Jump to content


Photo

Browser Redirects/Virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 RMD91

RMD91

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 24 March 2012 - 01:48 PM

I had/have the "internet security 2012" virus on my computer, I ran MBAM and the shortcut remained on my desktop but the root was deleted as was the image so I deleted the desktop icon. Apparently either that virus was not removed completely or it was and I have more on my computer as the internet redirects me to other sites still and my computers overall functionality has decreased, even after running MBAM. Heres my HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:37:27 PM, on 3/24/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O1 - Hosts: 87.229.126.54 www.google.com
O1 - Hosts: 87.229.126.55 www.bing.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Internet Security] C:\Documents and Settings\All Users\Application Data\isecurity.exe
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe (User 'Default user')
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Cat
O17 - HKLM\Software\..\Telephony: DomainName = Cat
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Cat
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Cat
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\ComPlus Applications\rterelelu.html

--
End of file - 9306 bytes

Help much appreciated!

Edit: Please read the Instructions and post the other requested logs. We need the information in order to help you.

Please also download HostsXpert Here and unzip it to your desktop.
Next, open HostsXpert
  • Make sure that the "make hosts writable?" button in the upper right corner is checked
  • Now, click on 'back up Host files'
  • then click on 'Restore orginal host files'
  • Finally, close HostsXpert.

Edited by cnm, 24 March 2012 - 01:58 PM.


#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,268 posts

Posted 25 March 2012 - 12:25 AM

Hello RMD91.

Your hosts file is redirecting you. Please download HostsXpert Here and unzip it to your Desktop.
Next, open HostsXpert
  • Make sure that the "make hosts writable?" button in the upper right corner is checked
  • Now, click on 'back up Host files'
  • then click on 'Restore orginal host files'
  • Finally, close HostsXpert.

Then please read the Instructions and post the other requested logs. We need the information in order to help you.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#3 RMD91

RMD91

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 25 March 2012 - 01:10 PM

Apologies, I haven't been to this forum in a very long time and HJT was all that used to be required haha

MBAM Log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.23.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rachele :: TARIAN [administrator]

3/23/2012 9:31:52 PM
mbam-log-2012-03-23 (21-31-52).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 325932
Time elapsed: 3 hour(s), 50 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 24
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B18DD50-C996-44FC-AC52-0FECFF82ED58} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B18DD50-C996-44FC-AC52-0FECFF82ED58} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B5141620-C2B2-4D95-9F0F-134D99C87AB0} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B5141620-C2B2-4D95-9F0F-134D99C87AB0} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F919FBD3-A96B-4679-AF26-F551439BB5FD} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\WebBuying (Adware.WebBuying) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\NetworkService\Local Settings\Application Data\cdqxncsoa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rachele\Local Settings\Temp\20.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP872\A0221705.exe (Trojan.VUPX.PTI1) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP888\A0223786.exe (Trojan.VUPX.PTI3) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\7.tmp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

(end)

DDS log


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Rachele at 13:40:38 on 2012-03-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.62 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WordPerfect Office 12\Programs\wpwin12.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mWinlogon: SFCDisable=4 (0x4)
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Internet Security] c:\documents and settings\all users\application data\isecurity.exe
uRun: [Internet Security] c:\documents and settings\all users\application data\isecurity.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
dRun: [dplaysvr] %APPDATA%\dplaysvr.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4D2459F3-9612-4793-94FC-1D3C9BD76D07} : DhcpNameServer = 192.168.2.1
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-03-24 18:35:15 388096 ----a-r- c:\documents and settings\rachele smaldone\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-24 18:35:03 -------- d-----w- c:\program files\Trend Micro
2012-03-24 00:56:50 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-24 00:05:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 00:05:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-23 23:32:08 -------- dc----w- C:\sh4ldr
2012-03-23 23:32:08 -------- d-----w- c:\program files\Enigma Software Group
2012-03-22 17:59:41 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-03-21 22:34:45 -------- d-----w- c:\documents and settings\rachele\application data\Malwarebytes
2012-03-21 22:22:13 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-21 20:20:55 -------- dc----w- C:\Intel
2012-03-06 20:37:31 53248 ----a-r- c:\documents and settings\rachele\application data\microsoft\installer\{12baa98c-f8dd-4bc9-bbe6-1c8463114197}\ARPPRODUCTICON.exe
2012-03-06 20:34:06 -------- d-----w- c:\documents and settings\rachele\local settings\application data\Downloaded Installations
2012-03-05 23:30:41 -------- d-----w- c:\documents and settings\rachele\local settings\application data\Research In Motion
2012-03-05 23:30:17 -------- d-----w- c:\documents and settings\rachele\application data\Research In Motion
2012-03-05 23:25:54 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-03-05 23:25:29 35328 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2012-03-05 23:22:00 -------- d-----w- c:\documents and settings\all users\application data\Research In Motion
2012-03-05 23:20:42 -------- d-----w- c:\program files\common files\Research In Motion
2012-03-05 23:20:40 -------- d-----w- c:\program files\Research In Motion
2012-03-05 03:16:20 -------- d-----w- c:\documents and settings\rachele\.frostwire5
2012-03-05 03:12:34 -------- d-----w- c:\program files\Ask.com
2012-03-05 03:12:18 -------- d-----w- c:\documents and settings\rachele\local settings\application data\AskToolbar
2012-03-04 21:28:43 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-04 21:28:42 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-03-25 17:36:46 7936 -csha-w- c:\windows\system32\KGyGaAvL.sys
2012-03-25 17:36:46 56 -csh--r- c:\windows\system32\44A6751BC2.sys
2012-03-01 01:44:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2040AH rev.00000096 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xFF94649F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0xff94d740]; MOV EAX, [0xff94d8b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x81D8DAB8]
3 CLASSPNP[0xF953AFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0xFFB0E748]
\Driver\atapi[0xFFAF8A18] -> IRP_MJ_CREATE -> 0xFF94649F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0xFF9462C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 13:55:39.71 ===============

sec check

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:

