TechSpot

Malwarebytes Anti-Malware successfully blocked access to a potentially malicious site

Solved
By Mark Roberts
Sep 6, 2012
Topic Status:
Not open for further replies.
  1. I have been getting this message to pop up the past 2 weeks. I have tried EVERYTHING to get the messages to stop. The IP listed changes - various ones - every now and then they are the same. All help appreciated. I know this thread has been discussed before but it seems the solution is always different depending on the logs. Anyway - if anyone cal help.

    Thanks
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Please review the 5-Step removal instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. Mark Roberts

    Mark Roberts Newcomer, in training Topic Starter

    Ok - Thank You Here are the initial Logs:


    1. Malwarebytes' Anti-Malware "Quick Scan Only":

    Malwarebytes Anti-Malware (PRO) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.07.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: KITCHENLAPTOP [administrator]

    Protection: Enabled

    9/7/2012 7:34:55 AM
    mbam-log-2012-09-07 (07-34-55).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208969
    Time elapsed: 7 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    2. GMER Log: (It just automatically did this quick scan when I downloaded it)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-09-07 07:52:19
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541010G9AT00 rev.MBZOA60A
    Running: 63i6mxhx.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwlyqkoc.sys

    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    ---- EOF - GMER 1.0.15 ----





    3. DDS Scans:

    A. Attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/22/2010 1:45:58 AM
    System Uptime: 9/6/2012 5:33:49 PM (14 hours ago)
    .
    Motherboard: Gateway | |
    Processor: Intel(R) Pentium(R) M processor 1.73GHz | uFCPGA2 | 1054/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 87 GiB total, 40.479 GiB free.
    D: is FIXED (FAT32) - 6 GiB total, 4.021 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/Wireless 2200BG Network Connection
    Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27018086&REV_05\4&AD1B67F&0&20F0
    Manufacturer: Intel(R) Corporation
    Name: Intel(R) PRO/Wireless 2200BG Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27018086&REV_05\4&AD1B67F&0&20F0
    Service: w29n51
    .
    ==== System Restore Points ===================
    .
    RP637: 6/10/2012 6:07:26 AM - System Checkpoint
    RP638: 6/11/2012 6:51:30 AM - System Checkpoint
    RP639: 6/13/2012 11:29:50 AM - System Checkpoint
    RP640: 6/14/2012 6:52:00 PM - System Checkpoint
    RP641: 6/15/2012 11:57:42 PM - System Checkpoint
    RP642: 6/17/2012 12:23:51 AM - System Checkpoint
    RP643: 6/18/2012 5:39:00 PM - System Checkpoint
    RP644: 6/19/2012 7:16:45 PM - System Checkpoint
    RP645: 6/21/2012 6:43:37 PM - System Checkpoint
    RP646: 6/24/2012 2:18:10 PM - System Checkpoint
    RP647: 6/25/2012 3:17:11 PM - System Checkpoint
    RP648: 6/26/2012 6:39:02 PM - System Checkpoint
    RP649: 6/27/2012 10:06:46 PM - System Checkpoint
    RP650: 6/29/2012 12:35:21 AM - System Checkpoint
    RP651: 7/1/2012 10:13:05 PM - System Checkpoint
    RP652: 7/2/2012 10:35:47 PM - System Checkpoint
    RP653: 7/4/2012 3:50:31 PM - System Checkpoint
    RP654: 7/6/2012 9:56:05 AM - System Checkpoint
    RP655: 7/7/2012 11:00:13 PM - System Checkpoint
    RP656: 7/9/2012 10:12:08 AM - System Checkpoint
    RP657: 7/10/2012 9:40:23 PM - System Checkpoint
    RP658: 7/11/2012 10:39:06 PM - System Checkpoint
    RP659: 7/13/2012 7:09:33 AM - System Checkpoint
    RP660: 7/14/2012 10:29:01 AM - System Checkpoint
    RP661: 7/16/2012 10:12:01 AM - System Checkpoint
    RP662: 7/17/2012 7:05:59 PM - System Checkpoint
    RP663: 7/18/2012 10:48:04 PM - System Checkpoint
    RP664: 7/20/2012 10:32:29 PM - System Checkpoint
    RP665: 7/21/2012 10:56:52 PM - System Checkpoint
    RP666: 7/23/2012 9:45:32 AM - System Checkpoint
    RP667: 7/25/2012 4:20:47 PM - System Checkpoint
    RP668: 7/27/2012 9:16:38 AM - System Checkpoint
    RP669: 7/28/2012 9:57:25 AM - System Checkpoint
    RP670: 7/29/2012 11:17:09 AM - System Checkpoint
    RP671: 7/30/2012 9:01:59 PM - System Checkpoint
    RP672: 7/31/2012 10:35:54 PM - System Checkpoint
    RP673: 8/2/2012 11:38:48 AM - System Checkpoint
    RP674: 8/3/2012 7:07:25 PM - System Checkpoint
    RP675: 8/4/2012 11:15:48 PM - System Checkpoint
    RP676: 8/6/2012 6:26:10 AM - System Checkpoint
    RP677: 8/7/2012 9:16:33 AM - System Checkpoint
    RP678: 8/9/2012 12:12:19 AM - System Checkpoint
    RP679: 8/10/2012 3:55:15 PM - System Checkpoint
    RP680: 8/11/2012 5:16:22 PM - System Checkpoint
    RP681: 8/12/2012 5:29:52 PM - System Checkpoint
    RP682: 8/14/2012 11:37:04 AM - System Checkpoint
    RP683: 8/16/2012 1:30:48 PM - Installed Microsoft Fix it 50195
    RP684: 8/16/2012 1:37:48 PM - Restore Operation
    RP685: 8/16/2012 6:55:55 PM - Spyware Terminator - restore point
    RP686: 8/17/2012 9:10:23 PM - System Checkpoint
    RP687: 8/19/2012 10:05:35 AM - Software Distribution Service 3.0
    RP688: 8/19/2012 10:58:07 AM - Software Distribution Service 3.0
    RP689: 8/19/2012 9:20:11 PM - Removed Java(TM) 6 Update 20
    RP690: 8/20/2012 6:06:47 PM - Removed Bonjour
    RP691: 8/21/2012 6:44:49 PM - System Checkpoint
    RP692: 8/22/2012 7:56:06 AM - Restore Operation
    RP693: 8/22/2012 5:59:57 PM - Removed Apple Application Support
    RP694: 8/22/2012 6:00:56 PM - Removed Apple Mobile Device Support
    RP695: 8/23/2012 7:27:14 PM - System Checkpoint
    RP696: 8/25/2012 8:25:53 PM - System Checkpoint
    RP697: 8/27/2012 7:25:31 AM - System Checkpoint
    RP698: 8/28/2012 9:47:42 AM - System Checkpoint
    RP699: 8/29/2012 7:10:21 PM - System Checkpoint
    RP700: 8/30/2012 10:19:27 PM - System Checkpoint
    RP701: 9/1/2012 9:39:26 AM - System Checkpoint
    RP702: 9/2/2012 11:06:42 AM - System Checkpoint
    RP703: 9/3/2012 12:03:38 PM - System Checkpoint
    RP704: 9/4/2012 7:28:21 PM - System Checkpoint
    RP705: 9/5/2012 7:54:18 PM - System Checkpoint
    RP706: 9/6/2012 8:51:24 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Reader 7.0
    America Online (Choose which version to remove)
    ATI Control Panel
    ATI Display Driver
    Conexant AC-Link Audio
    ESET Online Scanner v3
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB981793)
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    Java 2 Runtime Environment, SE v1.4.2
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office Standard Edition 2003
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MSXML 4.0 SP2 (KB954430)
    MWSnap 3
    Nero BurnRights
    Nero OEM
    PowerDVD
    QuickTime
    RealPlayer Basic
    Recovery Software Suite Gateway
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    SoftV92 Data Fax Modem with SmartCP
    Spybot - Search & Destroy
    Spyware Terminator
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515 drivers.
    TIxx21
    TWC Client ActiveX Controls
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Viewpoint Media Player
    WebFldrs XP
    Windows Backup Utility
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/3/2012 8:16:44 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    9/2/2012 9:35:00 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00E0B882256A. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    9/2/2012 10:16:12 AM, error: DCOM [10000] - Unable to start a DCOM Server: {022105BD-948A-40C9-AB42-A3300DDF097F}. The error: "%6" Happened while starting this command: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" -Embedding
    9/1/2012 9:43:46 AM, error: DCOM [10000] - Unable to start a DCOM Server: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. The error: "%6" Happened while starting this command: "C:\Program Files\Google\Update\1.3.21.111\GoogleUpdateOnDemand.exe" -Embedding
    9/1/2012 11:25:29 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
    9/1/2012 10:10:15 AM, error: Service Control Manager [7000] - The McAfee Task Scheduler service failed to start due to the following error: The system cannot find the path specified.
    .
    ==== End Of File ===========================

