 3180 PxHelp20 - ok
07:21:11.0156 3180 ql1080 - ok
07:21:11.0156 3180 Ql10wnt - ok
07:21:11.0156 3180 ql12160 - ok
07:21:11.0171 3180 ql1240 - ok
07:21:11.0171 3180 ql1280 - ok
07:21:11.0187 3180 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:21:11.0187 3180 RasAcd - ok
07:21:11.0218 3180 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:21:11.0234 3180 RasAuto - ok
07:21:11.0250 3180 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:21:11.0250 3180 Rasl2tp - ok
07:21:11.0281 3180 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:21:11.0312 3180 RasMan - ok
07:21:11.0312 3180 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:21:11.0312 3180 RasPppoe - ok
07:21:11.0328 3180 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:21:11.0328 3180 Raspti - ok
07:21:11.0343 3180 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:21:11.0359 3180 Rdbss - ok
07:21:11.0375 3180 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:21:11.0375 3180 RDPCDD - ok
07:21:11.0421 3180 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:21:11.0437 3180 rdpdr - ok
07:21:11.0484 3180 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:21:11.0500 3180 RDPWD - ok
07:21:11.0546 3180 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:21:11.0562 3180 RDSessMgr - ok
07:21:11.0578 3180 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:21:11.0578 3180 redbook - ok
07:21:11.0593 3180 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:21:11.0609 3180 RemoteAccess - ok
07:21:11.0640 3180 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
07:21:11.0656 3180 RemoteRegistry - ok
07:21:11.0765 3180 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
07:21:11.0781 3180 RichVideo - ok
07:21:11.0812 3180 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
07:21:11.0812 3180 RpcLocator - ok
07:21:11.0875 3180 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
07:21:11.0875 3180 RpcSs - ok
07:21:11.0921 3180 [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103 C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
07:21:11.0953 3180 RsFx0103 - ok
07:21:12.0000 3180 [ 83FEEC49C4FCA310EA951F84A83161FF ] RsFx0153 C:\WINDOWS\system32\DRIVERS\RsFx0153.sys
07:21:12.0031 3180 RsFx0153 - ok
07:21:12.0062 3180 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:21:12.0078 3180 RSVP - ok
07:21:12.0140 3180 [ 4E812AC89EEC95AAC9CACEA29A0F8DC8 ] RTL8187B C:\WINDOWS\system32\DRIVERS\wg111v3.sys
07:21:12.0156 3180 RTL8187B - ok
07:21:12.0171 3180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
07:21:12.0171 3180 SamSs - ok
07:21:12.0203 3180 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:21:12.0218 3180 SCardSvr - ok
07:21:12.0265 3180 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:21:12.0281 3180 Schedule - ok
07:21:12.0296 3180 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:21:12.0296 3180 Secdrv - ok
07:21:12.0343 3180 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:21:12.0343 3180 seclogon - ok
07:21:12.0359 3180 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
07:21:12.0359 3180 SENS - ok
07:21:12.0375 3180 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
07:21:12.0375 3180 serenum - ok
07:21:12.0390 3180 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
07:21:12.0390 3180 Serial - ok
07:21:12.0406 3180 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:21:12.0406 3180 Sfloppy - ok
07:21:12.0531 3180 [ C950D0381B42A54541CD55ADCCF3D75B ] SgtSch2Svc C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
07:21:12.0609 3180 SgtSch2Svc - ok
07:21:12.0640 3180 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:21:12.0671 3180 SharedAccess - ok
07:21:12.0687 3180 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:21:12.0687 3180 ShellHWDetection - ok
07:21:12.0703 3180 Simbad - ok
07:21:12.0750 3180 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
07:21:12.0765 3180 SkypeUpdate - ok
07:21:12.0796 3180 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:21:12.0796 3180 SLIP - ok
07:21:12.0843 3180 [ 98B44C15B4EED76AA8DCCB64A4CA11AF ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
07:21:12.0859 3180 snapman - ok
07:21:12.0984 3180 [ B143CAB440A4AF75614EFD84FB2241C5 ] SONICWALL_NetExtender C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
