Solved Malwarebytes Anti-Malware successfully blocked access to a potentially malicious site

[Mark Roberts]

I have been getting this message to pop up the past 2 weeks. I have tried EVERYTHING to get the messages to stop. The IP listed changes - various ones - every now and then they are the same. All help appreciated. I know this thread has been discussed before but it seems the solution is always different depending on the logs. Anyway - if anyone cal help.

Thanks

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please review the 5-Step removal instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

 

[Mark Roberts]

Ok - Thank You Here are the initial Logs:


[FONT=Times New Roman]1. Malwarebytes' Anti-Malware "Quick Scan Only":[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Malwarebytes Anti-Malware (PRO) 1.62.0.1300[/FONT]
[FONT=Times New Roman]www.malwarebytes.org[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Database version: v2012.09.07.07[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Windows XP Service Pack 3 x86 NTFS[/FONT]
[FONT=Times New Roman]Internet Explorer 8.0.6001.18702[/FONT]
[FONT=Times New Roman]Owner :: KITCHENLAPTOP [administrator][/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Protection: Enabled[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]9/7/2012 7:34:55 AM[/FONT]
[FONT=Times New Roman]mbam-log-2012-09-07 (07-34-55).txt[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Scan type: Quick scan[/FONT]
[FONT=Times New Roman]Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM[/FONT]
[FONT=Times New Roman]Scan options disabled: P2P[/FONT]
[FONT=Times New Roman]Objects scanned: 208969[/FONT]
[FONT=Times New Roman]Time elapsed: 7 minute(s), 47 second(s)[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Memory Processes Detected: 0[/FONT]
[FONT=Times New Roman](No malicious items detected)[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Memory Modules Detected: 0[/FONT]
[FONT=Times New Roman](No malicious items detected)[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Registry Keys Detected: 0[/FONT]
[FONT=Times New Roman](No malicious items detected)[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Registry Values Detected: 0[/FONT]
[FONT=Times New Roman](No malicious items detected)[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Registry Data Items Detected: 0[/FONT]
[FONT=Times New Roman](No malicious items detected)[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Folders Detected: 0[/FONT]
[FONT=Times New Roman](No malicious items detected)[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Files Detected: 0[/FONT]
[FONT=Times New Roman](No malicious items detected)[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman](end)[/FONT]
[FONT=Times New Roman] [/FONT]


2. GMER Log: (It just automatically did this quick scan when I downloaded it)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-07 07:52:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541010G9AT00 rev.MBZOA60A
Running: 63i6mxhx.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwlyqkoc.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----





3. DDS Scans:

A. Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/22/2010 1:45:58 AM
System Uptime: 9/6/2012 5:33:49 PM (14 hours ago)
.
Motherboard: Gateway | |
Processor: Intel(R) Pentium(R) M processor 1.73GHz | uFCPGA2 | 1054/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 87 GiB total, 40.479 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 4.021 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27018086&REV_05\4&AD1B67F&0&20F0
Manufacturer: Intel(R) Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27018086&REV_05\4&AD1B67F&0&20F0
Service: w29n51
.
==== System Restore Points ===================
.
RP637: 6/10/2012 6:07:26 AM - System Checkpoint
RP638: 6/11/2012 6:51:30 AM - System Checkpoint
RP639: 6/13/2012 11:29:50 AM - System Checkpoint
RP640: 6/14/2012 6:52:00 PM - System Checkpoint
RP641: 6/15/2012 11:57:42 PM - System Checkpoint
RP642: 6/17/2012 12:23:51 AM - System Checkpoint
RP643: 6/18/2012 5:39:00 PM - System Checkpoint
RP644: 6/19/2012 7:16:45 PM - System Checkpoint
RP645: 6/21/2012 6:43:37 PM - System Checkpoint
RP646: 6/24/2012 2:18:10 PM - System Checkpoint
RP647: 6/25/2012 3:17:11 PM - System Checkpoint
RP648: 6/26/2012 6:39:02 PM - System Checkpoint
RP649: 6/27/2012 10:06:46 PM - System Checkpoint
RP650: 6/29/2012 12:35:21 AM - System Checkpoint
RP651: 7/1/2012 10:13:05 PM - System Checkpoint
RP652: 7/2/2012 10:35:47 PM - System Checkpoint
RP653: 7/4/2012 3:50:31 PM - System Checkpoint
RP654: 7/6/2012 9:56:05 AM - System Checkpoint
RP655: 7/7/2012 11:00:13 PM - System Checkpoint
RP656: 7/9/2012 10:12:08 AM - System Checkpoint
RP657: 7/10/2012 9:40:23 PM - System Checkpoint
RP658: 7/11/2012 10:39:06 PM - System Checkpoint
RP659: 7/13/2012 7:09:33 AM - System Checkpoint
RP660: 7/14/2012 10:29:01 AM - System Checkpoint
RP661: 7/16/2012 10:12:01 AM - System Checkpoint
RP662: 7/17/2012 7:05:59 PM - System Checkpoint
RP663: 7/18/2012 10:48:04 PM - System Checkpoint
RP664: 7/20/2012 10:32:29 PM - System Checkpoint
RP665: 7/21/2012 10:56:52 PM - System Checkpoint
RP666: 7/23/2012 9:45:32 AM - System Checkpoint
RP667: 7/25/2012 4:20:47 PM - System Checkpoint
RP668: 7/27/2012 9:16:38 AM - System Checkpoint
RP669: 7/28/2012 9:57:25 AM - System Checkpoint
RP670: 7/29/2012 11:17:09 AM - System Checkpoint
RP671: 7/30/2012 9:01:59 PM - System Checkpoint
RP672: 7/31/2012 10:35:54 PM - System Checkpoint
RP673: 8/2/2012 11:38:48 AM - System Checkpoint
RP674: 8/3/2012 7:07:25 PM - System Checkpoint
RP675: 8/4/2012 11:15:48 PM - System Checkpoint
RP676: 8/6/2012 6:26:10 AM - System Checkpoint
RP677: 8/7/2012 9:16:33 AM - System Checkpoint
RP678: 8/9/2012 12:12:19 AM - System Checkpoint
RP679: 8/10/2012 3:55:15 PM - System Checkpoint
RP680: 8/11/2012 5:16:22 PM - System Checkpoint
RP681: 8/12/2012 5:29:52 PM - System Checkpoint
RP682: 8/14/2012 11:37:04 AM - System Checkpoint
RP683: 8/16/2012 1:30:48 PM - Installed Microsoft Fix it 50195
RP684: 8/16/2012 1:37:48 PM - Restore Operation
RP685: 8/16/2012 6:55:55 PM - Spyware Terminator - restore point
RP686: 8/17/2012 9:10:23 PM - System Checkpoint
RP687: 8/19/2012 10:05:35 AM - Software Distribution Service 3.0
RP688: 8/19/2012 10:58:07 AM - Software Distribution Service 3.0
RP689: 8/19/2012 9:20:11 PM - Removed Java(TM) 6 Update 20
RP690: 8/20/2012 6:06:47 PM - Removed Bonjour
RP691: 8/21/2012 6:44:49 PM - System Checkpoint
RP692: 8/22/2012 7:56:06 AM - Restore Operation
RP693: 8/22/2012 5:59:57 PM - Removed Apple Application Support
RP694: 8/22/2012 6:00:56 PM - Removed Apple Mobile Device Support
RP695: 8/23/2012 7:27:14 PM - System Checkpoint
RP696: 8/25/2012 8:25:53 PM - System Checkpoint
RP697: 8/27/2012 7:25:31 AM - System Checkpoint
RP698: 8/28/2012 9:47:42 AM - System Checkpoint
RP699: 8/29/2012 7:10:21 PM - System Checkpoint
RP700: 8/30/2012 10:19:27 PM - System Checkpoint
RP701: 9/1/2012 9:39:26 AM - System Checkpoint
RP702: 9/2/2012 11:06:42 AM - System Checkpoint
RP703: 9/3/2012 12:03:38 PM - System Checkpoint
RP704: 9/4/2012 7:28:21 PM - System Checkpoint
RP705: 9/5/2012 7:54:18 PM - System Checkpoint
RP706: 9/6/2012 8:51:24 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0
America Online (Choose which version to remove)
ATI Control Panel
ATI Display Driver
Conexant AC-Link Audio
ESET Online Scanner v3
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
Java 2 Runtime Environment, SE v1.4.2
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 4 Client Profile
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MWSnap 3
Nero BurnRights
Nero OEM
PowerDVD
QuickTime
RealPlayer Basic
Recovery Software Suite Gateway
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SoftV92 Data Fax Modem with SmartCP
Spybot - Search & Destroy
Spyware Terminator
SUPERAntiSpyware
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TIxx21
TWC Client ActiveX Controls
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
9/3/2012 8:16:44 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
9/2/2012 9:35:00 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00E0B882256A. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/2/2012 10:16:12 AM, error: DCOM [10000] - Unable to start a DCOM Server: {022105BD-948A-40C9-AB42-A3300DDF097F}. The error: "%6" Happened while starting this command: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" -Embedding
9/1/2012 9:43:46 AM, error: DCOM [10000] - Unable to start a DCOM Server: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. The error: "%6" Happened while starting this command: "C:\Program Files\Google\Update\1.3.21.111\GoogleUpdateOnDemand.exe" -Embedding
9/1/2012 11:25:29 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
9/1/2012 10:10:15 AM, error: Service Control Manager [7000] - The McAfee Task Scheduler service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

B. DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 7:52:43 on 2012-09-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1177 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Malware\mbamgui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Malware\mbamservice.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://penelopesoasis.com/2011/wise-marriage-advice.html
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malware\mbamgui.exe" /starttray
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBC}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: sprint.com
Trusted Zone: sprint.com\www
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{706DA5E6-40E7-433B-986C-03E8C0596084} : DhcpNameServer = 209.18.47.61 209.18.47.62
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-8-23 142592]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 MBAMService;MBAMService;c:\program files\malware\mbamservice.exe [2012-8-16 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-23 22344]
S0 IFP300;iriver Internet Audio Player IFP-300;c:\windows\system32\drivers\ifp300.sys --> c:\windows\system32\drivers\ifp300.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-22 136176]
S2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe --> c:\progra~1\mcafee.com\agent\mctskshd.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-22 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-07 11:05:44 -------- d-----w- C:\oldlogs
2012-09-01 21:58:00 -------- d-sha-r- C:\cmdcons
2012-08-22 11:57:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-08-22 11:57:59 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-21 10:44:28 -------- d-----w- c:\windows\pss
2012-08-20 02:07:31 -------- d-----w- c:\program files\ESET
2012-08-20 01:23:10 3993600 ----a-w- c:\program files\GUT22.tmp
2012-08-20 01:23:10 -------- d-----w- c:\program files\GUM21.tmp
2012-08-20 01:20:39 53352 ----a-w- c:\windows\system32\jpicpl32.cpl
2012-08-20 01:16:33 -------- d-----w- c:\program files\GUMD.tmp
2012-08-19 04:19:06 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-08-19 04:17:27 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-19 04:17:27 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-16 23:10:29 -------- d-----w- c:\program files\Malware
.
==================== Find3M ====================
.
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 7:53:24.25 ===============


4. AdwCleaner Log:


# AdwCleaner v2.000 - Logfile created 09/07/2012 at 08:00:23
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - KITCHENLAPTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QR8IDOT9\adwcleaner[1].exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Viewpoint
***** [Registry] *****
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\S-1-5-21-3378278228-2059735243-2500004591-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v21.0.1180.89
File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2213 octets] - [07/09/2012 07:59:35]
AdwCleaner[R2].txt - [2232 octets] - [07/09/2012 08:00:23]
########## EOF - C:\AdwCleaner[R2].txt - [2292 octets] ##########

 

[Jay Pfoutz]

Remove the Adware.

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with OK.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the log.


Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

 

[Mark Roberts]

Here are the 2 logs:

1. AdwCleaner[S1]

# AdwCleaner v2.000 - Logfile created 09/07/2012 at 18:48:31
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - KITCHENLAPTOP
# Boot Mode : Normal
# Running from : C:\TEMP\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Viewpoint
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Google Chrome v21.0.1180.89
File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2213 octets] - [07/09/2012 07:59:35]
AdwCleaner[R2].txt - [2361 octets] - [07/09/2012 08:00:23]
AdwCleaner[S1].txt - [2504 octets] - [07/09/2012 18:48:31]
########## EOF - C:\AdwCleaner[S1].txt - [2564 octets] ##########




2. TDSSKiller - note - after scan was done and it said it found 6 objects - it never gave 3 options to continue. It just stopped and went to the ititial scan again screen.