Anti-Spyware
Java™ 6 Update 22
Java™ 6 Update 2
Java™ 6 Update 5
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of date!
Adobe Flash Player 10.0.12.36 Flash Player out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Rachele Desktop SecurityCheck.exe
``````````End of Log````````````

Edited by RMD91, 25 March 2012 - 02:41 PM.


#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,268 posts

Posted 25 March 2012 - 03:19 PM

Please do these important security updates:
Update Adobe Flash Player. It's important to remove old versions.
Updating Java:
  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

Then:
Please download tdsskiller.exe and save it to your Desktop. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next replies, along with new DDS.txt, checkup.txt and MBAM log

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#5 RMD91

RMD91

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 25 March 2012 - 05:15 PM

As a note the DDS run took 2 minutes as opposed to 20/30 the first time through. Also I see flashplayer still says outdated but I installed the new version and it said it worked. Here are the logs:

tdss

17:26:52.0718 0740 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
17:26:53.0328 0740 ============================================================
17:26:53.0328 0740 Current date / time: 2012/03/25 17:26:53.0328
17:26:53.0328 0740 SystemInfo:
17:26:53.0328 0740
17:26:53.0328 0740 OS Version: 5.1.2600 ServicePack: 3.0
17:26:53.0328 0740 Product type: Workstation
17:26:53.0328 0740 ComputerName: TARIAN
17:26:53.0328 0740 UserName: Rachele
17:26:53.0328 0740 Windows directory: C:\WINDOWS
17:26:53.0328 0740 System windows directory: C:\WINDOWS
17:26:53.0328 0740 Processor architecture: Intel x86
17:26:53.0328 0740 Number of processors: 1
17:26:53.0328 0740 Page size: 0x1000
17:26:53.0328 0740 Boot type: Normal boot
17:26:53.0328 0740 ============================================================
17:26:57.0859 0740 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:26:57.0921 0740 \Device\Harddisk0\DR0:
17:26:57.0921 0740 MBR used
17:26:57.0921 0740 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x433E2E5
17:26:57.0984 0740 Initialize success
17:26:57.0984 0740 ============================================================
17:27:16.0921 3768 ============================================================
17:27:16.0921 3768 Scan started
17:27:16.0921 3768 Mode: Manual;
17:27:16.0921 3768 ============================================================
17:27:17.0406 3768 Abiosdsk - ok
17:27:17.0531 3768 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:27:17.0531 3768 abp480n5 - ok
17:27:17.0625 3768 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:27:17.0625 3768 ACPI - ok
17:27:17.0687 3768 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:27:17.0687 3768 ACPIEC - ok
17:27:17.0734 3768 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:27:17.0734 3768 adpu160m - ok
17:27:17.0812 3768 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:27:17.0812 3768 aec - ok
17:27:17.0890 3768 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:27:17.0890 3768 AegisP - ok
17:27:17.0953 3768 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:27:18.0000 3768 AFD - ok
17:27:18.0156 3768 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:27:18.0187 3768 agp440 - ok
17:27:18.0281 3768 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:27:18.0281 3768 agpCPQ - ok
17:27:18.0390 3768 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:27:18.0390 3768 Aha154x - ok
17:27:18.0500 3768 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:27:18.0500 3768 aic78u2 - ok
17:27:18.0609 3768 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:27:18.0625 3768 aic78xx - ok
17:27:18.0734 3768 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:27:18.0734 3768 Alerter - ok
17:27:18.0859 3768 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:27:18.0859 3768 ALG - ok
17:27:18.0937 3768 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:27:18.0937 3768 AliIde - ok
17:27:19.0046 3768 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:27:19.0046 3768 alim1541 - ok
17:27:19.0078 3768 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:27:19.0078 3768 amdagp - ok
17:27:19.0125 3768 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:27:19.0125 3768 amsint - ok
17:27:19.0281 3768 Appdrv (ec94e05b76d033b74394e7b2175103cf) C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys
17:27:19.0281 3768 Appdrv - ok
17:27:19.0437 3768 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:27:19.0437 3768 Apple Mobile Device - ok
17:27:19.0531 3768 AppMgmt - ok
17:27:19.0750 3768 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:27:19.0750 3768 asc - ok
17:27:19.0828 3768 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:27:19.0828 3768 asc3350p - ok
17:27:19.0953 3768 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:27:19.0953 3768 asc3550 - ok
17:27:20.0156 3768 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:27:20.0203 3768 aspnet_state - ok
17:27:20.0296 3768 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:27:20.0296 3768 AsyncMac - ok
17:27:20.0421 3768 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:27:20.0421 3768 atapi - ok
17:27:20.0484 3768 Atdisk - ok
17:27:20.0562 3768 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:27:20.0562 3768 Atmarpc - ok
17:27:20.0671 3768 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:27:20.0671 3768 AudioSrv - ok
17:27:20.0765 3768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:27:20.0765 3768 audstub - ok
17:27:20.0843 3768 Automatic LiveUpdate Scheduler - ok
17:27:20.0968 3768 BCM43XX (c3ab2d6954c7b5103770832a3a6a591b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:27:20.0984 3768 BCM43XX - ok
17:27:21.0031 3768 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:27:21.0031 3768 Beep - ok
17:27:21.0156 3768 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:27:21.0281 3768 BITS - ok
17:27:21.0390 3768 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:27:21.0390 3768 Browser - ok
17:27:21.0484 3768 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:27:21.0484 3768 cbidf - ok
17:27:21.0562 3768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:27:21.0562 3768 cbidf2k - ok
17:27:21.0718 3768 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:27:21.0734 3768 CCDECODE - ok
17:27:21.0859 3768 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:27:21.0859 3768 cd20xrnt - ok
17:27:21.0937 3768 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:27:21.0937 3768 Cdaudio - ok
17:27:22.0015 3768 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:27:22.0015 3768 Cdfs - ok
17:27:22.0078 3768 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:27:22.0078 3768 Cdrom - ok
17:27:22.0140 3768 Changer - ok