07:21:13.0046 3180 SONICWALL_NetExtender - ok
07:21:13.0046 3180 Sparrow - ok
07:21:13.0078 3180 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:21:13.0078 3180 splitter - ok
07:21:13.0125 3180 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:21:13.0140 3180 Spooler - ok
07:21:13.0203 3180 [ 7847EF1DB2E289BE82CBC70CF4D98FF8 ] SQLAgent$SQLSERVER2005 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
07:21:13.0265 3180 SQLAgent$SQLSERVER2005 - ok
07:21:13.0343 3180 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLSERVER2008 c:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVER2008\MSSQL\Binn\SQLAGENT.EXE
07:21:13.0437 3180 SQLAgent$SQLSERVER2008 - ok
07:21:13.0484 3180 [ AA73986098DF80FDE1703913EEB1C66E ] SQLAgent$SQLSERVER2008R2 c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSERVER2008R2\MSSQL\Binn\SQLAGENT.EXE
07:21:13.0578 3180 SQLAgent$SQLSERVER2008R2 - ok
07:21:13.0625 3180 [ 1B42A219690645CE735F1F4B97A84B8E ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
07:21:13.0640 3180 SQLBrowser - ok
07:21:13.0687 3180 [ 8E6E5CFA06769A417B03FD6FAA29E010 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
07:21:13.0703 3180 SQLWriter - ok
07:21:13.0718 3180 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:21:13.0734 3180 sr - ok
07:21:13.0765 3180 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
07:21:13.0781 3180 srservice - ok
07:21:13.0843 3180 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:21:13.0875 3180 Srv - ok
07:21:13.0906 3180 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:21:13.0921 3180 SSDPSRV - ok
07:21:13.0953 3180 [ A7A577C32309FE723FA2EF927464EC6F ] SSLDrv C:\WINDOWS\system32\DRIVERS\SSLDrv.sys
07:21:13.0984 3180 SSLDrv - ok
07:21:14.0078 3180 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:21:14.0140 3180 stisvc - ok
07:21:14.0171 3180 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:21:14.0171 3180 streamip - ok
07:21:14.0187 3180 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:21:14.0187 3180 swenum - ok
07:21:14.0234 3180 [ C966E60968F0EF114606EEFD3E5EF1C2 ] SWGVCSvc C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
07:21:14.0250 3180 SWGVCSvc - ok
07:21:14.0281 3180 [ EBD83E322B4EB50F6A1D8D7B42D3745E ] SWIPsec C:\WINDOWS\system32\Drivers\SWIPsec.sys
07:21:14.0296 3180 SWIPsec - ok
07:21:14.0343 3180 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:21:14.0343 3180 swmidi - ok
07:21:14.0359 3180 SwPrv - ok
07:21:14.0375 3180 [ 962B13026B10B82D2874BFDA4ECC048D ] SWVNIC C:\WINDOWS\system32\DRIVERS\swvnic.sys
07:21:14.0375 3180 SWVNIC - ok
07:21:14.0375 3180 symc810 - ok
07:21:14.0375 3180 symc8xx - ok
07:21:14.0390 3180 sym_hi - ok
07:21:14.0390 3180 sym_u3 - ok
07:21:14.0406 3180 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:21:14.0421 3180 sysaudio - ok
07:21:14.0453 3180 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:21:14.0453 3180 SysmonLog - ok
07:21:14.0500 3180 [ 7BD3EF7BA8D1044132CA4869AA8D5297 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
07:21:14.0500 3180 tap0901 - ok
07:21:14.0531 3180 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:21:14.0562 3180 TapiSrv - ok
07:21:14.0625 3180 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:21:14.0671 3180 Tcpip - ok
07:21:14.0703 3180 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:21:14.0703 3180 TDPIPE - ok
07:21:14.0718 3180 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:21:14.0718 3180 TDTCP - ok
07:21:14.0750 3180 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:21:14.0750 3180 TermDD - ok
07:21:14.0781 3180 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
07:21:14.0812 3180 TermService - ok
07:21:14.0843 3180 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
07:21:14.0843 3180 Themes - ok
07:21:14.0937 3180 [ D8A96D0E25D43FDAC3BED09ADF39FDE9 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
07:21:15.0000 3180 timounter - ok
07:21:15.0031 3180 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
07:21:15.0046 3180 TlntSvr - ok
07:21:15.0046 3180 TosIde - ok
07:21:15.0093 3180 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:21:15.0109 3180 TrkWks - ok