    B. DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Owner at 7:52:43 on 2012-09-07
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1177 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall Plus *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Malware\mbamgui.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Malware\mbamservice.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://penelopesoasis.com/2011/wise-marriage-advice.html
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malware\mbamgui.exe" /starttray
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBC}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    Trusted Zone: sprint.com
    Trusted Zone: sprint.com\www
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{706DA5E6-40E7-433B-986C-03E8C0596084} : DhcpNameServer = 209.18.47.61 209.18.47.62
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-8-23 142592]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
    R2 MBAMService;MBAMService;c:\program files\malware\mbamservice.exe [2012-8-16 655944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-23 22344]
    S0 IFP300;iriver Internet Audio Player IFP-300;c:\windows\system32\drivers\ifp300.sys --> c:\windows\system32\drivers\ifp300.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-22 136176]
    S2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe --> c:\progra~1\mcafee.com\agent\mctskshd.exe [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-22 136176]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-09-07 11:05:44 -------- d-----w- C:\oldlogs
    2012-09-01 21:58:00 -------- d-sha-r- C:\cmdcons
    2012-08-22 11:57:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-08-22 11:57:59 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-08-21 10:44:28 -------- d-----w- c:\windows\pss
    2012-08-20 02:07:31 -------- d-----w- c:\program files\ESET
    2012-08-20 01:23:10 3993600 ----a-w- c:\program files\GUT22.tmp
    2012-08-20 01:23:10 -------- d-----w- c:\program files\GUM21.tmp
    2012-08-20 01:20:39 53352 ----a-w- c:\windows\system32\jpicpl32.cpl
    2012-08-20 01:16:33 -------- d-----w- c:\program files\GUMD.tmp
    2012-08-19 04:19:06 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-08-19 04:17:27 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-08-19 04:17:27 3072 ------w- c:\windows\system32\iacenc.dll
    2012-08-16 23:10:29 -------- d-----w- c:\program files\Malware
    .
    ==================== Find3M ====================
    .
    2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 7:53:24.25 ===============


    4. AdwCleaner Log:


    # AdwCleaner v2.000 - Logfile created 09/07/2012 at 08:00:23
    # Updated 30/08/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Owner - KITCHENLAPTOP
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QR8IDOT9\adwcleaner[1].exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
    Folder Found : C:\Program Files\Ask.com
    Folder Found : C:\Program Files\Viewpoint
    ***** [Registry] *****
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\Software\MetaStream
    Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Found : HKLM\Software\Viewpoint
    Key Found : HKU\S-1-5-21-3378278228-2059735243-2500004591-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.6001.18702
    [OK] Registry is clean.
    -\\ Google Chrome v21.0.1180.89
    File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [2213 octets] - [07/09/2012 07:59:35]
    AdwCleaner[R2].txt - [2232 octets] - [07/09/2012 08:00:23]
    ########## EOF - C:\AdwCleaner[R2].txt - [2292 octets] ##########
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Remove the Adware.
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    Please post the log.


    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  5. Mark Roberts

    Mark Roberts Newcomer, in training Topic Starter

    Here are the 2 logs:

    1. AdwCleaner[S1]

    # AdwCleaner v2.000 - Logfile created 09/07/2012 at 18:48:31
    # Updated 30/08/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Owner - KITCHENLAPTOP
    # Boot Mode : Normal
    # Running from : C:\TEMP\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
    Folder Deleted : C:\Program Files\Ask.com
    Folder Deleted : C:\Program Files\Viewpoint
    ***** [Registry] *****
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\Software\MetaStream
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKLM\Software\Viewpoint
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.6001.18702
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    -\\ Google Chrome v21.0.1180.89
    File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [2213 octets] - [07/09/2012 07:59:35]
    AdwCleaner[R2].txt - [2361 octets] - [07/09/2012 08:00:23]
    AdwCleaner[S1].txt - [2504 octets] - [07/09/2012 18:48:31]
    ########## EOF - C:\AdwCleaner[S1].txt - [2564 octets] ##########




    2. TDSSKiller - note - after scan was done and it said it found 6 objects - it never gave 3 options to continue. It just stopped and went to the ititial scan again screen.