17:27:22.0234 3768 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:27:22.0250 3768 CiSvc - ok
17:27:22.0281 3768 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:27:22.0281 3768 ClipSrv - ok
17:27:22.0437 3768 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:27:22.0531 3768 clr_optimization_v2.0.50727_32 - ok
17:27:22.0671 3768 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:27:22.0671 3768 CmBatt - ok
17:27:22.0765 3768 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:27:22.0765 3768 CmdIde - ok
17:27:22.0828 3768 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:27:22.0828 3768 Compbatt - ok
17:27:22.0859 3768 COMSysApp - ok
17:27:22.0921 3768 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:27:22.0921 3768 Cpqarray - ok
17:27:23.0031 3768 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:27:23.0031 3768 CryptSvc - ok
17:27:23.0203 3768 CSS DVP (10d08460d2415b38d4179d91a6ae3a25) C:\WINDOWS\system32\DRIVERS\css-dvp.sys
17:27:23.0265 3768 CSS DVP - ok
17:27:23.0343 3768 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:27:23.0343 3768 dac2w2k - ok
17:27:23.0484 3768 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:27:23.0484 3768 dac960nt - ok
17:27:23.0656 3768 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:27:23.0687 3768 DcomLaunch - ok
17:27:23.0765 3768 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:27:23.0765 3768 Dhcp - ok
17:27:23.0828 3768 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:27:23.0828 3768 Disk - ok
17:27:23.0859 3768 dmadmin - ok
17:27:23.0968 3768 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:27:24.0000 3768 dmboot - ok
17:27:24.0046 3768 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:27:24.0046 3768 dmio - ok
17:27:24.0250 3768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:27:24.0250 3768 dmload - ok
17:27:24.0359 3768 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:27:24.0359 3768 dmserver - ok
17:27:24.0421 3768 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:27:24.0421 3768 DMusic - ok
17:27:24.0484 3768 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:27:24.0500 3768 Dnscache - ok
17:27:24.0593 3768 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:27:24.0609 3768 Dot3svc - ok
17:27:24.0656 3768 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:27:24.0656 3768 dpti2o - ok
17:27:24.0734 3768 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:27:24.0750 3768 drmkaud - ok
17:27:24.0906 3768 dvpapi (68c9a40ea00417df63f541fd8dfa65a1) C:\Program Files\Common Files\Command Software\dvpapi.exe
17:27:24.0906 3768 dvpapi - ok
17:27:25.0109 3768 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:27:25.0109 3768 E100B - ok
17:27:25.0187 3768 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:27:25.0187 3768 EapHost - ok
17:27:25.0265 3768 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:27:25.0265 3768 ERSvc - ok
17:27:25.0359 3768 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:27:25.0375 3768 Eventlog - ok
17:27:25.0453 3768 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:27:25.0500 3768 EventSystem - ok
17:27:25.0765 3768 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:27:25.0765 3768 Fastfat - ok
17:27:25.0843 3768 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:27:25.0843 3768 FastUserSwitchingCompatibility - ok
17:27:26.0000 3768 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
17:27:26.0031 3768 Fax - ok
17:27:26.0203 3768 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:27:26.0218 3768 Fdc - ok
17:27:26.0343 3768 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:27:26.0343 3768 Fips - ok
17:27:26.0421 3768 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:27:26.0437 3768 Flpydisk - ok
17:27:26.0546 3768 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:27:26.0562 3768 FltMgr - ok
17:27:26.0765 3768 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:27:26.0765 3768 FontCache3.0.0.0 - ok
17:27:26.0843 3768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:27:26.0843 3768 Fs_Rec - ok
17:27:26.0890 3768 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:27:26.0890 3768 Ftdisk - ok
17:27:27.0031 3768 getPlus® Helper (7bec703f31e1d441db16886c9aa4cba9) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
17:27:27.0062 3768 getPlus® Helper - ok
17:27:27.0328 3768 GoogleDesktopManager (6dfe6b4d2fc37433aec0f82d2ef0b509) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
17:27:27.0437 3768 GoogleDesktopManager - ok
17:27:27.0546 3768 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:27:27.0546 3768 Gpc - ok
17:27:27.0687 3768 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:27:27.0687 3768 gusvc - ok
17:27:27.0828 3768 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:27:27.0828 3768 helpsvc - ok
17:27:27.0890 3768 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:27:27.0890 3768 HidServ - ok
17:27:27.0953 3768 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:27:27.0953 3768 HidUsb - ok
17:27:28.0078 3768 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:27:28.0078 3768 hkmsvc - ok
17:27:28.0203 3768 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:27:28.0203 3768 hpn - ok
17:27:28.0296 3768 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
17:27:28.0312 3768 HSFHWICH - ok
17:27:28.0468 3768 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
17:27:28.0531 3768 HSF_DP - ok
17:27:28.0625 3768 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:27:28.0640 3768 HTTP - ok
17:27:28.0734 3768 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:27:28.0750 3768 HTTPFilter - ok
17:27:28.0859 3768 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:27:28.0859 3768 i2omgmt - ok
17:27:28.0953 3768 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:27:28.0953 3768 i2omp - ok
17:27:29.0015 3768 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:27:29.0015 3768 i8042prt - ok
17:27:29.0156 3768 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:27:29.0218 3768 ialm - ok
17:27:29.0453 3768 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:27:29.0500 3768 idsvc - ok
17:27:29.0593 3768 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:27:29.0609 3768 Imapi - ok
17:27:29.0687 3768 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:27:29.0703 3768 ImapiService - ok
17:27:29.0796 3768 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:27:29.0796 3768 ini910u - ok
17:27:29.0875 3768 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:27:29.0875 3768 IntelIde - ok
17:27:29.0921 3768 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:27:29.0937 3768 intelppm - ok
17:27:30.0000 3768 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:27:30.0000 3768 Ip6Fw - ok
17:27:30.0062 3768 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:27:30.0062 3768 IpFilterDriver - ok
17:27:30.0125 3768 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:27:30.0140 3768 IpInIp - ok