07:21:15.0140 3180 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:21:15.0156 3180 Udfs - ok
07:21:15.0156 3180 ultra - ok
07:21:15.0218 3180 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:21:15.0250 3180 Update - ok
07:21:15.0312 3180 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
07:21:15.0328 3180 upnphost - ok
07:21:15.0343 3180 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
07:21:15.0359 3180 UPS - ok
07:21:15.0390 3180 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
07:21:15.0406 3180 usbaudio - ok
07:21:15.0421 3180 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:21:15.0437 3180 usbccgp - ok
07:21:15.0453 3180 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:21:15.0453 3180 usbehci - ok
07:21:15.0468 3180 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:21:15.0468 3180 usbhub - ok
07:21:15.0515 3180 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
07:21:15.0515 3180 usbohci - ok
07:21:15.0562 3180 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:21:15.0562 3180 usbprint - ok
07:21:15.0593 3180 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:21:15.0593 3180 usbscan - ok
07:21:15.0625 3180 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:21:15.0625 3180 USBSTOR - ok
07:21:15.0640 3180 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:21:15.0640 3180 VgaSave - ok
07:21:15.0640 3180 ViaIde - ok
07:21:15.0671 3180 [ 149EC3E217F9D11E9CA6C54CE3D70C73 ] vididr C:\WINDOWS\system32\DRIVERS\vididr.sys
07:21:15.0687 3180 vididr - ok
07:21:15.0703 3180 [ E31E9CD40677B84B3ADAA7A0D80DC439 ] vidsflt53 C:\WINDOWS\system32\DRIVERS\vsflt53.sys
07:21:15.0718 3180 vidsflt53 - ok
07:21:15.0718 3180 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:21:15.0734 3180 VolSnap - ok
07:21:15.0796 3180 [ E4D2305EBB9DE0871A1E13294D0F349B ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
07:21:15.0843 3180 vpnagent - ok
07:21:15.0859 3180 [ E1F2333A88EC4A5C8EA6BE357323B72D ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
07:21:15.0859 3180 vpnva - ok
07:21:15.0968 3180 [ 0354BA3A5BA5E28CC247EB5F5DD8793C ] vsdatant C:\WINDOWS\system32\vsdatant.sys
07:21:16.0078 3180 vsdatant - ok
07:21:16.0125 3180 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
07:21:16.0156 3180 VSS - ok
07:21:16.0203 3180 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
07:21:16.0234 3180 W32Time - ok
07:21:16.0250 3180 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:21:16.0265 3180 Wanarp - ok
07:21:16.0265 3180 WDICA - ok
07:21:16.0296 3180 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:21:16.0312 3180 wdmaud - ok
07:21:16.0328 3180 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
07:21:16.0343 3180 WebClient - ok
07:21:16.0390 3180 [ C5767C65BC256839355C2C45E8479D34 ] wgsslvpnsrc C:\Program Files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
07:21:16.0406 3180 wgsslvpnsrc - ok
07:21:16.0484 3180 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:21:16.0500 3180 winmgmt - ok
07:21:16.0531 3180 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
07:21:16.0531 3180 WmdmPmSN - ok
07:21:16.0609 3180 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
07:21:16.0656 3180 Wmi - ok
07:21:16.0703 3180 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
07:21:16.0703 3180 WmiAcpi - ok
07:21:16.0750 3180 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:21:16.0765 3180 WmiApSrv - ok
07:21:16.0875 3180 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
07:21:17.0000 3180 WMPNetworkSvc - ok
07:21:17.0234 3180 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:21:17.0312 3180 WPFFontCache_v0400 - ok
07:21:17.0359 3180 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:21:17.0359 3180 wscsvc - ok
07:21:17.0390 3180 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:21:17.0390 3180 WSTCODEC - ok
07:21:17.0406 3180 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:21:17.0421 3180 wuauserv - ok
07:21:17.0437 3180 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:21:17.0453 3180 WudfPf - ok
07:21:17.0453 3180 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:21:17.0468 3180 WudfRd - ok
07:21:17.0484 3180 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
07:21:17.0500 3180 WudfSvc - ok