19:03:28.0406 3200 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:03:28.0812 3200 ============================================================
19:03:28.0812 3200 Current date / time: 2012/09/07 19:03:28.0812
19:03:28.0812 3200 SystemInfo:
19:03:28.0812 3200
19:03:28.0812 3200 OS Version: 5.1.2600 ServicePack: 3.0
19:03:28.0812 3200 Product type: Workstation
19:03:28.0812 3200 ComputerName: KITCHENLAPTOP
19:03:28.0812 3200 UserName: Owner
19:03:28.0812 3200 Windows directory: C:\WINDOWS
19:03:28.0812 3200 System windows directory: C:\WINDOWS
19:03:28.0812 3200 Processor architecture: Intel x86
19:03:28.0812 3200 Number of processors: 1
19:03:28.0812 3200 Page size: 0x1000
19:03:28.0812 3200 Boot type: Normal boot
19:03:28.0812 3200 ============================================================
19:03:30.0687 3200 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:03:30.0687 3200 ============================================================
19:03:30.0687 3200 \Device\Harddisk0\DR0:
19:03:30.0687 3200 MBR partitions:
19:03:30.0687 3200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xBB86BD, BlocksNum 0xAE948C3
19:03:30.0687 3200 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xBB867E
19:03:30.0687 3200 ============================================================
19:03:30.0750 3200 C: <-> \Device\Harddisk0\DR0\Partition1
19:03:30.0750 3200 D: <-> \Device\Harddisk0\DR0\Partition2
19:03:30.0750 3200 ============================================================
19:03:30.0750 3200 Initialize success
19:03:30.0750 3200 ============================================================
19:04:27.0406 2348 ============================================================
19:04:27.0406 2348 Scan started
19:04:27.0406 2348 Mode: Manual; SigCheck; TDLFS;
19:04:27.0406 2348 ============================================================
19:04:28.0875 2348 ================ Scan system memory ========================
19:04:28.0890 2348 System memory - ok
19:04:28.0890 2348 ================ Scan services =============================
19:04:29.0265 2348 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:04:29.0500 2348 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
19:04:29.0500 2348 !SASCORE - detected UnsignedFile.Multi.Generic (1)
19:04:29.0687 2348 Abiosdsk - ok
19:04:29.0734 2348 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:04:29.0859 2348 abp480n5 - ok
19:04:29.0906 2348 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:04:30.0171 2348 ACPI - ok
19:04:30.0187 2348 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:04:30.0328 2348 ACPIEC - ok
19:04:30.0343 2348 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:04:30.0468 2348 adpu160m - ok
19:04:30.0500 2348 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:04:30.0640 2348 aec - ok
19:04:30.0671 2348 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:04:30.0703 2348 AFD - ok
19:04:30.0718 2348 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
19:04:30.0859 2348 agp440 - ok
19:04:30.0875 2348 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:04:30.0984 2348 agpCPQ - ok
19:04:30.0984 2348 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:04:31.0046 2348 Aha154x - ok
19:04:31.0078 2348 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:04:31.0203 2348 aic78u2 - ok
19:04:31.0203 2348 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:04:31.0343 2348 aic78xx - ok
19:04:31.0375 2348 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:04:31.0500 2348 Alerter - ok
19:04:31.0515 2348 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:04:31.0656 2348 ALG - ok
19:04:31.0671 2348 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
19:04:31.0796 2348 AliIde - ok
19:04:31.0828 2348 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:04:31.0953 2348 alim1541 - ok
19:04:31.0953 2348 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:04:32.0078 2348 amdagp - ok
19:04:32.0093 2348 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
19:04:32.0140 2348 amsint - ok
19:04:32.0140 2348 AppMgmt - ok
19:04:32.0203 2348 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:04:32.0328 2348 Arp1394 - ok
19:04:32.0343 2348 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
19:04:32.0468 2348 asc - ok
19:04:32.0484 2348 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:04:32.0531 2348 asc3350p - ok
19:04:32.0546 2348 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:04:32.0671 2348 asc3550 - ok
19:04:32.0703 2348 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
19:04:32.0703 2348 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
19:04:32.0703 2348 ASCTRM - detected UnsignedFile.Multi.Generic (1)
19:04:32.0796 2348 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
19:04:32.0812 2348 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
19:04:32.0812 2348 aspnet_state - detected UnsignedFile.Multi.Generic (1)
19:04:32.0812 2348 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:04:32.0953 2348 AsyncMac - ok
19:04:32.0953 2348 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:04:33.0062 2348 atapi - ok
19:04:33.0078 2348 Atdisk - ok
19:04:33.0109 2348 [ D80EB0B6A201B6680A5FC627963781F6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:04:33.0171 2348 Ati HotKey Poller - ok
19:04:33.0234 2348 [ E42F83F1E85CF0B9F9873851543DCD9D ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:04:33.0343 2348 ati2mtag - ok
19:04:33.0421 2348 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:04:33.0546 2348 Atmarpc - ok
19:04:33.0656 2348 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:04:33.0843 2348 AudioSrv - ok
19:04:33.0953 2348 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:04:34.0156 2348 audstub - ok
19:04:34.0250 2348 [ 84853F800CD69252C3C764FE50D0346F ] AVGIDSEH C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:04:34.0265 2348 AVGIDSEH - ok
19:04:34.0312 2348 [ 2DC524A5D9C4879E7A7CB7100A2D36B4 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:04:34.0359 2348 b57w2k - ok
19:04:34.0375 2348 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:04:34.0562 2348 Beep - ok
19:04:34.0671 2348 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:04:34.0906 2348 BITS - ok
19:04:34.0953 2348 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:04:34.0968 2348 Browser - ok
19:04:35.0000 2348 [ DE801BBC3EC95AEC556947CF6B1B6E1C ] CAMCAUD C:\WINDOWS\system32\drivers\camcaud.sys
19:04:35.0031 2348 CAMCAUD - ok
19:04:35.0062 2348 [ CB9EDA5216B6218E0A377813A767BF7E ] CAMCHALA C:\WINDOWS\system32\drivers\camchal.sys
19:04:35.0125 2348 CAMCHALA - ok
19:04:35.0125 2348 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:04:35.0390 2348 cbidf - ok
19:04:35.0406 2348 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:04:35.0531 2348 cbidf2k - ok
19:04:35.0531 2348 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:04:35.0593 2348 cd20xrnt - ok
19:04:35.0609 2348 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:04:35.0734 2348 Cdaudio - ok
19:04:35.0750 2348 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:04:35.0875 2348 Cdfs - ok
19:04:35.0890 2348 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:04:36.0015 2348 Cdrom - ok
19:04:36.0031 2348 Changer - ok
19:04:36.0078 2348 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:04:36.0187 2348 CiSvc - ok
19:04:36.0203 2348 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:04:36.0312 2348 ClipSrv - ok
19:04:36.0390 2348 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:04:36.0406 2348 clr_optimization_v4.0.30319_32 - ok
19:04:36.0421 2348 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:04:36.0562 2348 CmBatt - ok
19:04:36.0593 2348 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:04:36.0718 2348 CmdIde - ok
19:04:36.0718 2348 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:04:36.0828 2348 Compbatt - ok
19:04:36.0843 2348 COMSysApp - ok
19:04:36.0859 2348 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:04:36.0968 2348 Cpqarray - ok
19:04:37.0015 2348 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:04:37.0156 2348 CryptSvc - ok
19:04:37.0156 2348 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:04:37.0281 2348 dac2w2k - ok
19:04:37.0296 2348 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:04:37.0453 2348 dac960nt - ok
19:04:37.0515 2348 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:04:37.0531 2348 DcomLaunch - ok
19:04:37.0562 2348 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:04:37.0687 2348 Dhcp - ok
19:04:37.0734 2348 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:04:37.0843 2348 Disk - ok
19:04:37.0843 2348 dmadmin - ok
19:04:37.0921 2348 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:04:38.0125 2348 dmboot - ok
19:04:38.0156 2348 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:04:38.0281 2348 dmio - ok
19:04:38.0359 2348 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:04:38.0562 2348 dmload - ok
19:04:38.0640 2348 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:04:38.0765 2348 dmserver - ok
19:04:38.0796 2348 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:04:38.0921 2348 DMusic - ok
19:04:38.0968 2348 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:04:39.0000 2348 Dnscache - ok
19:04:39.0046 2348 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:04:39.0156 2348 Dot3svc - ok
19:04:39.0187 2348 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:04:39.0328 2348 dpti2o - ok
19:04:39.0375 2348 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:04:39.0515 2348 drmkaud - ok
19:04:39.0531 2348 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:04:39.0656 2348 EapHost - ok
19:04:39.0703 2348 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:04:39.0828 2348 ERSvc - ok
19:04:39.0875 2348 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:04:39.0890 2348 Eventlog - ok
19:04:39.0937 2348 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:04:39.0968 2348 EventSystem - ok
19:04:39.0984 2348 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:04:40.0109 2348 Fastfat - ok
19:04:40.0156 2348 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:04:40.0187 2348 FastUserSwitchingCompatibility - ok
19:04:40.0218 2348 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:04:40.0343 2348 Fdc - ok
19:04:40.0375 2348 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:04:40.0531 2348 Fips - ok
19:04:40.0640 2348 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:04:40.0781 2348 Flpydisk - ok
19:04:40.0828 2348 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:04:40.0968 2348 FltMgr - ok
19:04:41.0015 2348 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:04:41.0171 2348 Fs_Rec - ok
19:04:41.0187 2348 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:04:41.0359 2348 Ftdisk - ok
19:04:41.0390 2348 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:04:41.0531 2348 Gpc - ok
19:04:41.0593 2348 gupdate - ok
19:04:41.0609 2348 gupdatem - ok
19:04:41.0656 2348 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:04:41.0671 2348 gusvc - ok
19:04:41.0765 2348 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:04:41.0875 2348 helpsvc - ok
19:04:41.0906 2348 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:04:42.0031 2348 HidServ - ok
19:04:42.0062 2348 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:04:42.0218 2348 HidUsb - ok
