• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
RMD91

Browser Redirects/Virus

15 posts in this topic

I had/have the "internet security 2012" virus on my computer, I ran MBAM and the shortcut remained on my desktop but the root was deleted as was the image so I deleted the desktop icon. Apparently either that virus was not removed completely or it was and I have more on my computer as the internet redirects me to other sites still and my computers overall functionality has decreased, even after running MBAM. Heres my HJT log:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:37:27 PM, on 3/24/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll

O1 - Hosts: 87.229.126.54 www.google.com

O1 - Hosts: 87.229.126.55 www.bing.com

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [internet Security] C:\Documents and Settings\All Users\Application Data\isecurity.exe

O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe (User 'Default user')

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Cat

O17 - HKLM\Software\..\Telephony: DomainName = Cat

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Cat

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Cat

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

O24 - Desktop Component 0: (no name) - C:\Program Files\ComPlus Applications\rterelelu.html

 

--

End of file - 9306 bytes

 

Help much appreciated!

 

Edit: Please read the Instructions and post the other requested logs. We need the information in order to help you.

 

Please also download HostsXpert Here and unzip it to your desktop.

Next, open HostsXpert

  • Make sure that the "make hosts writable?" button in the upper right corner is checked
  • Now, click on 'back up Host files'
  • then click on 'Restore orginal host files'
  • Finally, close HostsXpert.
Edited by cnm

Share this post


Link to post
Share on other sites

Hello RMD91.

 

Your hosts file is redirecting you. Please download HostsXpert Here and unzip it to your Desktop.

Next, open HostsXpert

  • Make sure that the "make hosts writable?" button in the upper right corner is checked
  • Now, click on 'back up Host files'
  • then click on 'Restore orginal host files'
  • Finally, close HostsXpert.

 

Then please read the Instructions and post the other requested logs. We need the information in order to help you.

Share this post


Link to post
Share on other sites

Apologies, I haven't been to this forum in a very long time and HJT was all that used to be required haha

 

MBAM Log

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.03.23.05

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Rachele :: TARIAN [administrator]

 

3/23/2012 9:31:52 PM

mbam-log-2012-03-23 (21-31-52).txt

 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 325932

Time elapsed: 3 hour(s), 50 minute(s), 7 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 24

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B18DD50-C996-44FC-AC52-0FECFF82ED58} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B18DD50-C996-44FC-AC52-0FECFF82ED58} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B5141620-C2B2-4D95-9F0F-134D99C87AB0} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B5141620-C2B2-4D95-9F0F-134D99C87AB0} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56} (Trojan.Agent) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F919FBD3-A96B-4679-AF26-F551439BB5FD} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\WebBuying (Adware.WebBuying) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 5

C:\Documents and Settings\NetworkService\Local Settings\Application Data\cdqxncsoa.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Rachele\Local Settings\Temp\20.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP872\A0221705.exe (Trojan.VUPX.PTI1) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP888\A0223786.exe (Trojan.VUPX.PTI3) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\7.tmp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

 

(end)

 

DDS log

 

 

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Rachele at 13:40:38 on 2012-03-25

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.62 [GMT -4:00]

.

AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WordPerfect Office 12\Programs\wpwin12.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.google.com/ie

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

mWinlogon: SFCDisable=4 (0x4)

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

uRun: [internet Security] c:\documents and settings\all users\application data\isecurity.exe

uRun: [internet Security] c:\documents and settings\all users\application data\isecurity.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe

mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

dRun: [dplaysvr] %APPDATA%\dplaysvr.exe

IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{4D2459F3-9612-4793-94FC-1D3C9BD76D07} : DhcpNameServer = 192.168.2.1

Notify: igfxcui - igfxsrvc.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-03-24 18:35:15 388096 ----a-r- c:\documents and settings\rachele smaldone\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-03-24 18:35:03 -------- d-----w- c:\program files\Trend Micro