07:21:17.0562 3180 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:21:17.0609 3180 WZCSVC - ok
07:21:17.0640 3180 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:21:17.0656 3180 xmlprov - ok
07:21:17.0671 3180 ================ Scan global ===============================
07:21:17.0703 3180 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
07:21:17.0750 3180 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:21:17.0812 3180 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:21:17.0843 3180 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
07:21:17.0843 3180 [Global] - ok
07:21:17.0859 3180 ================ Scan MBR ==================================
07:21:17.0875 3180 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:21:18.0156 3180 \Device\Harddisk0\DR0 - ok
07:21:18.0156 3180 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
07:21:18.0296 3180 \Device\Harddisk1\DR1 - ok
07:21:18.0312 3180 [ 7C709E64E0DB81348B6E720DBE36303C ] \Device\Harddisk2\DR2
07:21:18.0453 3180 \Device\Harddisk2\DR2 - ok
07:21:18.0453 3180 ================ Scan VBR ==================================
07:21:18.0453 3180 [ 2E88B979ABAE955D9093D4597FD78189 ] \Device\Harddisk0\DR0\Partition1
07:21:18.0453 3180 \Device\Harddisk0\DR0\Partition1 - ok
07:21:18.0484 3180 [ 28FD15E6DCE58A88F8CDAA74F50090C4 ] \Device\Harddisk1\DR1\Partition1
07:21:18.0484 3180 \Device\Harddisk1\DR1\Partition1 - ok
07:21:18.0484 3180 [ 6FD876E04C33A7324694E61EC55F5440 ] \Device\Harddisk2\DR2\Partition1
07:21:18.0484 3180 \Device\Harddisk2\DR2\Partition1 - ok
07:21:18.0484 3180 ============================================================
07:21:18.0484 3180 Scan finished
07:21:18.0484 3180 ============================================================
07:21:18.0484 8080 Detected object count: 0
07:21:18.0484 8080 Actual detected object count: 0
07:21:30.0718 4236 Deinitialize success
shelf life
2012-11-21, 17:14
ok. One more download. Combofix, there is a guide to read through first. Read the guide then apply the directions on your own machine.
Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
msobczak
2012-11-22, 15:04
ComboFix 12-11-22.03 - msobczak 11/22/2012 7:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2268 [GMT -5:00]
Running from: c:\documents and settings\msobczak\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET76A.tmp
c:\windows\system32\SET76F.tmp
c:\windows\system32\SET776.tmp
c:\windows\TEMP\logishrd\LVPrcInj02.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))
.
.
2012-11-06 12:49 . 2012-11-06 12:50 -------- d-----w- c:\program files\ERUNT
2012-11-04 21:27 . 2012-11-04 21:27 -------- d-----w- c:\documents and settings\msobczak\Application Data\Malwarebytes
2012-11-04 21:27 . 2012-11-04 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-11-04 21:27 . 2012-11-04 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-04 21:27 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-04 19:06 . 2012-11-06 12:44 -------- d-----w- C:\HJT
2012-11-03 12:42 . 2012-11-12 23:45 -------- d-----w- c:\documents and settings\msobczak\Local Settings\Application Data\plastic4
2012-11-03 12:23 . 2012-11-03 12:24 -------- d-----w- C:\PlasticSCM4
2012-10-31 00:05 . 2012-06-29 05:22 57288 ----a-w- c:\windows\system32\perf-MSSQL10_50.SQLSERVER2008R2-sqlagtctr.dll
2012-10-31 00:04 . 2012-06-29 05:22 82888 ----a-w- c:\windows\system32\perf-MSSQL$SQLSERVER2008R2-sqlctr10.52.4000.0.dll
2012-10-30 02:19 . 2008-08-11 18:31 92184 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-10-30 02:09 . 2012-10-30 02:09 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
2012-10-30 02:09 . 2012-10-30 02:09 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
2012-10-30 02:07 . 2008-08-11 18:31 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLSERVER2008-sqlagtctr10.0.1600.22.dll
2012-10-30 02:07 . 2008-08-11 18:31 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLSERVER2008-sqlctr10.0.1600.22.dll
2012-10-30 02:05 . 2012-10-30 02:05 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-10-30 02:03 . 2012-10-30 02:03 -------- d-----w- c:\program files\Microsoft SDKs
2012-10-30 02:03 . 2012-10-30 02:03 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-10-30 02:02 . 2012-10-30 02:02 -------- d-----w- c:\windows\system32\RsFx