17:27:30.0218 3768 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:27:30.0218 3768 IpNat - ok
17:27:30.0421 3768 iPod Service (e51bd095b2fdf56b17ee010bb794d6ed) C:\Program Files\iPod\bin\iPodService.exe
17:27:30.0484 3768 iPod Service - ok
17:27:30.0531 3768 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:27:30.0531 3768 IPSec - ok
17:27:30.0625 3768 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:27:30.0625 3768 IRENUM - ok
17:27:30.0781 3768 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:27:30.0781 3768 isapnp - ok
17:27:31.0468 3768 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
17:27:31.0484 3768 JavaQuickStarterService - ok
17:27:31.0562 3768 JL2005 - ok
17:27:31.0609 3768 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:27:31.0609 3768 Kbdclass - ok
17:27:31.0671 3768 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:27:31.0671 3768 kbdhid - ok
17:27:31.0781 3768 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:27:31.0781 3768 kmixer - ok
17:27:31.0828 3768 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:27:31.0843 3768 KSecDD - ok
17:27:31.0890 3768 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:27:31.0890 3768 lanmanserver - ok
17:27:31.0953 3768 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:27:31.0968 3768 lanmanworkstation - ok
17:27:32.0000 3768 lbrtfdc - ok
17:27:32.0046 3768 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:27:32.0062 3768 LmHosts - ok
17:27:32.0078 3768 MCSTRM - ok
17:27:32.0171 3768 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:27:32.0171 3768 mdmxsdk - ok
17:27:32.0343 3768 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:27:32.0343 3768 Messenger - ok
17:27:32.0437 3768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:27:32.0437 3768 mnmdd - ok
17:27:32.0531 3768 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:27:32.0546 3768 mnmsrvc - ok
17:27:32.0656 3768 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:27:32.0656 3768 Modem - ok
17:27:32.0718 3768 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:27:32.0718 3768 Mouclass - ok
17:27:32.0812 3768 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:27:32.0812 3768 mouhid - ok
17:27:32.0906 3768 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:27:32.0921 3768 MountMgr - ok
17:27:33.0015 3768 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:27:33.0015 3768 mraid35x - ok
17:27:33.0046 3768 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:27:33.0062 3768 MRxDAV - ok
17:27:33.0171 3768 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:27:33.0203 3768 MRxSmb - ok
17:27:33.0312 3768 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:27:33.0312 3768 MSDTC - ok
17:27:33.0437 3768 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:27:33.0437 3768 Msfs - ok
17:27:33.0484 3768 MSIServer - ok
17:27:33.0578 3768 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:27:33.0578 3768 MSKSSRV - ok
17:27:33.0703 3768 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:27:33.0703 3768 MSPCLOCK - ok
17:27:33.0781 3768 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:27:33.0781 3768 MSPQM - ok
17:27:33.0843 3768 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:27:33.0843 3768 mssmbios - ok
17:27:33.0921 3768 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:27:33.0921 3768 MSTEE - ok
17:27:34.0000 3768 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:27:34.0015 3768 Mup - ok
17:27:34.0218 3768 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:27:34.0218 3768 NABTSFEC - ok
17:27:34.0421 3768 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:27:34.0437 3768 napagent - ok
17:27:34.0531 3768 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:27:34.0531 3768 NDIS - ok
17:27:34.0593 3768 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:27:34.0593 3768 NdisIP - ok
17:27:34.0671 3768 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:27:34.0687 3768 NdisTapi - ok
17:27:34.0734 3768 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:27:34.0734 3768 Ndisuio - ok
17:27:34.0781 3768 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:27:34.0781 3768 NdisWan - ok
17:27:34.0843 3768 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:27:34.0843 3768 NDProxy - ok
17:27:34.0906 3768 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:27:34.0906 3768 NetBIOS - ok
17:27:35.0031 3768 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:27:35.0031 3768 NetBT - ok
17:27:35.0156 3768 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:27:35.0171 3768 NetDDE - ok
17:27:35.0187 3768 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:27:35.0187 3768 NetDDEdsdm - ok
17:27:35.0281 3768 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:27:35.0281 3768 Netlogon - ok
17:27:35.0406 3768 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:27:35.0421 3768 Netman - ok
17:27:35.0593 3768 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
17:27:35.0609 3768 NetSvc - ok
17:27:35.0718 3768 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:27:35.0734 3768 NetTcpPortSharing - ok
17:27:35.0859 3768 NICCONFIGSVC (f24bcfefe471f4d34a5786b7fcb9235c) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
17:27:35.0859 3768 NICCONFIGSVC - ok
17:27:36.0031 3768 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:27:36.0046 3768 Nla - ok
17:27:36.0109 3768 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:27:36.0109 3768 Npfs - ok
17:27:36.0218 3768 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:27:36.0265 3768 Ntfs - ok
17:27:36.0328 3768 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:27:36.0328 3768 NtLmSsp - ok
17:27:36.0421 3768 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:27:36.0453 3768 NtmsSvc - ok
17:27:36.0531 3768 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:27:36.0531 3768 Null - ok
17:27:36.0703 3768 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:27:36.0796 3768 nv - ok
17:27:36.0937 3768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:27:36.0937 3768 NwlnkFlt - ok
17:27:37.0046 3768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:27:37.0046 3768 NwlnkFwd - ok
17:27:37.0187 3768 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
17:27:37.0187 3768 omci - ok
17:27:37.0312 3768 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:27:37.0312 3768 Parport - ok
17:27:37.0390 3768 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:27:37.0390 3768 PartMgr - ok
17:27:37.0453 3768 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:27:37.0453 3768 ParVdm - ok
17:27:37.0515 3768 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:27:37.0531 3768 PCI - ok
17:27:37.0546 3768 PCIDump - ok
17:27:37.0640 3768 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:27:37.0640 3768 PCIIde - ok
17:27:37.0687 3768 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:27:37.0687 3768 Pcmcia - ok