2012-03-24 00:56:50 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP

2012-03-24 00:05:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-24 00:05:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-23 23:32:08 -------- dc----w- C:\sh4ldr

2012-03-23 23:32:08 -------- d-----w- c:\program files\Enigma Software Group

2012-03-22 17:59:41 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2012-03-21 22:34:45 -------- d-----w- c:\documents and settings\rachele\application data\Malwarebytes

2012-03-21 22:22:13 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-03-21 20:20:55 -------- dc----w- C:\Intel

2012-03-06 20:37:31 53248 ----a-r- c:\documents and settings\rachele\application data\microsoft\installer\{12baa98c-f8dd-4bc9-bbe6-1c8463114197}\ARPPRODUCTICON.exe

2012-03-06 20:34:06 -------- d-----w- c:\documents and settings\rachele\local settings\application data\Downloaded Installations

2012-03-05 23:30:41 -------- d-----w- c:\documents and settings\rachele\local settings\application data\Research In Motion

2012-03-05 23:30:17 -------- d-----w- c:\documents and settings\rachele\application data\Research In Motion

2012-03-05 23:25:54 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2012-03-05 23:25:29 35328 ----a-r- c:\windows\system32\drivers\RimSerial.sys

2012-03-05 23:22:00 -------- d-----w- c:\documents and settings\all users\application data\Research In Motion

2012-03-05 23:20:42 -------- d-----w- c:\program files\common files\Research In Motion

2012-03-05 23:20:40 -------- d-----w- c:\program files\Research In Motion

2012-03-05 03:16:20 -------- d-----w- c:\documents and settings\rachele\.frostwire5

2012-03-05 03:12:34 -------- d-----w- c:\program files\Ask.com

2012-03-05 03:12:18 -------- d-----w- c:\documents and settings\rachele\local settings\application data\AskToolbar

2012-03-04 21:28:43 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-03-04 21:28:42 -------- d-----w- c:\windows\system32\wbem\Repository

.

==================== Find3M ====================

.

2012-03-25 17:36:46 7936 -csha-w- c:\windows\system32\KGyGaAvL.sys

2012-03-25 17:36:46 56 -csh--r- c:\windows\system32\44A6751BC2.sys

2012-03-01 01:44:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: FUJITSU_MHV2040AH rev.00000096 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xFF94649F]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0xff94d740]; MOV EAX, [0xff94d8b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x81D8DAB8]

3 CLASSPNP[0xF953AFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0xFFB0E748]

\Driver\atapi[0xFFAF8A18] -> IRP_MJ_CREATE -> 0xFF94649F

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0xFF9462C6

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 13:55:39.71 ===============

 

sec check

 

Results of screen317's Security Check version 0.99.32

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

```````````````````````````````

Anti-malware/Other Utilities Check:

Anti-Spyware

Java 6 Update 22

Java 6 Update 2

Java 6 Update 5

Java 2 Runtime Environment, SE v1.4.2_03

Java version out of date!

Adobe Flash Player 10.0.12.36 Flash Player out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Rachele Desktop SecurityCheck.exe

``````````End of Log````````````

Edited by RMD91

Share this post


Link to post
Share on other sites

Please do these important security updates:

Update Adobe Flash Player. It's important to remove old versions.

Updating Java:

  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: javaicon.gif
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

 

Then:

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

 


  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next replies, along with new DDS.txt, checkup.txt and MBAM log

Share this post


Link to post
Share on other sites

As a note the DDS run took 2 minutes as opposed to 20/30 the first time through. Also I see flashplayer still says outdated but I installed the new version and it said it worked. Here are the logs:

 

tdss

 

17:26:52.0718 0740 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00

17:26:53.0328 0740 ============================================================

17:26:53.0328 0740 Current date / time: 2012/03/25 17:26:53.0328

17:26:53.0328 0740 SystemInfo:

17:26:53.0328 0740

17:26:53.0328 0740 OS Version: 5.1.2600 ServicePack: 3.0

17:26:53.0328 0740 Product type: Workstation

17:26:53.0328 0740 ComputerName: TARIAN

17:26:53.0328 0740 UserName: Rachele

17:26:53.0328 0740 Windows directory: C:\WINDOWS

17:26:53.0328 0740 System windows directory: C:\WINDOWS

17:26:53.0328 0740 Processor architecture: Intel x86

17:26:53.0328 0740 Number of processors: 1

17:26:53.0328 0740 Page size: 0x1000

17:26:53.0328 0740 Boot type: Normal boot

17:26:53.0328 0740 ============================================================

17:26:57.0859 0740 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

17:26:57.0921 0740 \Device\Harddisk0\DR0:

17:26:57.0921 0740 MBR used

17:26:57.0921 0740 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x433E2E5

17:26:57.0984 0740 Initialize success

17:26:57.0984 0740 ============================================================

17:27:16.0921 3768 ============================================================

17:27:16.0921 3768 Scan started

17:27:16.0921 3768 Mode: Manual;

17:27:16.0921 3768 ============================================================

17:27:17.0406 3768 Abiosdsk - ok

17:27:17.0531 3768 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

17:27:17.0531 3768 abp480n5 - ok

17:27:17.0625 3768 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:27:17.0625 3768 ACPI - ok

17:27:17.0687 3768 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:27:17.0687 3768 ACPIEC - ok

17:27:17.0734 3768 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

17:27:17.0734 3768 adpu160m - ok

17:27:17.0812 3768 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:27:17.0812 3768 aec - ok

17:27:17.0890 3768 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

17:27:17.0890 3768 AegisP - ok

17:27:17.0953 3768 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:27:18.0000 3768 AFD - ok

17:27:18.0156 3768 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

17:27:18.0187 3768 agp440 - ok

17:27:18.0281 3768 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

17:27:18.0281 3768 agpCPQ - ok

17:27:18.0390 3768 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

17:27:18.0390 3768 Aha154x - ok

17:27:18.0500 3768 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

17:27:18.0500 3768 aic78u2 - ok

17:27:18.0609 3768 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

17:27:18.0625 3768 aic78xx - ok

17:27:18.0734 3768 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

17:27:18.0734 3768 Alerter - ok

17:27:18.0859 3768 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

17:27:18.0859 3768 ALG - ok

17:27:18.0937 3768 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

17:27:18.0937 3768 AliIde - ok

17:27:19.0046 3768 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

17:27:19.0046 3768 alim1541 - ok

17:27:19.0078 3768 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

17:27:19.0078 3768 amdagp - ok

17:27:19.0125 3768 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

17:27:19.0125 3768 amsint - ok

17:27:19.0281 3768 Appdrv (ec94e05b76d033b74394e7b2175103cf) C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys

17:27:19.0281 3768 Appdrv - ok

17:27:19.0437 3768 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:27:19.0437 3768 Apple Mobile Device - ok

17:27:19.0531 3768 AppMgmt - ok

17:27:19.0750 3768 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

17:27:19.0750 3768 asc - ok

17:27:19.0828 3768 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

17:27:19.0828 3768 asc3350p - ok

17:27:19.0953 3768 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

17:27:19.0953 3768 asc3550 - ok

17:27:20.0156 3768 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

17:27:20.0203 3768 aspnet_state - ok

17:27:20.0296 3768 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:27:20.0296 3768 AsyncMac - ok

17:27:20.0421 3768 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:27:20.0421 3768 atapi - ok

17:27:20.0484 3768 Atdisk - ok

17:27:20.0562 3768 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:27:20.0562 3768 Atmarpc - ok

17:27:20.0671 3768 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

17:27:20.0671 3768 AudioSrv - ok

17:27:20.0765 3768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:27:20.0765 3768 audstub - ok