19:04:42.0359 2348 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:04:42.0500 2348 hkmsvc - ok
19:04:42.0531 2348 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
19:04:42.0671 2348 hpn - ok
19:04:42.0718 2348 [ 140BA850417896B6B3322048DE280368 ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
19:04:42.0765 2348 HSFHWICH - ok
19:04:42.0828 2348 [ B2DFC168D6F7512FAEA085253C5A37AD ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:04:42.0984 2348 HSF_DP - ok
19:04:43.0031 2348 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:04:43.0078 2348 HTTP - ok
19:04:43.0093 2348 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:04:43.0296 2348 HTTPFilter - ok
19:04:43.0359 2348 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
19:04:43.0593 2348 i2omgmt - ok
19:04:43.0609 2348 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:04:43.0734 2348 i2omp - ok
19:04:43.0750 2348 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:04:43.0875 2348 i8042prt - ok
19:04:43.0875 2348 IFP300 - ok
19:04:43.0875 2348 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:04:44.0015 2348 Imapi - ok
19:04:44.0062 2348 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:04:44.0187 2348 ImapiService - ok
19:04:44.0234 2348 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:04:44.0359 2348 ini910u - ok
19:04:44.0375 2348 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:04:44.0484 2348 IntelIde - ok
19:04:44.0531 2348 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:04:44.0640 2348 intelppm - ok
19:04:44.0656 2348 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:04:44.0781 2348 Ip6Fw - ok
19:04:44.0812 2348 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:04:44.0921 2348 IpFilterDriver - ok
19:04:45.0000 2348 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:04:45.0140 2348 IpInIp - ok
19:04:45.0171 2348 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:04:45.0296 2348 IpNat - ok
19:04:45.0343 2348 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:04:45.0453 2348 IPSec - ok
19:04:45.0484 2348 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:04:45.0625 2348 IRENUM - ok
19:04:45.0640 2348 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:04:45.0750 2348 isapnp - ok
19:04:45.0781 2348 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:04:45.0906 2348 Kbdclass - ok
19:04:45.0937 2348 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:04:46.0046 2348 kbdhid - ok
19:04:46.0078 2348 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:04:46.0218 2348 kmixer - ok
19:04:46.0234 2348 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:04:46.0234 2348 KSecDD - ok
19:04:46.0281 2348 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:04:46.0296 2348 lanmanserver - ok
19:04:46.0359 2348 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:04:46.0375 2348 lanmanworkstation - ok
19:04:46.0390 2348 lbrtfdc - ok
19:04:46.0437 2348 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:04:46.0546 2348 LmHosts - ok
19:04:46.0578 2348 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
19:04:46.0734 2348 LPDSVC - ok
19:04:46.0812 2348 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
19:04:46.0828 2348 MBAMProtector - ok
19:04:46.0906 2348 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malware\mbamservice.exe
19:04:46.0953 2348 MBAMService - ok
19:04:46.0953 2348 McTskshd.exe - ok
19:04:47.0015 2348 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:04:47.0046 2348 mdmxsdk - ok
19:04:47.0078 2348 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:04:47.0218 2348 Messenger - ok
19:04:47.0343 2348 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:04:47.0562 2348 mnmdd - ok
19:04:47.0578 2348 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:04:47.0765 2348 mnmsrvc - ok
19:04:47.0812 2348 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:04:48.0000 2348 Modem - ok
19:04:48.0031 2348 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:04:48.0203 2348 Mouclass - ok
19:04:48.0234 2348 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:04:48.0437 2348 mouhid - ok
19:04:48.0484 2348 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:04:48.0656 2348 MountMgr - ok
19:04:48.0671 2348 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:04:48.0875 2348 mraid35x - ok
19:04:48.0890 2348 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:04:49.0046 2348 MRxDAV - ok
19:04:49.0109 2348 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:04:49.0171 2348 MRxSmb - ok
19:04:49.0218 2348 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:04:49.0343 2348 MSDTC - ok
19:04:49.0343 2348 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:04:49.0484 2348 Msfs - ok
19:04:49.0484 2348 MSIServer - ok
19:04:49.0515 2348 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:04:49.0625 2348 MSKSSRV - ok
19:04:49.0640 2348 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:04:49.0781 2348 MSPCLOCK - ok
19:04:49.0812 2348 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:04:49.0937 2348 MSPQM - ok
19:04:49.0968 2348 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:04:50.0093 2348 mssmbios - ok
19:04:50.0125 2348 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:04:50.0187 2348 Mup - ok
19:04:50.0218 2348 [ E1CDF20697D992CF83FF86DD04DF1285 ] mxnic C:\WINDOWS\system32\DRIVERS\mxnic.sys
19:04:50.0359 2348 mxnic - ok
19:04:50.0406 2348 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:04:50.0546 2348 napagent - ok
19:04:50.0578 2348 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:04:50.0687 2348 NDIS - ok
19:04:50.0734 2348 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:04:50.0765 2348 NdisTapi - ok
19:04:50.0796 2348 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:04:50.0921 2348 Ndisuio - ok
19:04:50.0921 2348 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:04:51.0046 2348 NdisWan - ok
19:04:51.0062 2348 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:04:51.0078 2348 NDProxy - ok
19:04:51.0109 2348 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:04:51.0296 2348 NetBIOS - ok
19:04:51.0343 2348 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:04:51.0500 2348 NetBT - ok
19:04:51.0609 2348 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:04:51.0750 2348 NetDDE - ok
19:04:51.0750 2348 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:04:51.0875 2348 NetDDEdsdm - ok
19:04:51.0921 2348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:04:52.0046 2348 Netlogon - ok
19:04:52.0109 2348 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:04:52.0234 2348 Netman - ok
19:04:52.0281 2348 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:04:52.0421 2348 NIC1394 - ok
19:04:52.0468 2348 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:04:52.0515 2348 Nla - ok
19:04:52.0515 2348 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:04:52.0625 2348 Npfs - ok
19:04:52.0687 2348 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:04:52.0843 2348 Ntfs - ok
19:04:52.0859 2348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:04:52.0968 2348 NtLmSsp - ok
19:04:53.0031 2348 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:04:53.0203 2348 NtmsSvc - ok
19:04:53.0234 2348 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:04:53.0375 2348 Null - ok
19:04:53.0484 2348 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:04:53.0781 2348 nv - ok
19:04:53.0812 2348 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:04:54.0109 2348 NwlnkFlt - ok
19:04:54.0140 2348 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:04:54.0343 2348 NwlnkFwd - ok
19:04:54.0406 2348 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:04:54.0546 2348 ohci1394 - ok
19:04:54.0656 2348 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:04:54.0656 2348 ose - ok
19:04:54.0687 2348 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
19:04:54.0843 2348 P3 - ok
19:04:54.0875 2348 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:04:55.0015 2348 Parport - ok
19:04:55.0031 2348 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:04:55.0140 2348 PartMgr - ok
19:04:55.0187 2348 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:04:55.0328 2348 ParVdm - ok
19:04:55.0343 2348 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:04:55.0453 2348 PCI - ok
19:04:55.0453 2348 PCIDump - ok
19:04:55.0484 2348 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:04:55.0625 2348 PCIIde - ok
19:04:55.0656 2348 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:04:55.0781 2348 Pcmcia - ok
19:04:55.0781 2348 PDCOMP - ok
19:04:55.0796 2348 PDFRAME - ok
19:04:55.0812 2348 PDRELI - ok
19:04:55.0812 2348 PDRFRAME - ok
19:04:55.0828 2348 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
19:04:55.0953 2348 perc2 - ok
19:04:55.0953 2348 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:04:56.0109 2348 perc2hib - ok
19:04:56.0187 2348 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:04:56.0203 2348 PlugPlay - ok
19:04:56.0203 2348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:04:56.0328 2348 PolicyAgent - ok
19:04:56.0359 2348 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:04:56.0500 2348 PptpMiniport - ok
19:04:56.0546 2348 [ F3C8D6E59A36D4DD5729782015E685A8 ] PrismXL C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
19:04:56.0562 2348 PrismXL ( UnsignedFile.Multi.Generic ) - warning
19:04:56.0562 2348 PrismXL - detected UnsignedFile.Multi.Generic (1)
19:04:56.0562 2348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:04:56.0687 2348 ProtectedStorage - ok
19:04:56.0703 2348 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:04:56.0828 2348 PSched - ok
19:04:56.0828 2348 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:04:56.0953 2348 Ptilink - ok
19:04:56.0953 2348 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:04:57.0093 2348 ql1080 - ok
19:04:57.0109 2348 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:04:57.0296 2348 Ql10wnt - ok
19:04:57.0312 2348 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:04:57.0437 2348 ql12160 - ok
19:04:57.0437 2348 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:04:57.0625 2348 ql1240 - ok
19:04:57.0640 2348 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:04:57.0781 2348 ql1280 - ok
19:04:57.0812 2348 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:04:57.0921 2348 RasAcd - ok
19:04:57.0953 2348 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:04:58.0109 2348 RasAuto - ok
19:04:58.0125 2348 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:04:58.0250 2348 Rasl2tp - ok
19:04:58.0312 2348 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:04:58.0437 2348 RasMan - ok
19:04:58.0437 2348 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:04:58.0546 2348 RasPppoe - ok
19:04:58.0578 2348 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:04:58.0718 2348 Raspti - ok
19:04:58.0750 2348 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:04:58.0875 2348 Rdbss - ok
19:04:58.0890 2348 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:04:59.0000 2348 RDPCDD - ok
19:04:59.0046 2348 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:04:59.0187 2348 rdpdr - ok
19:04:59.0218 2348 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:04:59.0265 2348 RDPWD - ok