17:27:37.0718 3768 PDCOMP - ok
17:27:37.0750 3768 PDFRAME - ok
17:27:37.0781 3768 PDRELI - ok
17:27:37.0796 3768 PDRFRAME - ok
17:27:37.0843 3768 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:27:37.0859 3768 perc2 - ok
17:27:37.0906 3768 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:27:37.0906 3768 perc2hib - ok
17:27:38.0093 3768 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:27:38.0109 3768 PlugPlay - ok
17:27:38.0203 3768 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:27:38.0203 3768 PolicyAgent - ok
17:27:38.0296 3768 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:27:38.0296 3768 PptpMiniport - ok
17:27:38.0328 3768 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:27:38.0343 3768 ProtectedStorage - ok
17:27:38.0406 3768 ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) C:\WINDOWS\system32\PSIService.exe
17:27:38.0453 3768 ProtexisLicensing - ok
17:27:38.0484 3768 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:27:38.0500 3768 PSched - ok
17:27:38.0562 3768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:27:38.0562 3768 Ptilink - ok
17:27:38.0656 3768 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:27:38.0656 3768 ql1080 - ok
17:27:38.0703 3768 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:27:38.0703 3768 Ql10wnt - ok
17:27:38.0843 3768 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:27:38.0843 3768 ql12160 - ok
17:27:38.0953 3768 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:27:38.0953 3768 ql1240 - ok
17:27:39.0062 3768 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:27:39.0062 3768 ql1280 - ok
17:27:39.0156 3768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:27:39.0156 3768 RasAcd - ok
17:27:39.0250 3768 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:27:39.0250 3768 RasAuto - ok
17:27:39.0328 3768 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:27:39.0343 3768 Rasl2tp - ok
17:27:39.0453 3768 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:27:39.0484 3768 RasMan - ok
17:27:39.0578 3768 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:27:39.0578 3768 RasPppoe - ok
17:27:39.0625 3768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:27:39.0625 3768 Raspti - ok
17:27:39.0671 3768 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:27:39.0687 3768 Rdbss - ok
17:27:39.0718 3768 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:27:39.0718 3768 RDPCDD - ok
17:27:39.0812 3768 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:27:39.0828 3768 rdpdr - ok
17:27:39.0937 3768 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:27:39.0937 3768 RDPWD - ok
17:27:40.0062 3768 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:27:40.0062 3768 RDSessMgr - ok
17:27:40.0156 3768 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:27:40.0156 3768 redbook - ok
17:27:40.0250 3768 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:27:40.0250 3768 RemoteAccess - ok
17:27:40.0406 3768 RimUsb (4f4a4c09cc5be58a76cac1c337e004e6) C:\WINDOWS\system32\Drivers\RimUsb.sys
17:27:40.0406 3768 RimUsb - ok
17:27:40.0468 3768 RimVSerPort (3a5633ad615e2b15291bd0b1b97ccd8a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
17:27:40.0515 3768 RimVSerPort - ok
17:27:40.0562 3768 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
17:27:40.0562 3768 ROOTMODEM - ok
17:27:40.0625 3768 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:27:40.0640 3768 RpcLocator - ok
17:27:40.0718 3768 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:27:40.0718 3768 RpcSs - ok
17:27:40.0828 3768 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:27:40.0843 3768 RSVP - ok
17:27:40.0921 3768 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:27:40.0921 3768 SamSs - ok
17:27:41.0031 3768 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:27:41.0078 3768 SCardSvr - ok
17:27:41.0140 3768 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:27:41.0156 3768 Schedule - ok
17:27:41.0250 3768 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
17:27:41.0250 3768 SDDMI2 - ok
17:27:41.0343 3768 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:27:41.0359 3768 Secdrv - ok
17:27:41.0437 3768 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:27:41.0453 3768 seclogon - ok
17:27:41.0609 3768 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:27:41.0609 3768 SENS - ok
17:27:41.0718 3768 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:27:41.0718 3768 serenum - ok
17:27:41.0812 3768 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:27:41.0812 3768 Serial - ok
17:27:41.0890 3768 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:27:41.0890 3768 Sfloppy - ok
17:27:42.0000 3768 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:27:42.0015 3768 SharedAccess - ok
17:27:42.0109 3768 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:27:42.0125 3768 ShellHWDetection - ok
17:27:42.0234 3768 Simbad - ok
17:27:42.0343 3768 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:27:42.0343 3768 sisagp - ok
17:27:42.0437 3768 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:27:42.0437 3768 SLIP - ok
17:27:42.0484 3768 SoC PC-Camera Service - ok
17:27:42.0562 3768 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:27:42.0578 3768 Sparrow - ok
17:27:42.0656 3768 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:27:42.0656 3768 splitter - ok
17:27:42.0734 3768 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:27:42.0750 3768 Spooler - ok
17:27:42.0796 3768 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:27:42.0796 3768 sr - ok
17:27:42.0859 3768 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:27:42.0875 3768 srservice - ok
17:27:42.0984 3768 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:27:42.0984 3768 Srv - ok
17:27:43.0109 3768 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:27:43.0125 3768 SSDPSRV - ok
17:27:43.0218 3768 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
17:27:43.0234 3768 STAC97 - ok
17:27:43.0343 3768 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:27:43.0359 3768 stisvc - ok
17:27:43.0468 3768 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:27:43.0484 3768 streamip - ok
17:27:43.0562 3768 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:27:43.0593 3768 swenum - ok
17:27:43.0734 3768 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:27:43.0734 3768 swmidi - ok
17:27:43.0765 3768 SwPrv - ok
17:27:43.0953 3768 Symantec Core LC (4770f773c1417b913196fbf9e13a5ecb) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
17:27:44.0015 3768 Symantec Core LC - ok
17:27:44.0109 3768 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:27:44.0109 3768 symc810 - ok
17:27:44.0218 3768 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:27:44.0250 3768 symc8xx - ok
17:27:44.0328 3768 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