    19:03:28.0406 3200 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    19:03:28.0812 3200 ============================================================
    19:03:28.0812 3200 Current date / time: 2012/09/07 19:03:28.0812
    19:03:28.0812 3200 SystemInfo:
    19:03:28.0812 3200
    19:03:28.0812 3200 OS Version: 5.1.2600 ServicePack: 3.0
    19:03:28.0812 3200 Product type: Workstation
    19:03:28.0812 3200 ComputerName: KITCHENLAPTOP
    19:03:28.0812 3200 UserName: Owner
    19:03:28.0812 3200 Windows directory: C:\WINDOWS
    19:03:28.0812 3200 System windows directory: C:\WINDOWS
    19:03:28.0812 3200 Processor architecture: Intel x86
    19:03:28.0812 3200 Number of processors: 1
    19:03:28.0812 3200 Page size: 0x1000
    19:03:28.0812 3200 Boot type: Normal boot
    19:03:28.0812 3200 ============================================================
    19:03:30.0687 3200 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    19:03:30.0687 3200 ============================================================
    19:03:30.0687 3200 \Device\Harddisk0\DR0:
    19:03:30.0687 3200 MBR partitions:
    19:03:30.0687 3200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xBB86BD, BlocksNum 0xAE948C3
    19:03:30.0687 3200 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xBB867E
    19:03:30.0687 3200 ============================================================
    19:03:30.0750 3200 C: <-> \Device\Harddisk0\DR0\Partition1
    19:03:30.0750 3200 D: <-> \Device\Harddisk0\DR0\Partition2
    19:03:30.0750 3200 ============================================================
    19:03:30.0750 3200 Initialize success
    19:03:30.0750 3200 ============================================================
    19:04:27.0406 2348 ============================================================
    19:04:27.0406 2348 Scan started
    19:04:27.0406 2348 Mode: Manual; SigCheck; TDLFS;
    19:04:27.0406 2348 ============================================================
    19:04:28.0875 2348 ================ Scan system memory ========================
    19:04:28.0890 2348 System memory - ok
    19:04:28.0890 2348 ================ Scan services =============================
    19:04:29.0265 2348 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    19:04:29.0500 2348 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
    19:04:29.0500 2348 !SASCORE - detected UnsignedFile.Multi.Generic (1)
    19:04:29.0687 2348 Abiosdsk - ok
    19:04:29.0734 2348 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    19:04:29.0859 2348 abp480n5 - ok
    19:04:29.0906 2348 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    19:04:30.0171 2348 ACPI - ok
    19:04:30.0187 2348 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    19:04:30.0328 2348 ACPIEC - ok
    19:04:30.0343 2348 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    19:04:30.0468 2348 adpu160m - ok
    19:04:30.0500 2348 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    19:04:30.0640 2348 aec - ok
    19:04:30.0671 2348 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    19:04:30.0703 2348 AFD - ok
    19:04:30.0718 2348 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    19:04:30.0859 2348 agp440 - ok
    19:04:30.0875 2348 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    19:04:30.0984 2348 agpCPQ - ok
    19:04:30.0984 2348 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
    19:04:31.0046 2348 Aha154x - ok
    19:04:31.0078 2348 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    19:04:31.0203 2348 aic78u2 - ok
    19:04:31.0203 2348 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    19:04:31.0343 2348 aic78xx - ok
    19:04:31.0375 2348 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    19:04:31.0500 2348 Alerter - ok
    19:04:31.0515 2348 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    19:04:31.0656 2348 ALG - ok
    19:04:31.0671 2348 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
    19:04:31.0796 2348 AliIde - ok
    19:04:31.0828 2348 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
    19:04:31.0953 2348 alim1541 - ok
    19:04:31.0953 2348 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
    19:04:32.0078 2348 amdagp - ok
    19:04:32.0093 2348 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
    19:04:32.0140 2348 amsint - ok
    19:04:32.0140 2348 AppMgmt - ok
    19:04:32.0203 2348 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    19:04:32.0328 2348 Arp1394 - ok
    19:04:32.0343 2348 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
    19:04:32.0468 2348 asc - ok
    19:04:32.0484 2348 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    19:04:32.0531 2348 asc3350p - ok
    19:04:32.0546 2348 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
    19:04:32.0671 2348 asc3550 - ok
    19:04:32.0703 2348 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
    19:04:32.0703 2348 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
    19:04:32.0703 2348 ASCTRM - detected UnsignedFile.Multi.Generic (1)
    19:04:32.0796 2348 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    19:04:32.0812 2348 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
    19:04:32.0812 2348 aspnet_state - detected UnsignedFile.Multi.Generic (1)
    19:04:32.0812 2348 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    19:04:32.0953 2348 AsyncMac - ok
    19:04:32.0953 2348 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    19:04:33.0062 2348 atapi - ok
    19:04:33.0078 2348 Atdisk - ok
    19:04:33.0109 2348 [ D80EB0B6A201B6680A5FC627963781F6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    19:04:33.0171 2348 Ati HotKey Poller - ok
    19:04:33.0234 2348 [ E42F83F1E85CF0B9F9873851543DCD9D ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    19:04:33.0343 2348 ati2mtag - ok
    19:04:33.0421 2348 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    19:04:33.0546 2348 Atmarpc - ok
    19:04:33.0656 2348 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    19:04:33.0843 2348 AudioSrv - ok
    19:04:33.0953 2348 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    19:04:34.0156 2348 audstub - ok
    19:04:34.0250 2348 [ 84853F800CD69252C3C764FE50D0346F ] AVGIDSEH C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    19:04:34.0265 2348 AVGIDSEH - ok
    19:04:34.0312 2348 [ 2DC524A5D9C4879E7A7CB7100A2D36B4 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    19:04:34.0359 2348 b57w2k - ok
    19:04:34.0375 2348 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    19:04:34.0562 2348 Beep - ok
    19:04:34.0671 2348 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    19:04:34.0906 2348 BITS - ok
    19:04:34.0953 2348 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    19:04:34.0968 2348 Browser - ok
    19:04:35.0000 2348 [ DE801BBC3EC95AEC556947CF6B1B6E1C ] CAMCAUD C:\WINDOWS\system32\drivers\camcaud.sys
    19:04:35.0031 2348 CAMCAUD - ok
    19:04:35.0062 2348 [ CB9EDA5216B6218E0A377813A767BF7E ] CAMCHALA C:\WINDOWS\system32\drivers\camchal.sys
    19:04:35.0125 2348 CAMCHALA - ok
    19:04:35.0125 2348 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    19:04:35.0390 2348 cbidf - ok
    19:04:35.0406 2348 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    19:04:35.0531 2348 cbidf2k - ok
    19:04:35.0531 2348 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    19:04:35.0593 2348 cd20xrnt - ok
    19:04:35.0609 2348 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    19:04:35.0734 2348 Cdaudio - ok
    19:04:35.0750 2348 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    19:04:35.0875 2348 Cdfs - ok
    19:04:35.0890 2348 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    19:04:36.0015 2348 Cdrom - ok
    19:04:36.0031 2348 Changer - ok
    19:04:36.0078 2348 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    19:04:36.0187 2348 CiSvc - ok
    19:04:36.0203 2348 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    19:04:36.0312 2348 ClipSrv - ok
    19:04:36.0390 2348 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:04:36.0406 2348 clr_optimization_v4.0.30319_32 - ok
    19:04:36.0421 2348 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    19:04:36.0562 2348 CmBatt - ok
    19:04:36.0593 2348 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
    19:04:36.0718 2348 CmdIde - ok
    19:04:36.0718 2348 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    19:04:36.0828 2348 Compbatt - ok
    19:04:36.0843 2348 COMSysApp - ok
    19:04:36.0859 2348 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    19:04:36.0968 2348 Cpqarray - ok
    19:04:37.0015 2348 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    19:04:37.0156 2348 CryptSvc - ok
    19:04:37.0156 2348 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    19:04:37.0281 2348 dac2w2k - ok
    19:04:37.0296 2348 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    19:04:37.0453 2348 dac960nt - ok
    19:04:37.0515 2348 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    19:04:37.0531 2348 DcomLaunch - ok
    19:04:37.0562 2348 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    19:04:37.0687 2348 Dhcp - ok
    19:04:37.0734 2348 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    19:04:37.0843 2348 Disk - ok
    19:04:37.0843 2348 dmadmin - ok
    19:04:37.0921 2348 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    19:04:38.0125 2348 dmboot - ok
    19:04:38.0156 2348 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    19:04:38.0281 2348 dmio - ok
    19:04:38.0359 2348 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    19:04:38.0562 2348 dmload - ok
    19:04:38.0640 2348 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    19:04:38.0765 2348 dmserver - ok
    19:04:38.0796 2348 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    19:04:38.0921 2348 DMusic - ok
    19:04:38.0968 2348 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    19:04:39.0000 2348 Dnscache - ok
    19:04:39.0046 2348 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    19:04:39.0156 2348 Dot3svc - ok
    19:04:39.0187 2348 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    19:04:39.0328 2348 dpti2o - ok
    19:04:39.0375 2348 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    19:04:39.0515 2348 drmkaud - ok
    19:04:39.0531 2348 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    19:04:39.0656 2348 EapHost - ok
    19:04:39.0703 2348 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    19:04:39.0828 2348 ERSvc - ok
    19:04:39.0875 2348 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    19:04:39.0890 2348 Eventlog - ok
    19:04:39.0937 2348 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    19:04:39.0968 2348 EventSystem - ok
    19:04:39.0984 2348 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    19:04:40.0109 2348 Fastfat - ok
    19:04:40.0156 2348 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    19:04:40.0187 2348 FastUserSwitchingCompatibility - ok
    19:04:40.0218 2348 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    19:04:40.0343 2348 Fdc - ok
    19:04:40.0375 2348 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    19:04:40.0531 2348 Fips - ok
    19:04:40.0640 2348 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    19:04:40.0781 2348 Flpydisk - ok
    19:04:40.0828 2348 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    19:04:40.0968 2348 FltMgr - ok
    19:04:41.0015 2348 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    19:04:41.0171 2348 Fs_Rec - ok
    19:04:41.0187 2348 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    19:04:41.0359 2348 Ftdisk - ok
    19:04:41.0390 2348 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    19:04:41.0531 2348 Gpc - ok
    19:04:41.0593 2348 gupdate - ok
    19:04:41.0609 2348 gupdatem - ok
    19:04:41.0656 2348 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    19:04:41.0671 2348 gusvc - ok
    19:04:41.0765 2348 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    19:04:41.0875 2348 helpsvc - ok
    19:04:41.0906 2348 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    19:04:42.0031 2348 HidServ - ok
    19:04:42.0062 2348 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    19:04:42.0218 2348 HidUsb - ok