17:27:20.0843 3768 Automatic LiveUpdate Scheduler - ok

17:27:20.0968 3768 BCM43XX (c3ab2d6954c7b5103770832a3a6a591b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

17:27:20.0984 3768 BCM43XX - ok

17:27:21.0031 3768 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:27:21.0031 3768 Beep - ok

17:27:21.0156 3768 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

17:27:21.0281 3768 BITS - ok

17:27:21.0390 3768 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

17:27:21.0390 3768 Browser - ok

17:27:21.0484 3768 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

17:27:21.0484 3768 cbidf - ok

17:27:21.0562 3768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:27:21.0562 3768 cbidf2k - ok

17:27:21.0718 3768 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:27:21.0734 3768 CCDECODE - ok

17:27:21.0859 3768 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

17:27:21.0859 3768 cd20xrnt - ok

17:27:21.0937 3768 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:27:21.0937 3768 Cdaudio - ok

17:27:22.0015 3768 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:27:22.0015 3768 Cdfs - ok

17:27:22.0078 3768 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:27:22.0078 3768 Cdrom - ok

17:27:22.0140 3768 Changer - ok

17:27:22.0234 3768 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

17:27:22.0250 3768 CiSvc - ok

17:27:22.0281 3768 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

17:27:22.0281 3768 ClipSrv - ok

17:27:22.0437 3768 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:27:22.0531 3768 clr_optimization_v2.0.50727_32 - ok

17:27:22.0671 3768 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

17:27:22.0671 3768 CmBatt - ok

17:27:22.0765 3768 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

17:27:22.0765 3768 CmdIde - ok

17:27:22.0828 3768 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

17:27:22.0828 3768 Compbatt - ok

17:27:22.0859 3768 COMSysApp - ok

17:27:22.0921 3768 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

17:27:22.0921 3768 Cpqarray - ok

17:27:23.0031 3768 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

17:27:23.0031 3768 CryptSvc - ok

17:27:23.0203 3768 CSS DVP (10d08460d2415b38d4179d91a6ae3a25) C:\WINDOWS\system32\DRIVERS\css-dvp.sys

17:27:23.0265 3768 CSS DVP - ok

17:27:23.0343 3768 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

17:27:23.0343 3768 dac2w2k - ok

17:27:23.0484 3768 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

17:27:23.0484 3768 dac960nt - ok

17:27:23.0656 3768 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

17:27:23.0687 3768 DcomLaunch - ok

17:27:23.0765 3768 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

17:27:23.0765 3768 Dhcp - ok

17:27:23.0828 3768 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:27:23.0828 3768 Disk - ok

17:27:23.0859 3768 dmadmin - ok

17:27:23.0968 3768 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:27:24.0000 3768 dmboot - ok

17:27:24.0046 3768 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:27:24.0046 3768 dmio - ok

17:27:24.0250 3768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:27:24.0250 3768 dmload - ok

17:27:24.0359 3768 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

17:27:24.0359 3768 dmserver - ok

17:27:24.0421 3768 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:27:24.0421 3768 DMusic - ok

17:27:24.0484 3768 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

17:27:24.0500 3768 Dnscache - ok

17:27:24.0593 3768 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

17:27:24.0609 3768 Dot3svc - ok

17:27:24.0656 3768 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

17:27:24.0656 3768 dpti2o - ok

17:27:24.0734 3768 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:27:24.0750 3768 drmkaud - ok

17:27:24.0906 3768 dvpapi (68c9a40ea00417df63f541fd8dfa65a1) C:\Program Files\Common Files\Command Software\dvpapi.exe

17:27:24.0906 3768 dvpapi - ok

17:27:25.0109 3768 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys

17:27:25.0109 3768 E100B - ok

17:27:25.0187 3768 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

17:27:25.0187 3768 EapHost - ok

17:27:25.0265 3768 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

17:27:25.0265 3768 ERSvc - ok

17:27:25.0359 3768 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

17:27:25.0375 3768 Eventlog - ok

17:27:25.0453 3768 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

17:27:25.0500 3768 EventSystem - ok

17:27:25.0765 3768 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:27:25.0765 3768 Fastfat - ok