2012-10-30 02:01 . 2012-10-30 02:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-10-30 02:01 . 2012-10-30 02:03 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-10-30 02:01 . 2012-10-30 02:01 -------- d-----w- c:\program files\MSXML 6.0
2012-10-30 01:38 . 2012-10-30 01:38 -------- d-----w- c:\documents and settings\msobczak\Local Settings\Application Data\Microsoft_Corporation
2012-10-29 22:26 . 2012-10-29 22:26 -------- d-----w- c:\program files\7-Zip
2012-10-29 22:04 . 2012-10-29 22:06 -------- d--h--w- c:\program files\Zero G Registry
2012-10-29 22:02 . 2012-10-29 22:02 -------- d--h--w- c:\documents and settings\msobczak\InstallAnywhere
2012-10-29 21:45 . 2012-10-29 21:45 -------- d-----w- c:\documents and settings\msobczak\Application Data\Subversion
2012-10-29 21:24 . 2012-10-29 21:24 -------- d-----w- C:\PortQryV2
2012-10-29 20:55 . 2012-10-29 20:55 -------- d-----w- c:\program files\Infor Global Solutions
2012-10-28 20:26 . 2012-10-28 20:26 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-10-28 20:19 . 2012-10-31 00:03 -------- d-----w- c:\program files\Microsoft SQL Server
2012-10-28 20:17 . 2012-10-28 20:17 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-28 20:17 . 2012-10-29 20:51 -------- d-----w- c:\documents and settings\msobczak\Application Data\DAEMON Tools Lite
2012-10-28 20:17 . 2012-10-28 20:17 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-10-28 20:16 . 2012-10-28 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2012-10-28 18:00 . 2012-10-28 18:00 -------- d-----w- C:\PCS
2012-10-28 17:03 . 2012-11-10 19:45 -------- d-----w- c:\documents and settings\msobczak\Application Data\FileZilla
2012-10-28 17:02 . 2012-10-28 17:02 -------- d-----w- c:\program files\FileZilla FTP Client
2012-10-27 18:18 . 2012-10-27 18:18 -------- d-----w- c:\program files\shup
2012-10-25 22:10 . 2012-10-25 22:10 -------- d-----w- c:\documents and settings\msobczak\Local Settings\Application Data\Cisco
2012-10-25 22:09 . 2012-10-25 22:09 -------- d-----w- c:\program files\Cisco
2012-10-25 22:09 . 2012-10-25 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 23:51 . 2012-06-24 13:29 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2012-06-24 13:29 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 23:51 . 2012-06-24 13:29 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2012-06-24 13:29 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2012-06-24 13:29 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 23:51 . 2012-06-24 13:29 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 23:51 . 2012-06-24 13:29 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2012-06-24 13:29 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 23:51 . 2012-06-24 13:28 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2012-06-24 13:28 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-27 20:34 . 2012-08-12 13:39 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-27 20:34 . 2012-08-12 13:39 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-11 13:51 . 2012-09-11 13:51 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-11 13:51 . 2012-09-11 13:51 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-11 13:51 . 2012-08-01 12:12 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-11 13:51 . 2012-08-01 12:12 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-28 00:09 . 2012-10-28 00:09 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-06-04 23:23 1014448 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-06-04 23:23 1014448 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-06-04 23:23 1014448 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-07 17425072]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2638152]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-06-30 395152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 35328]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2010-02-10 676520]
"lxdwamon"="c:\program files\Lexmark 7600 Series\lxdwamon.exe" [2010-02-10 16040]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-06-04 1061552]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2008-07-02 14848]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2009-12-02 710528]
.