    19:04:42.0359 2348 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    19:04:42.0500 2348 hkmsvc - ok
    19:04:42.0531 2348 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
    19:04:42.0671 2348 hpn - ok
    19:04:42.0718 2348 [ 140BA850417896B6B3322048DE280368 ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
    19:04:42.0765 2348 HSFHWICH - ok
    19:04:42.0828 2348 [ B2DFC168D6F7512FAEA085253C5A37AD ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    19:04:42.0984 2348 HSF_DP - ok
    19:04:43.0031 2348 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    19:04:43.0078 2348 HTTP - ok
    19:04:43.0093 2348 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    19:04:43.0296 2348 HTTPFilter - ok
    19:04:43.0359 2348 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
    19:04:43.0593 2348 i2omgmt - ok
    19:04:43.0609 2348 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
    19:04:43.0734 2348 i2omp - ok
    19:04:43.0750 2348 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    19:04:43.0875 2348 i8042prt - ok
    19:04:43.0875 2348 IFP300 - ok
    19:04:43.0875 2348 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    19:04:44.0015 2348 Imapi - ok
    19:04:44.0062 2348 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    19:04:44.0187 2348 ImapiService - ok
    19:04:44.0234 2348 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
    19:04:44.0359 2348 ini910u - ok
    19:04:44.0375 2348 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    19:04:44.0484 2348 IntelIde - ok
    19:04:44.0531 2348 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    19:04:44.0640 2348 intelppm - ok
    19:04:44.0656 2348 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    19:04:44.0781 2348 Ip6Fw - ok
    19:04:44.0812 2348 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    19:04:44.0921 2348 IpFilterDriver - ok
    19:04:45.0000 2348 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    19:04:45.0140 2348 IpInIp - ok
    19:04:45.0171 2348 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    19:04:45.0296 2348 IpNat - ok
    19:04:45.0343 2348 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    19:04:45.0453 2348 IPSec - ok
    19:04:45.0484 2348 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    19:04:45.0625 2348 IRENUM - ok
    19:04:45.0640 2348 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    19:04:45.0750 2348 isapnp - ok
    19:04:45.0781 2348 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    19:04:45.0906 2348 Kbdclass - ok
    19:04:45.0937 2348 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    19:04:46.0046 2348 kbdhid - ok
    19:04:46.0078 2348 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    19:04:46.0218 2348 kmixer - ok
    19:04:46.0234 2348 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    19:04:46.0234 2348 KSecDD - ok
    19:04:46.0281 2348 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    19:04:46.0296 2348 lanmanserver - ok
    19:04:46.0359 2348 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    19:04:46.0375 2348 lanmanworkstation - ok
    19:04:46.0390 2348 lbrtfdc - ok
    19:04:46.0437 2348 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    19:04:46.0546 2348 LmHosts - ok
    19:04:46.0578 2348 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
    19:04:46.0734 2348 LPDSVC - ok
    19:04:46.0812 2348 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    19:04:46.0828 2348 MBAMProtector - ok
    19:04:46.0906 2348 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malware\mbamservice.exe
    19:04:46.0953 2348 MBAMService - ok
    19:04:46.0953 2348 McTskshd.exe - ok
    19:04:47.0015 2348 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    19:04:47.0046 2348 mdmxsdk - ok
    19:04:47.0078 2348 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    19:04:47.0218 2348 Messenger - ok
    19:04:47.0343 2348 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    19:04:47.0562 2348 mnmdd - ok
    19:04:47.0578 2348 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    19:04:47.0765 2348 mnmsrvc - ok
    19:04:47.0812 2348 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    19:04:48.0000 2348 Modem - ok
    19:04:48.0031 2348 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    19:04:48.0203 2348 Mouclass - ok
    19:04:48.0234 2348 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    19:04:48.0437 2348 mouhid - ok
    19:04:48.0484 2348 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    19:04:48.0656 2348 MountMgr - ok
    19:04:48.0671 2348 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    19:04:48.0875 2348 mraid35x - ok
    19:04:48.0890 2348 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    19:04:49.0046 2348 MRxDAV - ok
    19:04:49.0109 2348 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    19:04:49.0171 2348 MRxSmb - ok
    19:04:49.0218 2348 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    19:04:49.0343 2348 MSDTC - ok
    19:04:49.0343 2348 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    19:04:49.0484 2348 Msfs - ok
    19:04:49.0484 2348 MSIServer - ok
    19:04:49.0515 2348 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    19:04:49.0625 2348 MSKSSRV - ok
    19:04:49.0640 2348 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    19:04:49.0781 2348 MSPCLOCK - ok
    19:04:49.0812 2348 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    19:04:49.0937 2348 MSPQM - ok
    19:04:49.0968 2348 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    19:04:50.0093 2348 mssmbios - ok
    19:04:50.0125 2348 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    19:04:50.0187 2348 Mup - ok
    19:04:50.0218 2348 [ E1CDF20697D992CF83FF86DD04DF1285 ] mxnic C:\WINDOWS\system32\DRIVERS\mxnic.sys
    19:04:50.0359 2348 mxnic - ok
    19:04:50.0406 2348 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    19:04:50.0546 2348 napagent - ok
    19:04:50.0578 2348 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    19:04:50.0687 2348 NDIS - ok
    19:04:50.0734 2348 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    19:04:50.0765 2348 NdisTapi - ok
    19:04:50.0796 2348 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    19:04:50.0921 2348 Ndisuio - ok
    19:04:50.0921 2348 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    19:04:51.0046 2348 NdisWan - ok
    19:04:51.0062 2348 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    19:04:51.0078 2348 NDProxy - ok
    19:04:51.0109 2348 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    19:04:51.0296 2348 NetBIOS - ok
    19:04:51.0343 2348 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    19:04:51.0500 2348 NetBT - ok
    19:04:51.0609 2348 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    19:04:51.0750 2348 NetDDE - ok
    19:04:51.0750 2348 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    19:04:51.0875 2348 NetDDEdsdm - ok
    19:04:51.0921 2348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    19:04:52.0046 2348 Netlogon - ok
    19:04:52.0109 2348 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    19:04:52.0234 2348 Netman - ok
    19:04:52.0281 2348 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    19:04:52.0421 2348 NIC1394 - ok
    19:04:52.0468 2348 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    19:04:52.0515 2348 Nla - ok
    19:04:52.0515 2348 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    19:04:52.0625 2348 Npfs - ok
    19:04:52.0687 2348 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    19:04:52.0843 2348 Ntfs - ok
    19:04:52.0859 2348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    19:04:52.0968 2348 NtLmSsp - ok
    19:04:53.0031 2348 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    19:04:53.0203 2348 NtmsSvc - ok
    19:04:53.0234 2348 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    19:04:53.0375 2348 Null - ok
    19:04:53.0484 2348 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    19:04:53.0781 2348 nv - ok
    19:04:53.0812 2348 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    19:04:54.0109 2348 NwlnkFlt - ok
    19:04:54.0140 2348 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    19:04:54.0343 2348 NwlnkFwd - ok
    19:04:54.0406 2348 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    19:04:54.0546 2348 ohci1394 - ok
    19:04:54.0656 2348 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:04:54.0656 2348 ose - ok
    19:04:54.0687 2348 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
    19:04:54.0843 2348 P3 - ok
    19:04:54.0875 2348 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    19:04:55.0015 2348 Parport - ok
    19:04:55.0031 2348 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    19:04:55.0140 2348 PartMgr - ok
    19:04:55.0187 2348 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    19:04:55.0328 2348 ParVdm - ok
    19:04:55.0343 2348 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    19:04:55.0453 2348 PCI - ok
    19:04:55.0453 2348 PCIDump - ok
    19:04:55.0484 2348 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    19:04:55.0625 2348 PCIIde - ok
    19:04:55.0656 2348 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    19:04:55.0781 2348 Pcmcia - ok
    19:04:55.0781 2348 PDCOMP - ok
    19:04:55.0796 2348 PDFRAME - ok
    19:04:55.0812 2348 PDRELI - ok
    19:04:55.0812 2348 PDRFRAME - ok
    19:04:55.0828 2348 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
    19:04:55.0953 2348 perc2 - ok
    19:04:55.0953 2348 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    19:04:56.0109 2348 perc2hib - ok
    19:04:56.0187 2348 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    19:04:56.0203 2348 PlugPlay - ok
    19:04:56.0203 2348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    19:04:56.0328 2348 PolicyAgent - ok
    19:04:56.0359 2348 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    19:04:56.0500 2348 PptpMiniport - ok
    19:04:56.0546 2348 [ F3C8D6E59A36D4DD5729782015E685A8 ] PrismXL C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    19:04:56.0562 2348 PrismXL ( UnsignedFile.Multi.Generic ) - warning
    19:04:56.0562 2348 PrismXL - detected UnsignedFile.Multi.Generic (1)
    19:04:56.0562 2348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    19:04:56.0687 2348 ProtectedStorage - ok
    19:04:56.0703 2348 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    19:04:56.0828 2348 PSched - ok
    19:04:56.0828 2348 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    19:04:56.0953 2348 Ptilink - ok
    19:04:56.0953 2348 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
    19:04:57.0093 2348 ql1080 - ok
    19:04:57.0109 2348 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    19:04:57.0296 2348 Ql10wnt - ok
    19:04:57.0312 2348 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
    19:04:57.0437 2348 ql12160 - ok
    19:04:57.0437 2348 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
    19:04:57.0625 2348 ql1240 - ok
    19:04:57.0640 2348 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
    19:04:57.0781 2348 ql1280 - ok
    19:04:57.0812 2348 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    19:04:57.0921 2348 RasAcd - ok
    19:04:57.0953 2348 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    19:04:58.0109 2348 RasAuto - ok
    19:04:58.0125 2348 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    19:04:58.0250 2348 Rasl2tp - ok
    19:04:58.0312 2348 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    19:04:58.0437 2348 RasMan - ok
    19:04:58.0437 2348 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    19:04:58.0546 2348 RasPppoe - ok
    19:04:58.0578 2348 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    19:04:58.0718 2348 Raspti - ok
    19:04:58.0750 2348 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    19:04:58.0875 2348 Rdbss - ok
    19:04:58.0890 2348 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    19:04:59.0000 2348 RDPCDD - ok
    19:04:59.0046 2348 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    19:04:59.0187 2348 rdpdr - ok
    19:04:59.0218 2348 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    19:04:59.0265 2348 RDPWD - ok
    19:04:59.0296 2348 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    19:04:59.0406 2348 RDSessMgr - ok