17:27:44.0328 3768 symlcbrd - ok
17:27:44.0468 3768 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:27:44.0468 3768 sym_hi - ok
17:27:44.0578 3768 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:27:44.0578 3768 sym_u3 - ok
17:27:44.0671 3768 SynTP (24f75b01c02992ad2e800b387269c50d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:27:44.0687 3768 SynTP - ok
17:27:44.0765 3768 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:27:44.0765 3768 sysaudio - ok
17:27:44.0859 3768 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:27:44.0859 3768 SysmonLog - ok
17:27:44.0984 3768 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:27:45.0000 3768 TapiSrv - ok
17:27:45.0156 3768 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:27:45.0171 3768 Tcpip - ok
17:27:45.0296 3768 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:27:45.0328 3768 TDPIPE - ok
17:27:45.0593 3768 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:27:45.0640 3768 TDTCP - ok
17:27:45.0765 3768 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:27:45.0765 3768 TermDD - ok
17:27:45.0859 3768 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:27:45.0875 3768 TermService - ok
17:27:45.0953 3768 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:27:45.0953 3768 Themes - ok
17:27:46.0078 3768 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
17:27:46.0093 3768 tmcomm - ok
17:27:46.0156 3768 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:27:46.0156 3768 TosIde - ok
17:27:46.0234 3768 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:27:46.0234 3768 TrkWks - ok
17:27:46.0343 3768 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:27:46.0343 3768 Udfs - ok
17:27:46.0453 3768 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:27:46.0468 3768 ultra - ok
17:27:46.0562 3768 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:27:46.0593 3768 Update - ok
17:27:46.0687 3768 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:27:46.0703 3768 upnphost - ok
17:27:46.0812 3768 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:27:46.0828 3768 UPS - ok
17:27:46.0968 3768 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:27:46.0968 3768 USBAAPL - ok
17:27:47.0125 3768 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:27:47.0125 3768 usbccgp - ok
17:27:47.0218 3768 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:27:47.0218 3768 usbehci - ok
17:27:47.0281 3768 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:27:47.0296 3768 usbhub - ok
17:27:47.0343 3768 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:27:47.0359 3768 usbprint - ok
17:27:47.0406 3768 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:27:47.0406 3768 usbscan - ok
17:27:47.0500 3768 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:27:47.0500 3768 USBSTOR - ok
17:27:47.0609 3768 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:27:47.0609 3768 usbuhci - ok
17:27:47.0703 3768 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:27:47.0718 3768 VgaSave - ok
17:27:47.0796 3768 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:27:47.0796 3768 viaagp - ok
17:27:47.0921 3768 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:27:47.0921 3768 ViaIde - ok
17:27:48.0062 3768 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
17:27:48.0062 3768 Viewpoint Manager Service - ok
17:27:48.0187 3768 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:27:48.0187 3768 VolSnap - ok
17:27:48.0343 3768 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:27:48.0359 3768 VSS - ok
17:27:48.0453 3768 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:27:48.0468 3768 w32time - ok
17:27:48.0546 3768 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:27:48.0546 3768 Wanarp - ok
17:27:48.0640 3768 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
17:27:48.0640 3768 wanatw - ok
17:27:48.0796 3768 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:27:48.0828 3768 Wdf01000 - ok
17:27:48.0937 3768 WDICA - ok
17:27:49.0015 3768 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:27:49.0015 3768 wdmaud - ok
17:27:49.0093 3768 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:27:49.0093 3768 WebClient - ok
17:27:49.0171 3768 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:27:49.0218 3768 winachsf - ok
17:27:49.0421 3768 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:27:49.0421 3768 winmgmt - ok
17:27:49.0531 3768 wltrysvc - ok
17:27:49.0625 3768 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:27:49.0625 3768 WmdmPmSN - ok
17:27:49.0781 3768 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:27:49.0781 3768 WmiApSrv - ok
17:27:50.0000 3768 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:27:50.0062 3768 WMPNetworkSvc - ok
17:27:50.0234 3768 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:27:50.0234 3768 wscsvc - ok
17:27:50.0343 3768 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:27:50.0343 3768 WSTCODEC - ok
17:27:50.0406 3768 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:27:50.0421 3768 wuauserv - ok
17:27:50.0500 3768 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:27:50.0500 3768 WudfPf - ok
17:27:50.0546 3768 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:27:50.0546 3768 WudfRd - ok
17:27:50.0578 3768 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:27:50.0593 3768 WudfSvc - ok
17:27:50.0750 3768 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:27:50.0781 3768 WZCSVC - ok
17:27:50.0968 3768 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:27:50.0968 3768 xmlprov - ok
17:27:51.0000 3768 MBR (0x1B8) (dbfb101d7442c448a7964bbb128e1250) \Device\Harddisk0\DR0
17:27:51.0046 3768 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
17:27:51.0046 3768 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
17:27:51.0093 3768 Boot (0x1200) (ca0f171cc60e3a14d27772245ab222a2) \Device\Harddisk0\DR0\Partition0
17:27:51.0093 3768 \Device\Harddisk0\DR0\Partition0 - ok
17:27:51.0093 3768 ============================================================
17:27:51.0093 3768 Scan finished
17:27:51.0093 3768 ============================================================
17:27:51.0125 3352 Detected object count: 1
17:27:51.0125 3352 Actual detected object count: 1
17:27:58.0843 3352 \Device\Harddisk0\DR0\# - copied to quarantine
17:27:58.0843 3352 \Device\Harddisk0\DR0 - copied to quarantine
17:27:58.0890 3352 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
17:27:58.0906 3352 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:27:58.0921 3352 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
17:27:58.0984 3352 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
17:27:59.0000 3352 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:27:59.0000 3352 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:27:59.0031 3352 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
17:27:59.0046 3352 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