c:\documents and settings\msobczak\Start Menu\Programs\Startup\
shup.lnk - c:\program files\shup\shup.exe [2009-7-29 580608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2006-5-29 1527808]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2012-6-29 6144]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\lxdwcoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.3.20110915-1350\\win32\\x86\\notes2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\IBM\\Lotus\\Sametime Connect\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.3.20110414-1652\\win32\\x86\\sametime.exe"=
"c:\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVC.exe"=
"c:\\Program Files\\IBM\\Client Access\\cwbunnav.exe"=
"c:\\Program Files\\IBM\\Client Access\\JRE\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Java\\jdk7\\bin\\java.exe"=
"c:\\Java\\jre7\\bin\\javaw.exe"=
"d:\\eclipse-jee-indigo-SR2-win32\\eclipse\\eclipse.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [6/23/2012 8:46 AM 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [6/23/2012 8:46 AM 83392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/24/2012 8:29 AM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/24/2012 8:29 AM 361032]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [6/25/2012 7:49 AM 13696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10/28/2012 3:17 PM 242240]
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [9/15/2012 7:37 AM 87064]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/24/2012 8:29 AM 21256]
R2 LNSUSvc;Lotus Notes Smart Upgrade Service;c:\notes\SUService.exe [9/16/2011 7:31 AM 189832]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10/14/2005 2:45 AM 199384]
R2 Plastic Server 4;Plastic Server 4;c:\plasticscm4\server\plasticd.exe [11/3/2012 7:23 AM 66880]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/30/2011 1:48 PM 845808]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [3/5/2009 10:57 PM 227352]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [10/9/2009 10:07 AM 493248]
R2 wgsslvpnsrc;WatchGuard SSLVPN Service;c:\program files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [9/5/2012 7:46 PM 58368]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2/23/2009 4:55 PM 20504]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [6/25/2012 7:24 AM 98984]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/7/2012 6:12 PM 160944]
S3 Aktion_83_2.0.101_Prod_9955;EasyAsk Server Aktion 83 2.0.101 Prod (Port 9955);d:\easyask10\server-aktion83\EasyAskServer_Aktion_83_2.0.101_Prod_9955.exe -zglaxservice Aktion_83_2.0.101_Prod_9955 -serverproperties EasyAskServer_Aktion_83_2.0.101_Prod_9955.properties --> d:\easyask10\server-aktion83\EasyAskServer_Aktion_83_2.0.101_Prod_9955.exe -zglaxservice Aktion_83_2.0.101_Prod_9955 -serverproperties EasyAskServer_Aktion_83_2.0.101_Prod_9955.properties [?]
S3 Aktion_83_2.0.101_Staging_9956;EasyAsk Server Aktion 83 2.0.101 Staging (Port 9956);d:\easyask10\server-aktion83\EasyAskServer_Aktion_83_2.0.101_Staging_9956.exe -zglaxservice Aktion_83_2.0.101_Staging_9956 -serverproperties EasyAskServer_Aktion_83_2.0.101_Staging_9956.properties --> d:\easyask10\server-aktion83\EasyAskServer_Aktion_83_2.0.101_Staging_9956.exe -zglaxservice Aktion_83_2.0.101_Staging_9956 -serverproperties EasyAskServer_Aktion_83_2.0.101_Staging_9956.properties [?]
S3 Aktion_D8_1.5.313_Prod_9555;EasyAsk Server Aktion D8 1.5.313 Prod (Port 9555);d:\easyask10\server\EasyAskServer_Aktion_D8_1.5.313_Prod_9555.exe -zglaxservice Aktion_D8_1.5.313_Prod_9555 -serverproperties EasyAskServer_Aktion_D8_1.5.313_Prod_9555.properties --> d:\easyask10\server\EasyAskServer_Aktion_D8_1.5.313_Prod_9555.exe -zglaxservice Aktion_D8_1.5.313_Prod_9555 -serverproperties EasyAskServer_Aktion_D8_1.5.313_Prod_9555.properties [?]
S3 Aktion_D8_1.5.313_Staging_9556;EasyAsk Server Aktion D8 1.5.313 Staging (Port 9556);d:\easyask10\server\EasyAskServer_Aktion_D8_1.5.313_Staging_9556.exe -zglaxservice Aktion_D8_1.5.313_Staging_9556 -serverproperties EasyAskServer_Aktion_D8_1.5.313_Staging_9556.properties --> d:\easyask10\server\EasyAskServer_Aktion_D8_1.5.313_Staging_9556.exe -zglaxservice Aktion_D8_1.5.313_Staging_9556 -serverproperties EasyAskServer_Aktion_D8_1.5.313_Staging_9556.properties [?]
S3 Earnest_2.0.101_Prod_9665;EasyAsk Server Earnest 2.0.101 Prod (Port 9665);d:\easyask10\server-earnest\EasyAskServer_Earnest_2.0.101_Prod_9665.exe -zglaxservice Earnest_2.0.101_Prod_9665 -serverproperties EasyAskServer_Earnest_2.0.101_Prod_9665.properties --> d:\easyask10\server-earnest\EasyAskServer_Earnest_2.0.101_Prod_9665.exe -zglaxservice Earnest_2.0.101_Prod_9665 -serverproperties EasyAskServer_Earnest_2.0.101_Prod_9665.properties [?]
S3 Earnest_2.0.101_Staging_9666;EasyAsk Server Earnest 2.0.101 Staging (Port 9666);d:\easyask10\server-earnest\EasyAskServer_Earnest_2.0.101_Staging_9666.exe -zglaxservice Earnest_2.0.101_Staging_9666 -serverproperties EasyAskServer_Earnest_2.0.101_Staging_9666.properties --> d:\easyask10\server-earnest\EasyAskServer_Earnest_2.0.101_Staging_9666.exe -zglaxservice Earnest_2.0.101_Staging_9666 -serverproperties EasyAskServer_Earnest_2.0.101_Staging_9666.properties [?]