19:04:59.0296 2348 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:04:59.0406 2348 RDSessMgr - ok
19:04:59.0406 2348 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:04:59.0531 2348 redbook - ok
19:04:59.0578 2348 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:04:59.0718 2348 RemoteAccess - ok
19:04:59.0734 2348 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:04:59.0843 2348 RpcLocator - ok
19:04:59.0890 2348 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:04:59.0906 2348 RpcSs - ok
19:04:59.0937 2348 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:05:00.0046 2348 RSVP - ok
19:05:00.0078 2348 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:05:00.0187 2348 SamSs - ok
19:05:00.0203 2348 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:05:00.0218 2348 SASDIFSV - ok
19:05:00.0234 2348 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:05:00.0234 2348 SASKUTIL - ok
19:05:00.0281 2348 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:05:00.0437 2348 SCardSvr - ok
19:05:00.0500 2348 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:05:00.0609 2348 Schedule - ok
19:05:00.0640 2348 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:05:00.0796 2348 sdbus - ok
19:05:00.0843 2348 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:05:01.0015 2348 Secdrv - ok
19:05:01.0031 2348 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:05:01.0203 2348 seclogon - ok
19:05:01.0203 2348 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:05:01.0390 2348 SENS - ok
19:05:01.0421 2348 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:05:01.0578 2348 serenum - ok
19:05:01.0609 2348 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:05:01.0718 2348 Serial - ok
19:05:01.0750 2348 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:05:01.0875 2348 Sfloppy - ok
19:05:01.0937 2348 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:05:02.0062 2348 SharedAccess - ok
19:05:02.0093 2348 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:05:02.0109 2348 ShellHWDetection - ok
19:05:02.0109 2348 Simbad - ok
19:05:02.0156 2348 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:05:02.0281 2348 sisagp - ok
19:05:02.0343 2348 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:05:02.0421 2348 Sparrow - ok
19:05:02.0453 2348 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:05:02.0562 2348 splitter - ok
19:05:02.0609 2348 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:05:02.0625 2348 Spooler - ok
19:05:02.0640 2348 [ 8831252BCF05FCFB5ABD116A22E552D8 ] sp_rsdrv2 C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
19:05:02.0671 2348 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
19:05:02.0671 2348 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
19:05:02.0781 2348 [ 642180B8F50E7FC1FBAF87C718E259D6 ] sp_rssrv C:\Program Files\Spyware Terminator\sp_rsser.exe
19:05:02.0796 2348 sp_rssrv ( UnsignedFile.Multi.Generic ) - warning
19:05:02.0796 2348 sp_rssrv - detected UnsignedFile.Multi.Generic (1)
19:05:02.0796 2348 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:05:03.0000 2348 sr - ok
19:05:03.0031 2348 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:05:03.0234 2348 srservice - ok
19:05:03.0281 2348 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:05:03.0359 2348 Srv - ok
19:05:03.0375 2348 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:05:03.0546 2348 SSDPSRV - ok
19:05:03.0593 2348 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:05:03.0781 2348 stisvc - ok
19:05:03.0843 2348 [ 78B58486A5CB4F418D06EA2D6E961DB0 ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
19:05:03.0859 2348 SupportSoft RemoteAssist - ok
19:05:03.0906 2348 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:05:04.0031 2348 swenum - ok
19:05:04.0062 2348 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:05:04.0187 2348 swmidi - ok
19:05:04.0203 2348 SwPrv - ok
19:05:04.0218 2348 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
19:05:04.0343 2348 symc810 - ok
19:05:04.0375 2348 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:05:04.0515 2348 symc8xx - ok
19:05:04.0515 2348 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:05:04.0656 2348 sym_hi - ok
19:05:04.0656 2348 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:05:04.0796 2348 sym_u3 - ok
19:05:04.0828 2348 [ EB363DDFBE8B6D51003CCAB29D93D744 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:05:04.0843 2348 SynTP - ok
19:05:04.0859 2348 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:05:04.0968 2348 sysaudio - ok
19:05:05.0000 2348 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:05:05.0125 2348 SysmonLog - ok
19:05:05.0187 2348 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:05:05.0328 2348 TapiSrv - ok
19:05:05.0375 2348 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:05:05.0406 2348 Tcpip - ok
19:05:05.0421 2348 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:05:05.0562 2348 TDPIPE - ok
19:05:05.0593 2348 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:05:05.0718 2348 TDTCP - ok
19:05:05.0750 2348 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:05:05.0921 2348 TermDD - ok
19:05:05.0953 2348 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:05:06.0109 2348 TermService - ok
19:05:06.0140 2348 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:05:06.0156 2348 Themes - ok
19:05:06.0203 2348 [ 8778A553003A3D37A550A1F9CFF6BE28 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
19:05:06.0203 2348 tifm21 - ok
19:05:06.0250 2348 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
19:05:06.0406 2348 TosIde - ok
19:05:06.0437 2348 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:05:06.0609 2348 TrkWks - ok
19:05:06.0640 2348 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:05:06.0781 2348 Udfs - ok
19:05:06.0796 2348 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
19:05:06.0843 2348 ultra - ok
19:05:06.0859 2348 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
19:05:06.0875 2348 UMWdf - ok
19:05:06.0921 2348 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:05:07.0078 2348 Update - ok
19:05:07.0109 2348 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:05:07.0234 2348 upnphost - ok
19:05:07.0265 2348 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:05:07.0375 2348 UPS - ok
19:05:07.0390 2348 USBAAPL - ok
19:05:07.0421 2348 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:05:07.0546 2348 usbaudio - ok
19:05:07.0578 2348 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:05:07.0703 2348 usbccgp - ok
19:05:07.0718 2348 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:05:07.0859 2348 usbehci - ok
19:05:07.0859 2348 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:05:07.0968 2348 usbhub - ok
19:05:08.0000 2348 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:05:08.0109 2348 usbscan - ok
19:05:08.0156 2348 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:05:08.0296 2348 USBSTOR - ok
19:05:08.0343 2348 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:05:08.0468 2348 usbuhci - ok
19:05:08.0484 2348 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:05:08.0609 2348 VgaSave - ok
19:05:08.0656 2348 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:05:08.0796 2348 viaagp - ok
19:05:08.0796 2348 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:05:08.0921 2348 ViaIde - ok
19:05:08.0921 2348 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:05:09.0046 2348 VolSnap - ok
19:05:09.0078 2348 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:05:09.0203 2348 VSS - ok
19:05:09.0468 2348 [ C89DA341FCC883A3D79DC11727484FC2 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
19:05:09.0656 2348 w29n51 - ok
19:05:09.0703 2348 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:05:09.0843 2348 W32Time - ok
19:05:09.0890 2348 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:05:10.0078 2348 Wanarp - ok
19:05:10.0093 2348 wanatw - ok
19:05:10.0093 2348 WDICA - ok
19:05:10.0125 2348 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:05:10.0281 2348 wdmaud - ok
19:05:10.0343 2348 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:05:10.0484 2348 WebClient - ok
19:05:10.0531 2348 [ 2DC7C0B6175A0A8ED84A4F70199C93B5 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:05:10.0656 2348 winachsf - ok
19:05:10.0718 2348 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:05:10.0843 2348 winmgmt - ok
19:05:10.0890 2348 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:05:10.0906 2348 WmdmPmSN - ok
19:05:10.0937 2348 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:05:11.0140 2348 WmiApSrv - ok
19:05:11.0218 2348 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:05:11.0281 2348 WPFFontCache_v0400 - ok
19:05:11.0375 2348 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:05:11.0578 2348 WS2IFSL - ok
19:05:11.0625 2348 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:05:11.0796 2348 wscsvc - ok
19:05:11.0828 2348 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:05:12.0015 2348 wuauserv - ok
19:05:12.0078 2348 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:05:12.0312 2348 WZCSVC - ok
19:05:12.0375 2348 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:05:12.0546 2348 xmlprov - ok
19:05:12.0562 2348 ================ Scan global ===============================
19:05:12.0578 2348 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:05:12.0640 2348 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:05:12.0656 2348 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:05:12.0687 2348 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:05:12.0687 2348 [Global] - ok
19:05:12.0687 2348 ================ Scan MBR ==================================
19:05:12.0718 2348 [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk0\DR0
19:05:12.0984 2348 \Device\Harddisk0\DR0 - ok
19:05:12.0984 2348 ================ Scan VBR ==================================
19:05:12.0984 2348 [ 3D32B860CCC8E78E1AE0BE1E50C47A18 ] \Device\Harddisk0\DR0\Partition1
19:05:13.0000 2348 \Device\Harddisk0\DR0\Partition1 - ok
19:05:13.0000 2348 [ B84312D4AA5F3CF23F8C4473C641913C ] \Device\Harddisk0\DR0\Partition2
19:05:13.0000 2348 \Device\Harddisk0\DR0\Partition2 - ok
19:05:13.0000 2348 ============================================================
19:05:13.0000 2348 Scan finished
19:05:13.0000 2348 ============================================================
19:05:13.0140 3152 Detected object count: 6
19:05:13.0140 3152 Actual detected object count: 6
19:05:24.0437 3152 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:24.0437 3152 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:24.0437 3152 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:24.0437 3152 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:24.0437 3152 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:24.0437 3152 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:24.0437 3152 PrismXL ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:24.0437 3152 PrismXL ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:24.0453 3152 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:24.0453 3152 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:24.0453 3152 sp_rssrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:24.0453 3152 sp_rssrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:36.0953 2620 Deinitialize success