17:27:59.0078 3352 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
17:27:59.0078 3352 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
17:27:59.0078 3352 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
17:27:59.0093 3352 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
17:27:59.0125 3352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
17:27:59.0125 3352 \Device\Harddisk0\DR0 - ok
17:27:59.0125 3352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
17:28:06.0687 2080 Deinitialize success

MBAM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.23.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rachele :: TARIAN [administrator]

3/25/2012 5:34:21 PM
mbam-log-2012-03-25 (17-34-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247643
Time elapsed: 18 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

dds
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Rachele Smaldone at 17:56:08 on 2012-03-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.92 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mWinlogon: SFCDisable=4 (0x4)
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Internet Security] c:\documents and settings\all users\application data\isecurity.exe
uRun: [Internet Security] c:\documents and settings\all users\application data\isecurity.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [dplaysvr] %APPDATA%\dplaysvr.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4D2459F3-9612-4793-94FC-1D3C9BD76D07} : DhcpNameServer = 192.168.2.1
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===

#6 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,268 posts

Posted 25 March 2012 - 05:44 PM

You had Rootkit.Boot.Pihar.b.
Once you wewre infected with Rootkit.Boot.Pihar.b, your personal information would be recorded and sent to a presupposed attacker, such as confidential data, login numbers and so on. I advise changing all sensitive passwords immediately, especially financial ones like online banking, PayPal.

Install a good real-time anti-virus. The Free version of Avast is excellent.

Please install a firrewall - the XP one only stops incoming traffic and doesn't stop unwanted outgoing traffic.
We recommend the Free Commodo Firewall.

Potentially unwanted programs (PUP): MyWebSearch, Ask, and other toolbars were probably bundled with other programs and may slow your PC and/or track your browsing.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Please let me know if you see any remaining problems...

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#7 RMD91

RMD91

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 26 March 2012 - 09:22 AM

I am downloading Avast/Commodo now, would you recommend i delete the PUP apps in MBAM? heres the log:

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\63\40b3013f-155f13d0 Java/Exploit.Blacole.AN trojan deleted - quarantined
C:\Documents and Settings\Rachele\Application Data\Sun\Java\Deployment\cache\6.0\17\f17ac11-7ebc5553 multiple threats deleted - quarantined
C:\Documents and Settings\Rachele\Application Data\Sun\Java\Deployment\cache\6.0\23\35249897-4465ac58 multiple threats deleted - quarantined
C:\Documents and Settings\Rachele\Application Data\Sun\Java\Deployment\cache\6.0\42\3b8f0baa-585bd62f a variant of Java/TrojanDownloader.Agent.AD trojan deleted - quarantined
C:\Documents and Settings\Rachele\Application Data\Sun\Java\Deployment\cache\6.0\44\ebc5dac-32fc178a multiple threats deleted - quarantined
C:\Documents and Settings\Rachele\Local Settings\Temp\jar_cache5388144586252487028.tmp probably a variant of Java/TrojanDownloader.OpenStream.NCI trojan deleted - quarantined
C:\Documents and Settings\Rachele\Local Settings\Temp\Photo.class a variant of Java/TrojanDownloader.Agent.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0004.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0006.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0007.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\apkygjkf.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\athdcjpi.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\bcbeg.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\bcbeg.bak2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\bcbeg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\bcbeg.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\bcbeg.tmp Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\bvdlicdr.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\CmdLineExt03.dll probably a variant of Win32/Agent.GMDYZPF trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\dntkxxco.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\doojdlbo.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\edjkunno.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\eqyqclwp.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\hanefcir.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\hjfdjggx.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\hpqfjkxc.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\hvvcebop.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\igufyqrb.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\jmgysmxp.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\jxyhvuyi.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\kavjhpqg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\kitxwaue.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\knniwmpy.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\lflmpblr.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\mdnojivs.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\ndvakfeu.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\nhxqjrsl.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\omtiisyw.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\ooqjjgww.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\opaprqea.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\qixcvegt.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\qlstvfec.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\sccksvne.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\sktitykx.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\snngxrny.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\tocfehyr.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\toffcqgb.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\tsvqepxg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\usflakro.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\vbykfvvy.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\vjwarkvi.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\vnipgsyn.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\wddwdtoc.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\xqrlmvdr.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\yaudtkxg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\ybajqcbs.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\ykimvwqg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\ynbxodwg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\yphgusor.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\yrtjtauw.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\yyjohgmp.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\yyvyqmpm.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\Temp\jar_cache2679399629908082218.tmp a variant of Java/TrojanDownloader.Agent.NDR trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache289062250196441589.tmp a variant of Java/TrojanDownloader.Agent.NDR trojan deleted - quarantined