S3 msftesql$SQLSERVER2005;SQL Server FullText Search (SQLSERVER2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [8/26/2005 3:00 PM 92880]
S3 MSSQL$SQLSERVER2005;SQL Server (SQLSERVER2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/14/2005 2:51 AM 28768528]
S3 MSSQL$SQLSERVER2008;SQL Server (SQLSERVER2008);c:\program files\Microsoft SQL Server\MSSQL10.SQLSERVER2008\MSSQL\Binn\sqlservr.exe [3/30/2009 2:25 AM 43010392]
S3 MSSQL$SQLSERVER2008R2;SQL Server (SQLSERVER2008R2);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLSERVER2008R2\MSSQL\Binn\sqlservr.exe [6/29/2012 12:15 AM 43129288]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [4/23/2007 1:11 PM 224896]
S3 SQLAgent$SQLSERVER2005;SQL Server Agent (SQLSERVER2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [10/14/2005 2:51 AM 318680]
S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [3/4/2009 5:03 PM 21016]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 1:56 PM 44896]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 2:09 AM 239336]
S4 RsFx0153;RsFx0153 Driver;c:\windows\system32\drivers\RsFx0153.sys [6/29/2012 12:24 AM 249288]
S4 SQLAgent$SQLSERVER2008;SQL Server Agent (SQLSERVER2008);c:\program files\Microsoft SQL Server\MSSQL10.SQLSERVER2008\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 2:23 AM 366936]
S4 SQLAgent$SQLSERVER2008R2;SQL Server Agent (SQLSERVER2008R2);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLSERVER2008R2\MSSQL\Binn\SQLAGENT.EXE [6/29/2012 12:15 AM 379848]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-07-30 14:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-18 23:50]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-22 10:21]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-22 10:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: aktionassociates.com\www
Trusted Zone: andersonsinc.com\secure2
Trusted Zone: inforxtreme.com\www
Trusted Zone: internet
Trusted Zone: subscribenet.com\infor
TCP: DhcpNameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://secure2.andersonsinc.com/,DanaInfo=andmail1.andent.andersonsinc.com,ST=1+/dwa85W.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://69.153.173.130/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\documents and settings\msobczak\Application Data\Mozilla\Firefox\Profiles\a62qguqr.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-20 12:48; LogMeInClient@logmein.com; c:\documents and settings\msobczak\Application Data\Mozilla\Firefox\Profiles\a62qguqr.default\extensions\LogMeInClient@logmein.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
AddRemove-EasyAsk Windows Service Setup - d:\easyask10\server\EasyAsk Server Earnest 2.0.101 Staging (Port 9666)\Uninstall Service\Uninstall Service.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-22 07:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$SQLSERVER2005]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQLSERVER2005"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(8472)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\msi.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LgMousHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\notes\nsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\lxdwcoms.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Lexmark 7600 Series\lxdwMsdMon.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2012-11-22 08:01:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-22 13:01
.
Pre-Run: 463,967,125,504 bytes free
Post-Run: 467,079,360,512 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F48A726C7E3A2D574A4B9A045B73E500
shelf life
2012-11-22, 16:27
ok. Hows it looking now on your end?
msobczak
2012-11-24, 02:00
One of the web pages open in my browser for a while was redirected to this:
http://redirect.trafficz.com/index.php?d=detroitnews.com&ifd=6274
shelf life
2012-11-24, 15:30
Lets try clearing your java cache:
follow this
link. (http://www.java.com/en/download/help/plugin_cache.xml)
msobczak
2012-11-27, 13:45
I cleared the Java cache, but still got a redirect.
I also uninstalled Cyberlink PowerDVD, and the redirect just happened.
msobczak
2012-11-27, 20:41
I'm now running JRE V7 Update 9. Redirects still happen randomly.
shelf life
2012-11-28, 04:26
Two things to try:
Lets see if a online scan will dig anything up.
ESET online scan. (http://go.eset.com/us/online-scanner)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish
===================================================
Download the beta version of Malwarebytes Anti-rootkit to your desktop.