    19:04:59.0406 2348 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    19:04:59.0531 2348 redbook - ok
    19:04:59.0578 2348 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    19:04:59.0718 2348 RemoteAccess - ok
    19:04:59.0734 2348 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    19:04:59.0843 2348 RpcLocator - ok
    19:04:59.0890 2348 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    19:04:59.0906 2348 RpcSs - ok
    19:04:59.0937 2348 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    19:05:00.0046 2348 RSVP - ok
    19:05:00.0078 2348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    19:05:00.0187 2348 SamSs - ok
    19:05:00.0203 2348 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    19:05:00.0218 2348 SASDIFSV - ok
    19:05:00.0234 2348 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    19:05:00.0234 2348 SASKUTIL - ok
    19:05:00.0281 2348 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    19:05:00.0437 2348 SCardSvr - ok
    19:05:00.0500 2348 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    19:05:00.0609 2348 Schedule - ok
    19:05:00.0640 2348 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
    19:05:00.0796 2348 sdbus - ok
    19:05:00.0843 2348 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    19:05:01.0015 2348 Secdrv - ok
    19:05:01.0031 2348 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    19:05:01.0203 2348 seclogon - ok
    19:05:01.0203 2348 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    19:05:01.0390 2348 SENS - ok
    19:05:01.0421 2348 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    19:05:01.0578 2348 serenum - ok
    19:05:01.0609 2348 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    19:05:01.0718 2348 Serial - ok
    19:05:01.0750 2348 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    19:05:01.0875 2348 Sfloppy - ok
    19:05:01.0937 2348 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    19:05:02.0062 2348 SharedAccess - ok
    19:05:02.0093 2348 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    19:05:02.0109 2348 ShellHWDetection - ok
    19:05:02.0109 2348 Simbad - ok
    19:05:02.0156 2348 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
    19:05:02.0281 2348 sisagp - ok
    19:05:02.0343 2348 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
    19:05:02.0421 2348 Sparrow - ok
    19:05:02.0453 2348 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    19:05:02.0562 2348 splitter - ok
    19:05:02.0609 2348 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    19:05:02.0625 2348 Spooler - ok
    19:05:02.0640 2348 [ 8831252BCF05FCFB5ABD116A22E552D8 ] sp_rsdrv2 C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    19:05:02.0671 2348 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
    19:05:02.0671 2348 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
    19:05:02.0781 2348 [ 642180B8F50E7FC1FBAF87C718E259D6 ] sp_rssrv C:\Program Files\Spyware Terminator\sp_rsser.exe
    19:05:02.0796 2348 sp_rssrv ( UnsignedFile.Multi.Generic ) - warning
    19:05:02.0796 2348 sp_rssrv - detected UnsignedFile.Multi.Generic (1)
    19:05:02.0796 2348 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    19:05:03.0000 2348 sr - ok
    19:05:03.0031 2348 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    19:05:03.0234 2348 srservice - ok
    19:05:03.0281 2348 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    19:05:03.0359 2348 Srv - ok
    19:05:03.0375 2348 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    19:05:03.0546 2348 SSDPSRV - ok
    19:05:03.0593 2348 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    19:05:03.0781 2348 stisvc - ok
    19:05:03.0843 2348 [ 78B58486A5CB4F418D06EA2D6E961DB0 ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    19:05:03.0859 2348 SupportSoft RemoteAssist - ok
    19:05:03.0906 2348 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    19:05:04.0031 2348 swenum - ok
    19:05:04.0062 2348 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    19:05:04.0187 2348 swmidi - ok
    19:05:04.0203 2348 SwPrv - ok
    19:05:04.0218 2348 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
    19:05:04.0343 2348 symc810 - ok
    19:05:04.0375 2348 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    19:05:04.0515 2348 symc8xx - ok
    19:05:04.0515 2348 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    19:05:04.0656 2348 sym_hi - ok
    19:05:04.0656 2348 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    19:05:04.0796 2348 sym_u3 - ok
    19:05:04.0828 2348 [ EB363DDFBE8B6D51003CCAB29D93D744 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
    19:05:04.0843 2348 SynTP - ok
    19:05:04.0859 2348 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    19:05:04.0968 2348 sysaudio - ok
    19:05:05.0000 2348 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    19:05:05.0125 2348 SysmonLog - ok
    19:05:05.0187 2348 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    19:05:05.0328 2348 TapiSrv - ok
    19:05:05.0375 2348 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    19:05:05.0406 2348 Tcpip - ok
    19:05:05.0421 2348 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    19:05:05.0562 2348 TDPIPE - ok
    19:05:05.0593 2348 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    19:05:05.0718 2348 TDTCP - ok
    19:05:05.0750 2348 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    19:05:05.0921 2348 TermDD - ok
    19:05:05.0953 2348 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    19:05:06.0109 2348 TermService - ok
    19:05:06.0140 2348 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    19:05:06.0156 2348 Themes - ok
    19:05:06.0203 2348 [ 8778A553003A3D37A550A1F9CFF6BE28 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
    19:05:06.0203 2348 tifm21 - ok
    19:05:06.0250 2348 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
    19:05:06.0406 2348 TosIde - ok
    19:05:06.0437 2348 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    19:05:06.0609 2348 TrkWks - ok
    19:05:06.0640 2348 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    19:05:06.0781 2348 Udfs - ok
    19:05:06.0796 2348 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
    19:05:06.0843 2348 ultra - ok
    19:05:06.0859 2348 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
    19:05:06.0875 2348 UMWdf - ok
    19:05:06.0921 2348 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    19:05:07.0078 2348 Update - ok
    19:05:07.0109 2348 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    19:05:07.0234 2348 upnphost - ok
    19:05:07.0265 2348 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    19:05:07.0375 2348 UPS - ok
    19:05:07.0390 2348 USBAAPL - ok
    19:05:07.0421 2348 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    19:05:07.0546 2348 usbaudio - ok
    19:05:07.0578 2348 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    19:05:07.0703 2348 usbccgp - ok
    19:05:07.0718 2348 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    19:05:07.0859 2348 usbehci - ok
    19:05:07.0859 2348 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    19:05:07.0968 2348 usbhub - ok
    19:05:08.0000 2348 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    19:05:08.0109 2348 usbscan - ok
    19:05:08.0156 2348 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    19:05:08.0296 2348 USBSTOR - ok
    19:05:08.0343 2348 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    19:05:08.0468 2348 usbuhci - ok
    19:05:08.0484 2348 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    19:05:08.0609 2348 VgaSave - ok
    19:05:08.0656 2348 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
    19:05:08.0796 2348 viaagp - ok
    19:05:08.0796 2348 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    19:05:08.0921 2348 ViaIde - ok
    19:05:08.0921 2348 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    19:05:09.0046 2348 VolSnap - ok
    19:05:09.0078 2348 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    19:05:09.0203 2348 VSS - ok
    19:05:09.0468 2348 [ C89DA341FCC883A3D79DC11727484FC2 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
    19:05:09.0656 2348 w29n51 - ok
    19:05:09.0703 2348 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    19:05:09.0843 2348 W32Time - ok
    19:05:09.0890 2348 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    19:05:10.0078 2348 Wanarp - ok
    19:05:10.0093 2348 wanatw - ok
    19:05:10.0093 2348 WDICA - ok
    19:05:10.0125 2348 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    19:05:10.0281 2348 wdmaud - ok
    19:05:10.0343 2348 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    19:05:10.0484 2348 WebClient - ok
    19:05:10.0531 2348 [ 2DC7C0B6175A0A8ED84A4F70199C93B5 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    19:05:10.0656 2348 winachsf - ok
    19:05:10.0718 2348 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    19:05:10.0843 2348 winmgmt - ok
    19:05:10.0890 2348 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    19:05:10.0906 2348 WmdmPmSN - ok
    19:05:10.0937 2348 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    19:05:11.0140 2348 WmiApSrv - ok
    19:05:11.0218 2348 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    19:05:11.0281 2348 WPFFontCache_v0400 - ok
    19:05:11.0375 2348 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    19:05:11.0578 2348 WS2IFSL - ok
    19:05:11.0625 2348 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    19:05:11.0796 2348 wscsvc - ok
    19:05:11.0828 2348 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    19:05:12.0015 2348 wuauserv - ok
    19:05:12.0078 2348 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    19:05:12.0312 2348 WZCSVC - ok
    19:05:12.0375 2348 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    19:05:12.0546 2348 xmlprov - ok
    19:05:12.0562 2348 ================ Scan global ===============================
    19:05:12.0578 2348 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    19:05:12.0640 2348 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    19:05:12.0656 2348 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    19:05:12.0687 2348 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    19:05:12.0687 2348 [Global] - ok
    19:05:12.0687 2348 ================ Scan MBR ==================================
    19:05:12.0718 2348 [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk0\DR0
    19:05:12.0984 2348 \Device\Harddisk0\DR0 - ok
    19:05:12.0984 2348 ================ Scan VBR ==================================
    19:05:12.0984 2348 [ 3D32B860CCC8E78E1AE0BE1E50C47A18 ] \Device\Harddisk0\DR0\Partition1
    19:05:13.0000 2348 \Device\Harddisk0\DR0\Partition1 - ok
    19:05:13.0000 2348 [ B84312D4AA5F3CF23F8C4473C641913C ] \Device\Harddisk0\DR0\Partition2
    19:05:13.0000 2348 \Device\Harddisk0\DR0\Partition2 - ok
    19:05:13.0000 2348 ============================================================
    19:05:13.0000 2348 Scan finished
    19:05:13.0000 2348 ============================================================
    19:05:13.0140 3152 Detected object count: 6
    19:05:13.0140 3152 Actual detected object count: 6
    19:05:24.0437 3152 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
    19:05:24.0437 3152 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:05:24.0437 3152 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
    19:05:24.0437 3152 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:05:24.0437 3152 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
    19:05:24.0437 3152 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:05:24.0437 3152 PrismXL ( UnsignedFile.Multi.Generic ) - skipped by user
    19:05:24.0437 3152 PrismXL ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:05:24.0453 3152 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
    19:05:24.0453 3152 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:05:24.0453 3152 sp_rssrv ( UnsignedFile.Multi.Generic ) - skipped by user
    19:05:24.0453 3152 sp_rssrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:05:36.0953 2620 Deinitialize success
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  7. Mark Roberts