17:27:25.0843 3768 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

17:27:25.0843 3768 FastUserSwitchingCompatibility - ok

17:27:26.0000 3768 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

17:27:26.0031 3768 Fax - ok

17:27:26.0203 3768 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

17:27:26.0218 3768 Fdc - ok

17:27:26.0343 3768 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:27:26.0343 3768 Fips - ok

17:27:26.0421 3768 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

17:27:26.0437 3768 Flpydisk - ok

17:27:26.0546 3768 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:27:26.0562 3768 FltMgr - ok

17:27:26.0765 3768 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

17:27:26.0765 3768 FontCache3.0.0.0 - ok

17:27:26.0843 3768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:27:26.0843 3768 Fs_Rec - ok

17:27:26.0890 3768 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:27:26.0890 3768 Ftdisk - ok

17:27:27.0031 3768 getPlus® Helper (7bec703f31e1d441db16886c9aa4cba9) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

17:27:27.0062 3768 getPlus® Helper - ok

17:27:27.0328 3768 GoogleDesktopManager (6dfe6b4d2fc37433aec0f82d2ef0b509) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

17:27:27.0437 3768 GoogleDesktopManager - ok

17:27:27.0546 3768 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:27:27.0546 3768 Gpc - ok

17:27:27.0687 3768 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

17:27:27.0687 3768 gusvc - ok

17:27:27.0828 3768 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

17:27:27.0828 3768 helpsvc - ok

17:27:27.0890 3768 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

17:27:27.0890 3768 HidServ - ok

17:27:27.0953 3768 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:27:27.0953 3768 HidUsb - ok

17:27:28.0078 3768 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

17:27:28.0078 3768 hkmsvc - ok

17:27:28.0203 3768 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

17:27:28.0203 3768 hpn - ok

17:27:28.0296 3768 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

17:27:28.0312 3768 HSFHWICH - ok

17:27:28.0468 3768 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

17:27:28.0531 3768 HSF_DP - ok

17:27:28.0625 3768 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:27:28.0640 3768 HTTP - ok

17:27:28.0734 3768 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

17:27:28.0750 3768 HTTPFilter - ok

17:27:28.0859 3768 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

17:27:28.0859 3768 i2omgmt - ok

17:27:28.0953 3768 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

17:27:28.0953 3768 i2omp - ok

17:27:29.0015 3768 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:27:29.0015 3768 i8042prt - ok

17:27:29.0156 3768 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

17:27:29.0218 3768 ialm - ok

17:27:29.0453 3768 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:27:29.0500 3768 idsvc - ok

17:27:29.0593 3768 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:27:29.0609 3768 Imapi - ok

17:27:29.0687 3768 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

17:27:29.0703 3768 ImapiService - ok

17:27:29.0796 3768 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

17:27:29.0796 3768 ini910u - ok

17:27:29.0875 3768 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

17:27:29.0875 3768 IntelIde - ok

17:27:29.0921 3768 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:27:29.0937 3768 intelppm - ok

17:27:30.0000 3768 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:27:30.0000 3768 Ip6Fw - ok

17:27:30.0062 3768 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:27:30.0062 3768 IpFilterDriver - ok

17:27:30.0125 3768 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:27:30.0140 3768 IpInIp - ok

17:27:30.0218 3768 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:27:30.0218 3768 IpNat - ok

17:27:30.0421 3768 iPod Service (e51bd095b2fdf56b17ee010bb794d6ed) C:\Program Files\iPod\bin\iPodService.exe

17:27:30.0484 3768 iPod Service - ok

17:27:30.0531 3768 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:27:30.0531 3768 IPSec - ok