Read the Disclaimer since this is beta and not a stable version. Backup any important data as a precaution before continuing.
http://www.malwarebytes.org/products/mbar/
Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall
If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
Verify that your system is now functioning normally.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.
msobczak
2012-11-28, 18:00
When I try to run it, I keep getting redirected to:
http://redirect.trafficz.com/index.php?d=eset.com&ifd=6274
shelf life
2012-11-28, 23:58
Ok.what about the MBAM anti-rootkit link?
Try these also:
Please download Junkware Removal tool. (http://thisisudax.org/downloads/JRT.exe)
Shutdown your antivirus to avoid any conflicts.
Windows Vista, W7:Right-mouse click JRT.exe and select Run as administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message
Please download Adwcleaner (http://www.bleepingcomputer.com/download/adwcleaner) by to your desktop.
Double click on AdwCleaner.exe, select OK, then Run
Click on Search
A logfile will automatically open after the scan has finished
Copy and paste the contents in your reply
You can find the logfile at C:\AdwCleaner[R1].txt as well
Another link for Adwcleaner here. (http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner)
msobczak
2012-11-29, 03:24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.6.0 (11.28.2012:4)
OS: Microsoft Windows XP x86
Ran by msobczak on Wed 11/28/2012 at 20:16:55.44
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_local_machine\software\babylon"
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\msobczak\Application Data\babylon"
~~~ FireFox
Successfully deleted: [File] C:\user.js
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/28/2012 at 20:20:23.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
msobczak
2012-11-29, 03:28
# AdwCleaner v2.009 - Logfile created 11/28/2012 at 20:27:42
# Updated 24/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : msobczak - HOME-BIOSTAR
# Boot Mode : Normal
# Running from : C:\Documents and Settings\msobczak\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
***** [Registry] *****
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\TENCENT
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v16.0.2 (en-US)
Profile name : default
File : C:\Documents and Settings\msobczak\Application Data\Mozilla\Firefox\Profiles\a62qguqr.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Documents and Settings\msobczak\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1087 octets] - [28/11/2012 20:27:42]
########## EOF - C:\AdwCleaner[R1].txt - [1147 octets] ##########
msobczak
2012-11-29, 03:56
Scan said no malware found.
shelf life
2012-11-29, 04:02
ok. thanks for the info. Rerun Adwcleaner, click the Search button then when its done click the delete button. May be prompted to reboot your machine. After the restart a log file will open. Save it to your desktop.
May has well grab this also;
Download & SAVE RougeKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe)
Double click to start
For Vista or Windows 7, right-click and select run as Admin
Once the Prescan has finished click the scan button
Once the scan is done a report.txt will be on your desktop.
Exit Rougekiller by going to File>Quit.
copy/paste the RKreport saved to your DeskTop
Also get the free version of Ccleaner (http://www.piriform.com/ccleaner/download/standard). Double click the .exe to install then run the desktop icon. Under cleaner and the Windows tab select everything listed under your browsers, IE. Also under the applications tab select everything listed under the browsers, chrome and firefox. You can leave the passwords options unchecked if you want to.
So MBAM anti-rootkit didnt find anything? I figure this is something simply and not a rootkit.
msobczak
2012-11-29, 15:37
It looks like one of the fixup tools I ran yesterday has made it possible for me to start an online ESET scan. Its currently in process. So far, it has found the following:
Win32/OpenCandy application
a variant of Win32/AdInstaller application
probably a variant of Win32Adware.Softomate.AD application
I'll post as soon as the scan finishes.
msobczak
2012-12-02, 18:05
D:\Downloads\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application
D:\Downloads\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application
D:\Downloads\DaemonToolsLite\DTLite4454-0315.exe Win32/OpenCandy application
D:\Downloads\PCUtilities\ZoneLabs\zlsSetup_70_462_000_en.exe a variant of Win32/AdInstaller application
D:\Downloads\Podcasts\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application
shelf life
2012-12-02, 20:28
Looks like you have some bundled adware in those exe on your D drive. Most adware should be spelled out in the EULA and be a optional install or at least removable via the add/remove programs panel. Some may not be. Malware apps may also remove the adware component. If you reinstall using those exe, adware will be installed again.
This is similar to ccleaner in removing temps, just more automated:
Download TFC.exe (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows including your browser
Double click the TFC icon
Click the Start button
Allow TFC to run uninterrupted.
Once its finished, if prompted reboot your machine.
If not prompted please reboot anyway to delete any "in use" temp. files
Hows it all looking now on your end?