    Mark Roberts Newcomer, in training Topic Starter

    Ok - I ran ComboFix but then realized I didn't turn off MalWarebytes Anti-Malware before I ran it - so I ran it again with it turned off. Below are both logs (the first with Malware on, then with it off). Also - ComboFix mentioned at the beginning I had AVG Anti-Virus and McAfee Anti-firus running - and I should turn them off). Neither are installed anymore on this computer as far as I can tell . AVG was never fuly installed (I stopped after a partial installlation last week) and McAfee was uninstalled months ago after it expired - but apparently remnants of both software must remain if ComboFix thinks they are still on the computer.



    Log 1 (MalWarebytes Anti-Malware was on):

    ComboFix 12-09-08.02 - Owner 09/08/2012 16:33:09.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1553 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall Plus *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-07 11:05 . 2012-09-07 11:05 -------- d-----w- C:\oldlogs
    2012-08-22 11:57 . 2012-08-22 11:57 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-08-20 02:07 . 2012-08-20 02:07 -------- d-----w- c:\program files\ESET
    2012-08-20 01:23 . 2012-08-20 01:23 3993600 ----a-w- c:\program files\GUT22.tmp
    2012-08-20 01:23 . 2012-08-20 01:23 -------- d-----w- c:\program files\GUM21.tmp
    2012-08-20 01:20 . 2010-06-21 22:27 53352 ----a-w- c:\windows\system32\jpicpl32.cpl
    2012-08-20 01:16 . 2012-08-20 01:16 -------- d-----w- c:\program files\GUMD.tmp
    2012-08-19 04:19 . 2012-07-02 17:49 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-08-19 04:17 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-08-19 04:17 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-08-16 23:10 . 2012-09-01 13:57 -------- d-----w- c:\program files\Malware
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 13:58 . 2009-05-18 01:50 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05 . 2009-05-18 01:55 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 17:46 . 2010-08-23 11:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-03 13:40 . 2009-05-18 01:56 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49 . 2009-05-18 01:56 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:49 . 2009-05-18 01:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:49 . 2009-05-18 01:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05 . 2009-05-18 01:52 385024 ----a-w- c:\windows\system32\html.iec
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-16 4616064]
    "SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-11-24 3318784]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-20 39408]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 339968]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
    "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-11-24 2216960]
    "Malwarebytes' Anti-Malware"="c:\program files\Malware\mbamgui.exe" [2012-07-03 462920]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-11 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/23/2010 7:49 AM 142592]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
    R2 MBAMService;MBAMService;c:\program files\Malware\mbamservice.exe [8/16/2012 7:10 PM 655944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/23/2010 7:44 AM 22344]
    S0 IFP300;iriver Internet Audio Player IFP-300;c:\windows\system32\DRIVERS\ifp300.sys --> c:\windows\system32\DRIVERS\ifp300.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/22/2010 9:45 PM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/22/2010 9:45 PM 136176]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 69239357
    *NewlyCreated* - 90950897
    *Deregistered* - 69239357
    *Deregistered* - 90950897
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-23 01:45]
    .
    2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-23 01:45]
    .
    2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3378278228-2059735243-2500004591-1003Core.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-20 01:23]
    .
    2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3378278228-2059735243-2500004591-1003UA.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-20 01:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.usatoday.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: sprint.com
    Trusted Zone: sprint.com\www
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-09-08 16:42
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(648)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(2984)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2012-09-08 16:44:09
    ComboFix-quarantined-files.txt 2012-09-08 20:43
    .
    Pre-Run: 43,150,184,448 bytes free
    Post-Run: 43,564,449,792 bytes free
    .
    - - End Of File - - 6F57339819073FB9AE750C7ACB46E0FF





    Log 2 (MalWarebytes Anti-Malware was off):

    ComboFix 12-09-08.02 - Owner 09/08/2012 16:56:23.4.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1335 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall Plus *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-07 11:05 . 2012-09-07 11:05 -------- d-----w- C:\oldlogs
    2012-08-22 11:57 . 2012-08-22 11:57 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-08-20 02:07 . 2012-08-20 02:07 -------- d-----w- c:\program files\ESET
    2012-08-20 01:23 . 2012-08-20 01:23 3993600 ----a-w- c:\program files\GUT22.tmp
    2012-08-20 01:23 . 2012-08-20 01:23 -------- d-----w- c:\program files\GUM21.tmp
    2012-08-20 01:20 . 2010-06-21 22:27 53352 ----a-w- c:\windows\system32\jpicpl32.cpl
    2012-08-20 01:16 . 2012-08-20 01:16 -------- d-----w- c:\program files\GUMD.tmp
    2012-08-19 04:19 . 2012-07-02 17:49 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-08-19 04:17 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-08-19 04:17 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-08-16 23:10 . 2012-09-01 13:57 -------- d-----w- c:\program files\Malware
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 13:58 . 2009-05-18 01:50 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05 . 2009-05-18 01:55 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 17:46 . 2010-08-23 11:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-03 13:40 . 2009-05-18 01:56 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49 . 2009-05-18 01:56 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:49 . 2009-05-18 01:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:49 . 2009-05-18 01:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05 . 2009-05-18 01:52 385024 ----a-w- c:\windows\system32\html.iec
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-16 4616064]
    "SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-11-24 3318784]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-20 39408]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 339968]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
    "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-11-24 2216960]
    "Malwarebytes' Anti-Malware"="c:\program files\Malware\mbamgui.exe" [2012-07-03 462920]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-11 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/23/2010 7:49 AM 142592]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
    R2 MBAMService;MBAMService;c:\program files\Malware\mbamservice.exe [8/16/2012 7:10 PM 655944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/23/2010 7:44 AM 22344]
    S0 IFP300;iriver Internet Audio Player IFP-300;c:\windows\system32\DRIVERS\ifp300.sys --> c:\windows\system32\DRIVERS\ifp300.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/22/2010 9:45 PM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/22/2010 9:45 PM 136176]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 69239357
    *NewlyCreated* - 90950897
    *Deregistered* - 69239357
    *Deregistered* - 90950897
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-23 01:45]
    .
    2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-23 01:45]
    .
    2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3378278228-2059735243-2500004591-1003Core.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-20 01:23]
    .
    2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3378278228-2059735243-2500004591-1003UA.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-20 01:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.usatoday.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: sprint.com
    Trusted Zone: sprint.com\www
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-09-08 17:00
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(648)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(3120)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2012-09-08 17:02:03
    ComboFix-quarantined-files.txt 2012-09-08 21:02
    ComboFix2.txt 2012-09-08 20:44
    .
    Pre-Run: 43,571,085,312 bytes free
    Post-Run: 43,558,436,864 bytes free
    .
    - - End Of File - - 3E66D5FF1A0286D14E4E436C86558A32
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
  9. Mark Roberts

    Mark Roberts Newcomer, in training Topic Starter

    Here are the logs:

    1. Checkup.txt:

    Results of screen317's Security Check version 0.99.50
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    ESET Online Scanner v3
    `````````Anti-malware/Other Utilities Check:`````````
    Spyware Terminator
    Spybot - Search & Destroy
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java 2 Runtime Environment, SE v1.4.2
    Java version out of Date!
    Adobe Reader 7 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 4%
    ````````````````````End of Log``````````````````````


    2. ESET: (1 file found)

    C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP684\A0079486.dll a variant of Win32/Kryptik.AKPW trojan cleaned by deleting - quarantined
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi! Your logs appear to be clean. If there are no more issues, then we shall finish up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE
    You now have a clean restore point, to get rid of the bad ones:
    • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
    • In the Drop down box that appears select your main drive e.g. C
    • Click OK
    • The System will do some calculation and the display a dialogue box with TABS
    • Select the More Options Tab.
    • At the bottom will be a system restore box with a CLEANUP button click this
    • Accept the Warning and select OK again, the program will close and you are done

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.
  11. Mark Roberts

    Mark Roberts Newcomer, in training Topic Starter

    For a day the messages stopped. Turned computer on - and the same messages "Malwarebytes Anti-Malware successfully blocked access to a potentially malicious site..." started again. Any suggestions?
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I'd like to see the protection logs please...