 

[Jay Pfoutz]

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
• It is important to rename ComboFix before the download.
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[Mark Roberts]

Ok - I ran ComboFix but then realized I didn't turn off MalWarebytes Anti-Malware before I ran it - so I ran it again with it turned off. Below are both logs (the first with Malware on, then with it off). Also - ComboFix mentioned at the beginning I had AVG Anti-Virus and McAfee Anti-firus running - and I should turn them off). Neither are installed anymore on this computer as far as I can tell . AVG was never fuly installed (I stopped after a partial installlation last week) and McAfee was uninstalled months ago after it expired - but apparently remnants of both software must remain if ComboFix thinks they are still on the computer.



Log 1 (MalWarebytes Anti-Malware was on):

ComboFix 12-09-08.02 - Owner 09/08/2012 16:33:09.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1553 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2012-09-07 11:05 . 2012-09-07 11:05 -------- d-----w- C:\oldlogs
2012-08-22 11:57 . 2012-08-22 11:57 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-20 02:07 . 2012-08-20 02:07 -------- d-----w- c:\program files\ESET
2012-08-20 01:23 . 2012-08-20 01:23 3993600 ----a-w- c:\program files\GUT22.tmp
2012-08-20 01:23 . 2012-08-20 01:23 -------- d-----w- c:\program files\GUM21.tmp
2012-08-20 01:20 . 2010-06-21 22:27 53352 ----a-w- c:\windows\system32\jpicpl32.cpl
2012-08-20 01:16 . 2012-08-20 01:16 -------- d-----w- c:\program files\GUMD.tmp
2012-08-19 04:19 . 2012-07-02 17:49 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-08-19 04:17 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-19 04:17 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-16 23:10 . 2012-09-01 13:57 -------- d-----w- c:\program files\Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2009-05-18 01:50 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-05-18 01:55 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2010-08-23 11:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2009-05-18 01:56 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2009-05-18 01:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2009-05-18 01:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2009-05-18 01:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2009-05-18 01:52 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-16 4616064]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-11-24 3318784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-20 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-11-24 2216960]
"Malwarebytes' Anti-Malware"="c:\program files\Malware\mbamgui.exe" [2012-07-03 462920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-11 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/23/2010 7:49 AM 142592]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 MBAMService;MBAMService;c:\program files\Malware\mbamservice.exe [8/16/2012 7:10 PM 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/23/2010 7:44 AM 22344]
S0 IFP300;iriver Internet Audio Player IFP-300;c:\windows\system32\DRIVERS\ifp300.sys --> c:\windows\system32\DRIVERS\ifp300.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/22/2010 9:45 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/22/2010 9:45 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 69239357
*NewlyCreated* - 90950897
*Deregistered* - 69239357
*Deregistered* - 90950897
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-23 01:45]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-23 01:45]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3378278228-2059735243-2500004591-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-20 01:23]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3378278228-2059735243-2500004591-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-20 01:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.usatoday.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: sprint.com
Trusted Zone: sprint.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-08 16:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2984)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-09-08 16:44:09
ComboFix-quarantined-files.txt 2012-09-08 20:43
.
Pre-Run: 43,150,184,448 bytes free
Post-Run: 43,564,449,792 bytes free
.
- - End Of File - - 6F57339819073FB9AE750C7ACB46E0FF





Log 2 (MalWarebytes Anti-Malware was off):

ComboFix 12-09-08.02 - Owner 09/08/2012 16:56:23.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1335 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2012-09-07 11:05 . 2012-09-07 11:05 -------- d-----w- C:\oldlogs
2012-08-22 11:57 . 2012-08-22 11:57 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-20 02:07 . 2012-08-20 02:07 -------- d-----w- c:\program files\ESET
2012-08-20 01:23 . 2012-08-20 01:23 3993600 ----a-w- c:\program files\GUT22.tmp
2012-08-20 01:23 . 2012-08-20 01:23 -------- d-----w- c:\program files\GUM21.tmp
2012-08-20 01:20 . 2010-06-21 22:27 53352 ----a-w- c:\windows\system32\jpicpl32.cpl
2012-08-20 01:16 . 2012-08-20 01:16 -------- d-----w- c:\program files\GUMD.tmp
2012-08-19 04:19 . 2012-07-02 17:49 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-08-19 04:17 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-19 04:17 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-16 23:10 . 2012-09-01 13:57 -------- d-----w- c:\program files\Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2009-05-18 01:50 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-05-18 01:55 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2010-08-23 11:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2009-05-18 01:56 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2009-05-18 01:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2009-05-18 01:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2009-05-18 01:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2009-05-18 01:52 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-16 4616064]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-11-24 3318784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-20 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-11-24 2216960]
"Malwarebytes' Anti-Malware"="c:\program files\Malware\mbamgui.exe" [2012-07-03 462920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-11 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/23/2010 7:49 AM 142592]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 MBAMService;MBAMService;c:\program files\Malware\mbamservice.exe [8/16/2012 7:10 PM 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/23/2010 7:44 AM 22344]
S0 IFP300;iriver Internet Audio Player IFP-300;c:\windows\system32\DRIVERS\ifp300.sys --> c:\windows\system32\DRIVERS\ifp300.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/22/2010 9:45 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/22/2010 9:45 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 69239357
*NewlyCreated* - 90950897
*Deregistered* - 69239357
*Deregistered* - 90950897
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-23 01:45]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-23 01:45]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3378278228-2059735243-2500004591-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-20 01:23]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3378278228-2059735243-2500004591-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-20 01:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.usatoday.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: sprint.com
Trusted Zone: sprint.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-08 17:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3120)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-09-08 17:02:03
ComboFix-quarantined-files.txt 2012-09-08 21:02
ComboFix2.txt 2012-09-08 20:44
.
Pre-Run: 43,571,085,312 bytes free
Post-Run: 43,558,436,864 bytes free
.
- - End Of File - - 3E66D5FF1A0286D14E4E436C86558A32

 

[Jay Pfoutz]

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

 

[Mark Roberts]

Here are the logs:

1. Checkup.txt:

Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Online Scanner v3
`````````Anti-malware/Other Utilities Check:`````````
Spyware Terminator
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
Java 2 Runtime Environment, SE v1.4.2
Java version out of Date!
Adobe Reader 7 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````


2. ESET: (1 file found)

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP684\A0079486.dll a variant of Win32/Kryptik.AKPW trojan cleaned by deleting - quarantined

 

[Jay Pfoutz]

Hi! Your logs appear to be clean. If there are no more issues, then we shall finish up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

• Select Start > All Programs > Accessories > System tools > System Restore.
• On the dialogue box that appears select Create a Restore Point
• Click NEXT
• Enter a name e.g. Clean
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
• In the Drop down box that appears select your main drive e.g. C
• Click OK
• The System will do some calculation and the display a dialogue box with TABS
• Select the More Options Tab.
• At the bottom will be a system restore box with a CLEANUP button click this
• Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

 

[Mark Roberts]

For a day the messages stopped. Turned computer on - and the same messages "Malwarebytes Anti-Malware successfully blocked access to a potentially malicious site..." started again. Any suggestions?

 

[Jay Pfoutz]

I'd like to see the protection logs please...

Protection Logs are saved to:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-yyyy-mm-dd


Please upload the latest.

 

[Mark Roberts]

Sorry for the delay - was on travel all week

The latest log is: (it took 8 hrs only because I shut the laptop down at night and it just continued in the morning when I opened it):

Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.11.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: KITCHENLAPTOP [administrator]
Protection: Enabled
9/12/2012 9:48:55 PM
mbam-log-2012-09-12 (21-48-55).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359091
Time elapsed: 8 hour(s), 55 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[Jay Pfoutz]

That is a scan log. I need a protection log, please. Can you find it?

 

[Mark Roberts]

Here are the last 6 - so far - no message today

1.
2012/09/13 15:10:22 -0400 KITCHENLAPTOP Owner MESSAGE Executing scheduled update: Daily
2012/09/13 15:10:30 -0400 KITCHENLAPTOP Owner MESSAGE Scheduled update executed successfully: database updated from version v2012.09.11.04 to version v2012.09.13.09
2012/09/13 15:10:30 -0400 KITCHENLAPTOP Owner MESSAGE Starting database refresh
2012/09/13 15:10:30 -0400 KITCHENLAPTOP Owner MESSAGE Stopping IP protection
2012/09/13 15:10:30 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection stopped successfully
2012/09/13 15:10:37 -0400 KITCHENLAPTOP Owner MESSAGE Database refreshed successfully
2012/09/13 15:10:37 -0400 KITCHENLAPTOP Owner MESSAGE Starting IP protection
2012/09/13 15:10:43 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection started successfully
2012/09/13 22:45:43 -0400 KITCHENLAPTOP Owner IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/09/13 22:45:46 -0400 KITCHENLAPTOP Owner IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/09/13 22:45:52 -0400 KITCHENLAPTOP Owner IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/09/13 22:51:10 -0400 KITCHENLAPTOP Owner IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/09/13 22:51:13 -0400 KITCHENLAPTOP Owner IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/09/13 22:51:19 -0400 KITCHENLAPTOP Owner IP-BLOCK 208.73.210.29 (Type: outgoing)

2.
2012/09/12 21:28:09 -0400 KITCHENLAPTOP Owner MESSAGE Starting protection
2012/09/12 21:28:09 -0400 KITCHENLAPTOP Owner MESSAGE Protection started successfully
2012/09/12 21:28:09 -0400 KITCHENLAPTOP Owner MESSAGE Starting IP protection
2012/09/12 21:28:14 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection started successfully
2012/09/12 21:39:50 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.104.188 (Type: outgoing)
2012/09/12 21:40:01 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.104.188 (Type: outgoing)
2012/09/12 21:41:23 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.104.188 (Type: outgoing)
2012/09/12 21:42:31 -0400 KITCHENLAPTOP Owner IP-BLOCK 58.240.46.14 (Type: outgoing)
3.
2012/09/11 06:21:26 -0400 KITCHENLAPTOP Owner MESSAGE Starting protection
2012/09/11 06:21:26 -0400 KITCHENLAPTOP Owner MESSAGE Protection started successfully
2012/09/11 06:21:26 -0400 KITCHENLAPTOP Owner MESSAGE Starting IP protection
2012/09/11 06:21:32 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection started successfully
2012/09/11 06:23:07 -0400 KITCHENLAPTOP Owner MESSAGE Starting database refresh
2012/09/11 06:23:07 -0400 KITCHENLAPTOP Owner MESSAGE Stopping IP protection
2012/09/11 06:23:07 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection stopped successfully
2012/09/11 06:23:14 -0400 KITCHENLAPTOP Owner MESSAGE Database refreshed successfully
2012/09/11 06:23:14 -0400 KITCHENLAPTOP Owner MESSAGE Starting IP protection
2012/09/11 06:23:31 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection started successfully
2012/09/11 06:29:13 -0400 KITCHENLAPTOP Owner IP-BLOCK 98.142.220.171 (Type: outgoing)
2012/09/11 06:44:19 -0400 KITCHENLAPTOP Owner IP-BLOCK 195.161.7.104 (Type: outgoing)
2012/09/11 06:55:13 -0400 KITCHENLAPTOP Owner IP-BLOCK 222.65.109.29 (Type: outgoing)
2012/09/11 06:55:58 -0400 KITCHENLAPTOP Owner IP-BLOCK 58.240.95.201 (Type: outgoing)
2012/09/11 07:15:15 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.86.181 (Type: outgoing)
2012/09/11 07:16:43 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.16.154 (Type: outgoing)
2012/09/11 07:27:15 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.109.152 (Type: outgoing)
2012/09/11 07:41:42 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.109.152 (Type: outgoing)
2012/09/11 07:48:13 -0400 KITCHENLAPTOP Owner IP-BLOCK 193.138.245.74 (Type: incoming)
2012/09/11 08:04:19 -0400 KITCHENLAPTOP Owner IP-BLOCK 58.241.56.191 (Type: outgoing)
2012/09/11 16:45:25 -0400 KITCHENLAPTOP Owner MESSAGE Starting protection
2012/09/11 16:45:25 -0400 KITCHENLAPTOP Owner MESSAGE Protection started successfully
2012/09/11 16:45:25 -0400 KITCHENLAPTOP Owner MESSAGE Starting IP protection
2012/09/11 16:45:30 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection started successfully

4.
2012/09/10 17:27:13 -0400 KITCHENLAPTOP MESSAGE Starting protection
2012/09/10 17:27:22 -0400 KITCHENLAPTOP Owner MESSAGE Protection started successfully
2012/09/10 17:27:25 -0400 KITCHENLAPTOP Owner MESSAGE Starting IP protection
2012/09/10 17:27:30 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection started successfully
2012/09/10 17:28:23 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.44.197 (Type: outgoing)
2012/09/10 17:32:36 -0400 KITCHENLAPTOP Owner IP-BLOCK 87.248.162.159 (Type: outgoing)
2012/09/10 17:40:50 -0400 KITCHENLAPTOP Owner MESSAGE Executing scheduled update: Daily
2012/09/10 17:40:59 -0400 KITCHENLAPTOP Owner MESSAGE Database already up-to-date
2012/09/10 17:45:56 -0400 KITCHENLAPTOP Owner IP-BLOCK 222.65.153.191 (Type: outgoing)
2012/09/10 17:46:11 -0400 KITCHENLAPTOP Owner IP-BLOCK 115.84.178.29 (Type: outgoing)

5.
2012/09/09 00:09:22 -0400 KITCHENLAPTOP Owner IP-BLOCK 87.248.188.245 (Type: outgoing)
2012/09/09 00:28:56 -0400 KITCHENLAPTOP Owner MESSAGE Starting protection
2012/09/09 00:29:08 -0400 KITCHENLAPTOP Owner MESSAGE Protection started successfully
2012/09/09 00:29:11 -0400 KITCHENLAPTOP Owner MESSAGE Starting IP protection
2012/09/09 00:29:30 -0400 KITCHENLAPTOP Owner ERROR IP protection failed: PfBindInterfaceToIPAddress failed with error code 87
2012/09/09 15:19:15 -0400 KITCHENLAPTOP Owner MESSAGE Executing scheduled update: Daily
2012/09/09 15:19:24 -0400 KITCHENLAPTOP Owner MESSAGE Scheduled update executed successfully: database updated from version v2012.09.07.07 to version v2012.09.09.06