C:\WINDOWS\Temp\Main.class a variant of Java/Exploit.CVE-2011-3544.BF trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Spy.SpyEye.CA trojan

#8 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,268 posts

Posted 26 March 2012 - 10:56 AM

would you recommend i delete the PUP apps in MBAM?

Yes, please have MBAM take care of any remaining PUPs. Surf only very cautiously until you have Avast installed, and do change your passwords.

Post the new MBAM log.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#9 RMD91

RMD91

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 26 March 2012 - 02:55 PM

1. Is there a popup blocker that blocks popups that IE doesnt catch and still pop up?
2. I got a message before that said virtual memory too low, im guessing its because im running avast now and i have a very slow machine
3. Heres the latest MBAM log with the PUP removed:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.23.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rachele :: TARIAN [administrator]

3/26/2012 2:49:58 PM
mbam-log-2012-03-26 (14-49-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 248975
Time elapsed: 34 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,268 posts

Posted 26 March 2012 - 03:15 PM

Virtual memory refers to the swap file.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#11 RMD91

RMD91

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 26 March 2012 - 03:55 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Rachele(administrator) on 26-03-2012 at 16:52:08
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/25/2012 07:17:51 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/25/2012 06:41:43 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/25/2012 01:38:46 PM) (Source: Application Hang) (User: )
Description: Hanging application CorelReg.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/24/2012 06:31:28 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/24/2012 11:53:12 AM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (03/24/2012 11:52:41 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/24/2012 11:52:41 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/23/2012 09:15:28 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/23/2012 09:15:24 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/23/2012 09:15:24 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (03/25/2012 05:29:46 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (03/25/2012 05:29:46 PM) (Source: Service Control Manager) (User: )
Description: The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%3

Error: (03/25/2012 05:16:54 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (03/25/2012 05:16:54 PM) (Source: Service Control Manager) (User: )
Description: The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%3

Error: (03/25/2012 05:13:11 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/25/2012 05:13:11 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/25/2012 05:13:10 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/25/2012 05:13:10 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/25/2012 05:13:10 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/25/2012 05:13:10 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (03/25/2012 07:17:51 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/25/2012 06:41:43 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/25/2012 01:38:46 PM) (Source: Application Hang)(User: )
Description: CorelReg.exe1.0.0.0hungapp0.0.0.000000000

Error: (03/24/2012 06:31:28 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/24/2012 11:53:12 AM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (03/24/2012 11:52:41 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/24/2012 11:52:41 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/23/2012 09:15:28 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/23/2012 09:15:24 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/23/2012 09:15:24 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


========================= Memory info: ===================================

Percentage of memory in use: 83%
Total physical RAM: 247.37 MB
Available physical RAM: 41.33 MB
Total Pagefile: 625.43 MB
Available Pagefile: 212.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1955.48 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:33.62 GB) (Free:9.54 GB) NTFS

========================= Users: ========================================

User accounts for \\TARIAN

Administrator Delaro Guest
HelpAssistant Rachele SUPPORT_388945a0


**** End of log ****

#12 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,268 posts

Posted 26 March 2012 - 04:34 PM

You have very little memory compared to the 1 to 4 G seen nowadays. It is enough for XP but only marginal if you have many things running.

The usual directions for blocking popups?

Open Internet Explorer by clicking the Start button , and then clicking Internet Explorer.
Click the Tools button, click Pop-up Blocker, and then click Pop-up Blocker Settings.
Under Filter level, select 'High: Block all pop-ups', and then click Close.
If you want to see pop-ups that are blocked when you have this setting turned on, hold down CTRL + ALT while the window opens.

But perhaps you already have it set that way? Please tell me what sites you see popups in with IE set to block all of them.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#13 RMD91

RMD91

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 28 March 2012 - 11:27 AM

The settings were not on high they were on low, I didn't think to check that. Thank you for your help!

#14 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,268 posts

Posted 28 March 2012 - 12:27 PM

You had

the internet redirects me to other sites still and my computers overall functionality has decreased

Would you say those things are now fixed?

Please run a complete scan with Avast and let me know if it finds anything.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#15 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,268 posts

Posted 09 April 2012 - 02:23 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button