    Protection Logs are saved to:
    -- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-yyyy-mm-dd


    Please upload the latest.
  13. Mark Roberts

    Mark Roberts Newcomer, in training Topic Starter

    Sorry for the delay - was on travel all week

    The latest log is: (it took 8 hrs only because I shut the laptop down at night and it just continued in the morning when I opened it):

    Malwarebytes Anti-Malware (PRO) 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.09.11.04
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: KITCHENLAPTOP [administrator]
    Protection: Enabled
    9/12/2012 9:48:55 PM
    mbam-log-2012-09-12 (21-48-55).txt
    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 359091
    Time elapsed: 8 hour(s), 55 minute(s), 28 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That is a scan log. I need a protection log, please. Can you find it?
  15. Mark Roberts

    Mark Roberts Newcomer, in training Topic Starter

    Here are the last 6 - so far - no message today

    1.
    2012/09/13 15:10:22 -0400 KITCHENLAPTOP Owner MESSAGE Executing scheduled update: Daily
    2012/09/13 15:10:30 -0400 KITCHENLAPTOP Owner MESSAGE Scheduled update executed successfully: database updated from version v2012.09.11.04 to version v2012.09.13.09
    2012/09/13 15:10:30 -0400 KITCHENLAPTOP Owner MESSAGE Starting database refresh
    2012/09/13 15:10:30 -0400 KITCHENLAPTOP Owner MESSAGE Stopping IP protection
    2012/09/13 15:10:30 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection stopped successfully
    2012/09/13 15:10:37 -0400 KITCHENLAPTOP Owner MESSAGE Database refreshed successfully
    2012/09/13 15:10:37 -0400 KITCHENLAPTOP Owner MESSAGE Starting IP protection
    2012/09/13 15:10:43 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection started successfully
    2012/09/13 22:45:43 -0400 KITCHENLAPTOP Owner IP-BLOCK 208.73.210.29 (Type: outgoing)
    2012/09/13 22:45:46 -0400 KITCHENLAPTOP Owner IP-BLOCK 208.73.210.29 (Type: outgoing)
    2012/09/13 22:45:52 -0400 KITCHENLAPTOP Owner IP-BLOCK 208.73.210.29 (Type: outgoing)
    2012/09/13 22:51:10 -0400 KITCHENLAPTOP Owner IP-BLOCK 208.73.210.29 (Type: outgoing)
    2012/09/13 22:51:13 -0400 KITCHENLAPTOP Owner IP-BLOCK 208.73.210.29 (Type: outgoing)
    2012/09/13 22:51:19 -0400 KITCHENLAPTOP Owner IP-BLOCK 208.73.210.29 (Type: outgoing)

    2.
    2012/09/12 21:28:09 -0400 KITCHENLAPTOP Owner MESSAGE Starting protection
    2012/09/12 21:28:09 -0400 KITCHENLAPTOP Owner MESSAGE Protection started successfully
    2012/09/12 21:28:09 -0400 KITCHENLAPTOP Owner MESSAGE Starting IP protection
    2012/09/12 21:28:14 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection started successfully
    2012/09/12 21:39:50 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.104.188 (Type: outgoing)
    2012/09/12 21:40:01 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.104.188 (Type: outgoing)
    2012/09/12 21:41:23 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.104.188 (Type: outgoing)
    2012/09/12 21:42:31 -0400 KITCHENLAPTOP Owner IP-BLOCK 58.240.46.14 (Type: outgoing)
    3.
    2012/09/11 06:21:26 -0400 KITCHENLAPTOP Owner MESSAGE Starting protection
    2012/09/11 06:21:26 -0400 KITCHENLAPTOP Owner MESSAGE Protection started successfully
    2012/09/11 06:21:26 -0400 KITCHENLAPTOP Owner MESSAGE Starting IP protection
    2012/09/11 06:21:32 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection started successfully
    2012/09/11 06:23:07 -0400 KITCHENLAPTOP Owner MESSAGE Starting database refresh
    2012/09/11 06:23:07 -0400 KITCHENLAPTOP Owner MESSAGE Stopping IP protection
    2012/09/11 06:23:07 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection stopped successfully
    2012/09/11 06:23:14 -0400 KITCHENLAPTOP Owner MESSAGE Database refreshed successfully
    2012/09/11 06:23:14 -0400 KITCHENLAPTOP Owner MESSAGE Starting IP protection
    2012/09/11 06:23:31 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection started successfully
    2012/09/11 06:29:13 -0400 KITCHENLAPTOP Owner IP-BLOCK 98.142.220.171 (Type: outgoing)
    2012/09/11 06:44:19 -0400 KITCHENLAPTOP Owner IP-BLOCK 195.161.7.104 (Type: outgoing)
    2012/09/11 06:55:13 -0400 KITCHENLAPTOP Owner IP-BLOCK 222.65.109.29 (Type: outgoing)
    2012/09/11 06:55:58 -0400 KITCHENLAPTOP Owner IP-BLOCK 58.240.95.201 (Type: outgoing)
    2012/09/11 07:15:15 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.86.181 (Type: outgoing)
    2012/09/11 07:16:43 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.16.154 (Type: outgoing)
    2012/09/11 07:27:15 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.109.152 (Type: outgoing)
    2012/09/11 07:41:42 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.109.152 (Type: outgoing)
    2012/09/11 07:48:13 -0400 KITCHENLAPTOP Owner IP-BLOCK 193.138.245.74 (Type: incoming)
    2012/09/11 08:04:19 -0400 KITCHENLAPTOP Owner IP-BLOCK 58.241.56.191 (Type: outgoing)
    2012/09/11 16:45:25 -0400 KITCHENLAPTOP Owner MESSAGE Starting protection
    2012/09/11 16:45:25 -0400 KITCHENLAPTOP Owner MESSAGE Protection started successfully
    2012/09/11 16:45:25 -0400 KITCHENLAPTOP Owner MESSAGE Starting IP protection
    2012/09/11 16:45:30 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection started successfully

    4.
    2012/09/10 17:27:13 -0400 KITCHENLAPTOP MESSAGE Starting protection
    2012/09/10 17:27:22 -0400 KITCHENLAPTOP Owner MESSAGE Protection started successfully
    2012/09/10 17:27:25 -0400 KITCHENLAPTOP Owner MESSAGE Starting IP protection
    2012/09/10 17:27:30 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection started successfully
    2012/09/10 17:28:23 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.44.197 (Type: outgoing)
    2012/09/10 17:32:36 -0400 KITCHENLAPTOP Owner IP-BLOCK 87.248.162.159 (Type: outgoing)
    2012/09/10 17:40:50 -0400 KITCHENLAPTOP Owner MESSAGE Executing scheduled update: Daily
    2012/09/10 17:40:59 -0400 KITCHENLAPTOP Owner MESSAGE Database already up-to-date
    2012/09/10 17:45:56 -0400 KITCHENLAPTOP Owner IP-BLOCK 222.65.153.191 (Type: outgoing)
    2012/09/10 17:46:11 -0400 KITCHENLAPTOP Owner IP-BLOCK 115.84.178.29 (Type: outgoing)

    5.
    2012/09/09 00:09:22 -0400 KITCHENLAPTOP Owner IP-BLOCK 87.248.188.245 (Type: outgoing)
    2012/09/09 00:28:56 -0400 KITCHENLAPTOP Owner MESSAGE Starting protection
    2012/09/09 00:29:08 -0400 KITCHENLAPTOP Owner MESSAGE Protection started successfully
    2012/09/09 00:29:11 -0400 KITCHENLAPTOP Owner MESSAGE Starting IP protection
    2012/09/09 00:29:30 -0400 KITCHENLAPTOP Owner ERROR IP protection failed: PfBindInterfaceToIPAddress failed with error code 87
    2012/09/09 15:19:15 -0400 KITCHENLAPTOP Owner MESSAGE Executing scheduled update: Daily
    2012/09/09 15:19:24 -0400 KITCHENLAPTOP Owner MESSAGE Scheduled update executed successfully: database updated from version v2012.09.07.07 to version v2012.09.09.06
    2012/09/09 15:19:24 -0400 KITCHENLAPTOP Owner MESSAGE Starting database refresh
    2012/09/09 15:19:31 -0400 KITCHENLAPTOP Owner MESSAGE Database refreshed successfully