2012/09/09 15:19:24 -0400 KITCHENLAPTOP Owner MESSAGE Starting database refresh
2012/09/09 15:19:31 -0400 KITCHENLAPTOP Owner MESSAGE Database refreshed successfully

6.
2012/09/08 00:08:44 -0400 KITCHENLAPTOP Owner IP-BLOCK 58.241.78.55 (Type: outgoing)
2012/09/08 00:08:49 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.2.210 (Type: outgoing)
2012/09/08 00:10:41 -0400 KITCHENLAPTOP Owner IP-BLOCK 220.248.232.58 (Type: outgoing)
2012/09/08 07:43:06 -0400 KITCHENLAPTOP Owner IP-BLOCK 77.78.210.128 (Type: outgoing)
2012/09/08 07:43:34 -0400 KITCHENLAPTOP Owner IP-BLOCK 178.152.7.55 (Type: outgoing)
2012/09/08 07:58:11 -0400 KITCHENLAPTOP Owner IP-BLOCK 77.78.210.128 (Type: outgoing)
2012/09/08 12:47:17 -0400 KITCHENLAPTOP Owner IP-BLOCK 212.113.34.68 (Type: outgoing)
2012/09/08 12:58:35 -0400 KITCHENLAPTOP Owner IP-BLOCK 195.216.179.146 (Type: outgoing)
2012/09/08 13:00:01 -0400 KITCHENLAPTOP Owner IP-BLOCK 218.7.217.119 (Type: outgoing)
2012/09/08 13:03:23 -0400 KITCHENLAPTOP Owner IP-BLOCK 77.78.210.128 (Type: outgoing)
2012/09/08 16:18:07 -0400 KITCHENLAPTOP Owner IP-BLOCK 89.28.38.210 (Type: outgoing)
2012/09/08 16:19:01 -0400 KITCHENLAPTOP Owner IP-BLOCK 222.68.153.42 (Type: outgoing)
2012/09/08 16:20:21 -0400 KITCHENLAPTOP Owner IP-BLOCK 93.103.86.126 (Type: outgoing)
2012/09/08 16:54:58 -0400 KITCHENLAPTOP Owner MESSAGE Stopping IP protection
2012/09/08 16:54:58 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection stopped
2012/09/08 17:06:16 -0400 KITCHENLAPTOP MESSAGE Starting protection
2012/09/08 17:06:24 -0400 KITCHENLAPTOP MESSAGE Protection started successfully
2012/09/08 17:06:27 -0400 KITCHENLAPTOP MESSAGE Starting IP protection
2012/09/08 17:06:34 -0400 KITCHENLAPTOP Owner MESSAGE IP Protection started successfully
2012/09/08 17:07:34 -0400 KITCHENLAPTOP Owner IP-BLOCK 77.78.247.227 (Type: outgoing)

 

[Jay Pfoutz]

Please download Listparts
Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.


avast! aswMBR

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
• Double click aswMBR.exe to run it
• Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review

 

[Mark Roberts]

No Malware blocking messages for 2 days now! (Keeping fingers crossed)

1. Results.txt log
ListParts by Farbar Version: 15-09-2012
Ran by Owner (administrator) on 16-09-2012 at 09:14:38
Windows XP (X86)
Running From: C:\TEMP
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 49%
Total physical RAM: 2046.48 MB
Available physical RAM: 1043.54 MB
Total Pagefile: 3938.12 MB
Available Pagefile: 2894.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.94 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:87.29 GB) (Free:40.7 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: (RECOVERY) (Fixed) (Total:5.85 GB) (Free:4.02 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 93 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 6001 MB 32 KB
Partition 2 Primary 87 GB 6001 MB
======================================================================================================
Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY FAT32 Partition 6001 MB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 87 GB Healthy System (partition with boot components)
======================================================================================================
****** End Of Log ******



2. aswMBR.txt log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-16 09:17:41
-----------------------------
09:17:41.328 OS Version: Windows 5.1.2600 Service Pack 3
09:17:41.328 Number of processors: 1 586 0xD08
09:17:41.328 ComputerName: KITCHENLAPTOP UserName: Owner
09:17:42.890 Initialize success
09:20:20.609 AVAST engine defs: 12091400
09:24:59.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
09:24:59.828 Disk 0 Vendor: HTS541010G9AT00 MBZOA60A Size: 95396MB BusType: 3
09:24:59.859 Disk 0 MBR read successfully
09:24:59.859 Disk 0 MBR scan
09:24:59.890 Disk 0 unknown MBR code
09:24:59.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 89385 MB offset 12289725
09:24:59.921 Disk 0 Partition 2 00 0B FAT32 RECOVERY 6000 MB offset 63
09:24:59.921 Disk 0 scanning sectors +195350400
09:25:00.015 Disk 0 scanning C:\WINDOWS\system32\drivers
09:25:14.843 Service scanning
09:25:35.734 Modules scanning
09:25:44.437 Disk 0 trace - called modules:
09:25:44.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:25:44.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6fe740]
09:25:44.968 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\00000099[0x8a72f9e8]
09:25:44.968 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a72fd98]
09:25:45.796 AVAST engine scan C:\WINDOWS
09:26:06.921 AVAST engine scan C:\WINDOWS\system32
09:28:41.468 AVAST engine scan C:\WINDOWS\system32\drivers
09:28:57.671 AVAST engine scan C:\Documents and Settings\Owner
09:35:50.828 AVAST engine scan C:\Documents and Settings\All Users
09:45:07.968 Disk 0 MBR has been saved successfully to "C:\TEMP\LOGS\MBR.dat"
09:45:07.968 The log file has been saved successfully to "C:\TEMP\LOGS\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-16 09:45:49
-----------------------------
09:45:49.609 OS Version: Windows 5.1.2600 Service Pack 3
09:45:49.609 Number of processors: 1 586 0xD08
09:45:49.609 ComputerName: KITCHENLAPTOP UserName: Owner
09:45:52.156 Initialize success
09:47:40.671 AVAST engine defs: 12091400
09:50:31.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
09:50:31.921 Disk 0 Vendor: HTS541010G9AT00 MBZOA60A Size: 95396MB BusType: 3
09:50:32.031 Disk 0 MBR read successfully
09:50:32.031 Disk 0 MBR scan
09:50:32.109 Disk 0 unknown MBR code
09:50:32.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 89385 MB offset 12289725
09:50:32.156 Disk 0 Partition 2 00 0B FAT32 RECOVERY 6000 MB offset 63
09:50:32.187 Disk 0 scanning sectors +195350400
09:50:32.296 Disk 0 scanning C:\WINDOWS\system32\drivers
09:51:00.062 Service scanning
09:51:36.640 Modules scanning
09:52:11.078 Disk 0 trace - called modules:
09:52:11.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:52:11.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6fe740]
09:52:11.234 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\00000099[0x8a72f9e8]
09:52:11.234 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a72fd98]
09:52:13.062 AVAST engine scan C:\WINDOWS
09:52:52.062 AVAST engine scan C:\WINDOWS\system32
09:58:33.250 AVAST engine scan C:\WINDOWS\system32\drivers
09:59:29.375 AVAST engine scan C:\Documents and Settings\Owner
10:06:47.375 AVAST engine scan C:\Documents and Settings\All Users
10:26:37.968 Scan finished successfully
10:28:34.609 Disk 0 MBR has been saved successfully to "C:\TEMP\LOGS\MBR.dat"
10:28:34.625 The log file has been saved successfully to "C:\TEMP\LOGS\aswMBR.txt"

 

[Jay Pfoutz]

Upload this file please: C:\TEMP\LOGS\MBR.dat

 

[Mark Roberts]

When I go to upload the file I get a message from your website that "the file does not have an allowable extension". Should I change the extension to .txt before I upload it?

 

[Jay Pfoutz]

Yes, please try that.

 

[Mark Roberts]

MBR.dat file uploaded (with extension changed to .txt)

 

[Mark Roberts]

No Malwarebytes Anti-Malware blocking messages for 4 days now

 

[Jay Pfoutz]

Hi! Your logs appear to be clean. If there are no more issues, then we shall finish up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

• Select Start > All Programs > Accessories > System tools > System Restore.
• On the dialogue box that appears select Create a Restore Point
• Click NEXT
• Enter a name e.g. Clean
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
• In the Drop down box that appears select your main drive e.g. C
• Click OK
• The System will do some calculation and the display a dialogue box with TABS
• Select the More Options Tab.
• At the bottom will be a system restore box with a CLEANUP button click this
• Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[Jay Pfoutz]

Topic marked solved.