    6.
    2012/09/08 00:08:44 -0400 KITCHENLAPTOP Owner IP-BLOCK 58.241.78.55 (Type: outgoing)
    2012/09/08 00:08:49 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.2.210 (Type: outgoing)
    2012/09/08 00:10:41 -0400 KITCHENLAPTOP Owner IP-BLOCK 220.248.232.58 (Type: outgoing)
    2012/09/08 07:43:06 -0400 KITCHENLAPTOP Owner IP-BLOCK 77.78.210.128 (Type: outgoing)
    2012/09/08 07:43:34 -0400 KITCHENLAPTOP Owner IP-BLOCK 178.152.7.55 (Type: outgoing)
    2012/09/08 07:58:11 -0400 KITCHENLAPTOP Owner IP-BLOCK 77.78.210.128 (Type: outgoing)
    2012/09/08 12:47:17 -0400 KITCHENLAPTOP Owner IP-BLOCK 212.113.34.68 (Type: outgoing)
    2012/09/08 12:58:35 -0400 KITCHENLAPTOP Owner IP-BLOCK 195.216.179.146 (Type: outgoing)
    2012/09/08 13:00:01 -0400 KITCHENLAPTOP Owner IP-BLOCK 218.7.217.119 (Type: outgoing)
    2012/09/08 13:03:23 -0400 KITCHENLAPTOP Owner IP-BLOCK 77.78.210.128 (Type: outgoing)
    2012/09/08 16:18:07 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.38.210 (Type: outgoing)
    2012/09/08 16:19:01 -0400 KITCHENLAPTOP Owner IP-BLOCK 222.68.153.42 (Type: outgoing)
    2012/09/08 16:20:21 -0400 KITCHENLAPTOP Owner IP-BLOCK 93.103.86.126 (Type: outgoing)
    2012/09/08 16:54:58 -0400 KITCHENLAPTOP Owner MESSAGE Stopping IP protection
    2012/09/08 16:54:58 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection stopped
    2012/09/08 17:06:16 -0400 KITCHENLAPTOP MESSAGE Starting protection
    2012/09/08 17:06:24 -0400 KITCHENLAPTOP MESSAGE Protection started successfully
    2012/09/08 17:06:27 -0400 KITCHENLAPTOP MESSAGE Starting IP protection
    2012/09/08 17:06:34 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection started successfully
    2012/09/08 17:07:34 -0400 KITCHENLAPTOP Owner IP-BLOCK 77.78.247.227 (Type: outgoing)
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download Listparts
    Run the tool,
    check the "list BCD" box
    click "Scan" and post the log (Result.txt) it makes.


    avast! aswMBR

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
  17. Mark Roberts

    Mark Roberts Newcomer, in training Topic Starter

    No Malware blocking messages for 2 days now! (Keeping fingers crossed)

    1. Results.txt log
    ListParts by Farbar Version: 15-09-2012
    Ran by Owner (administrator) on 16-09-2012 at 09:14:38
    Windows XP (X86)
    Running From: C:\TEMP
    Language: 0409
    ************************************************************
    ========================= Memory info ======================
    Percentage of memory in use: 49%
    Total physical RAM: 2046.48 MB
    Available physical RAM: 1043.54 MB
    Total Pagefile: 3938.12 MB
    Available Pagefile: 2894.08 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1999.94 MB
    ======================= Partitions =========================
    1 Drive c: () (Fixed) (Total:87.29 GB) (Free:40.7 GB) NTFS ==>[Drive with boot components (Windows XP)]
    2 Drive d: (RECOVERY) (Fixed) (Total:5.85 GB) (Free:4.02 GB) FAT32
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 93 GB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 6001 MB 32 KB
    Partition 2 Primary 87 GB 6001 MB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 D RECOVERY FAT32 Partition 6001 MB Healthy
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 87 GB Healthy System (partition with boot components)
    ======================================================================================================
    ****** End Of Log ******



    2. aswMBR.txt log:
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-16 09:17:41
    -----------------------------
    09:17:41.328 OS Version: Windows 5.1.2600 Service Pack 3
    09:17:41.328 Number of processors: 1 586 0xD08
    09:17:41.328 ComputerName: KITCHENLAPTOP UserName: Owner
    09:17:42.890 Initialize success
    09:20:20.609 AVAST engine defs: 12091400
    09:24:59.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    09:24:59.828 Disk 0 Vendor: HTS541010G9AT00 MBZOA60A Size: 95396MB BusType: 3
    09:24:59.859 Disk 0 MBR read successfully
    09:24:59.859 Disk 0 MBR scan
    09:24:59.890 Disk 0 unknown MBR code
    09:24:59.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 89385 MB offset 12289725
    09:24:59.921 Disk 0 Partition 2 00 0B FAT32 RECOVERY 6000 MB offset 63
    09:24:59.921 Disk 0 scanning sectors +195350400
    09:25:00.015 Disk 0 scanning C:\WINDOWS\system32\drivers
    09:25:14.843 Service scanning
    09:25:35.734 Modules scanning
    09:25:44.437 Disk 0 trace - called modules:
    09:25:44.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    09:25:44.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6fe740]
    09:25:44.968 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\00000099[0x8a72f9e8]
    09:25:44.968 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a72fd98]
    09:25:45.796 AVAST engine scan C:\WINDOWS
    09:26:06.921 AVAST engine scan C:\WINDOWS\system32
    09:28:41.468 AVAST engine scan C:\WINDOWS\system32\drivers
    09:28:57.671 AVAST engine scan C:\Documents and Settings\Owner
    09:35:50.828 AVAST engine scan C:\Documents and Settings\All Users
    09:45:07.968 Disk 0 MBR has been saved successfully to "C:\TEMP\LOGS\MBR.dat"
    09:45:07.968 The log file has been saved successfully to "C:\TEMP\LOGS\aswMBR.txt"

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-16 09:45:49
    -----------------------------
    09:45:49.609 OS Version: Windows 5.1.2600 Service Pack 3
    09:45:49.609 Number of processors: 1 586 0xD08
    09:45:49.609 ComputerName: KITCHENLAPTOP UserName: Owner
    09:45:52.156 Initialize success
    09:47:40.671 AVAST engine defs: 12091400
    09:50:31.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    09:50:31.921 Disk 0 Vendor: HTS541010G9AT00 MBZOA60A Size: 95396MB BusType: 3
    09:50:32.031 Disk 0 MBR read successfully
    09:50:32.031 Disk 0 MBR scan
    09:50:32.109 Disk 0 unknown MBR code
    09:50:32.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 89385 MB offset 12289725
    09:50:32.156 Disk 0 Partition 2 00 0B FAT32 RECOVERY 6000 MB offset 63
    09:50:32.187 Disk 0 scanning sectors +195350400
    09:50:32.296 Disk 0 scanning C:\WINDOWS\system32\drivers
    09:51:00.062 Service scanning
    09:51:36.640 Modules scanning
    09:52:11.078 Disk 0 trace - called modules:
    09:52:11.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    09:52:11.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6fe740]
    09:52:11.234 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\00000099[0x8a72f9e8]
    09:52:11.234 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a72fd98]
    09:52:13.062 AVAST engine scan C:\WINDOWS
    09:52:52.062 AVAST engine scan C:\WINDOWS\system32
    09:58:33.250 AVAST engine scan C:\WINDOWS\system32\drivers
    09:59:29.375 AVAST engine scan C:\Documents and Settings\Owner
    10:06:47.375 AVAST engine scan C:\Documents and Settings\All Users
    10:26:37.968 Scan finished successfully
    10:28:34.609 Disk 0 MBR has been saved successfully to "C:\TEMP\LOGS\MBR.dat"
    10:28:34.625 The log file has been saved successfully to "C:\TEMP\LOGS\aswMBR.txt"
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Upload this file please: C:\TEMP\LOGS\MBR.dat
  19. Mark Roberts

    Mark Roberts Newcomer, in training Topic Starter

    When I go to upload the file I get a message from your website that "the file does not have an allowable extension". Should I change the extension to .txt before I upload it?
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yes, please try that.
  21. Mark Roberts

    Mark Roberts Newcomer, in training Topic Starter

    MBR.dat file uploaded (with extension changed to .txt)

    Attached Files:

    • MBR.txt
      File size:
      512 bytes
      Views:
      2
  22. Mark Roberts

    Mark Roberts Newcomer, in training Topic Starter

    No Malwarebytes Anti-Malware blocking messages for 4 days now :)
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi! Your logs appear to be clean. If there are no more issues, then we shall finish up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE
    You now have a clean restore point, to get rid of the bad ones:
    • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
    • In the Drop down box that appears select your main drive e.g. C
    • Click OK
    • The System will do some calculation and the display a dialogue box with TABS
    • Select the More Options Tab.
    • At the bottom will be a system restore box with a CLEANUP button click this
    • Accept the Warning and select OK again, the program will close and you are done

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Topic marked solved.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.