17:27:30.0625 3768 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:27:30.0625 3768 IRENUM - ok

17:27:30.0781 3768 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:27:30.0781 3768 isapnp - ok

17:27:31.0468 3768 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

17:27:31.0484 3768 JavaQuickStarterService - ok

17:27:31.0562 3768 JL2005 - ok

17:27:31.0609 3768 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:27:31.0609 3768 Kbdclass - ok

17:27:31.0671 3768 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:27:31.0671 3768 kbdhid - ok

17:27:31.0781 3768 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:27:31.0781 3768 kmixer - ok

17:27:31.0828 3768 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:27:31.0843 3768 KSecDD - ok

17:27:31.0890 3768 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

17:27:31.0890 3768 lanmanserver - ok

17:27:31.0953 3768 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

17:27:31.0968 3768 lanmanworkstation - ok

17:27:32.0000 3768 lbrtfdc - ok

17:27:32.0046 3768 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

17:27:32.0062 3768 LmHosts - ok

17:27:32.0078 3768 MCSTRM - ok

17:27:32.0171 3768 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

17:27:32.0171 3768 mdmxsdk - ok

17:27:32.0343 3768 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

17:27:32.0343 3768 Messenger - ok

17:27:32.0437 3768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:27:32.0437 3768 mnmdd - ok

17:27:32.0531 3768 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

17:27:32.0546 3768 mnmsrvc - ok

17:27:32.0656 3768 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:27:32.0656 3768 Modem - ok

17:27:32.0718 3768 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:27:32.0718 3768 Mouclass - ok

17:27:32.0812 3768 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:27:32.0812 3768 mouhid - ok

17:27:32.0906 3768 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:27:32.0921 3768 MountMgr - ok

17:27:33.0015 3768 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

17:27:33.0015 3768 mraid35x - ok

17:27:33.0046 3768 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:27:33.0062 3768 MRxDAV - ok

17:27:33.0171 3768 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:27:33.0203 3768 MRxSmb - ok

17:27:33.0312 3768 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

17:27:33.0312 3768 MSDTC - ok

17:27:33.0437 3768 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:27:33.0437 3768 Msfs - ok

17:27:33.0484 3768 MSIServer - ok

17:27:33.0578 3768 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:27:33.0578 3768 MSKSSRV - ok

17:27:33.0703 3768 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:27:33.0703 3768 MSPCLOCK - ok

17:27:33.0781 3768 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:27:33.0781 3768 MSPQM - ok

17:27:33.0843 3768 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:27:33.0843 3768 mssmbios - ok

17:27:33.0921 3768 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

17:27:33.0921 3768 MSTEE - ok

17:27:34.0000 3768 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:27:34.0015 3768 Mup - ok

17:27:34.0218 3768 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:27:34.0218 3768 NABTSFEC - ok

17:27:34.0421 3768 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

17:27:34.0437 3768 napagent - ok

17:27:34.0531 3768 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:27:34.0531 3768 NDIS - ok

17:27:34.0593 3768 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:27:34.0593 3768 NdisIP - ok

17:27:34.0671 3768 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:27:34.0687 3768 NdisTapi - ok

17:27:34.0734 3768 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:27:34.0734 3768 Ndisuio - ok

17:27:34.0781 3768 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:27:34.0781 3768 NdisWan - ok

17:27:34.0843 3768 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:27:34.0843 3768 NDProxy - ok

17:27:34.0906 3768 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:27:34.0906 3768 NetBIOS - ok

17:27:35.0031 3768 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:27:35.0031 3768 NetBT - ok

17:27:35.0156 3768 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

17:27:35.0171 3768 NetDDE - ok

17:27:35.0187 3768 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

17:27:35.0187 3768 NetDDEdsdm - ok

17:27:35.0281 3768 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:27:35.0281 3768 Netlogon - ok

17:27:35.0406 3768 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

17:27:35.0421 3768 Netman - ok

17:27:35.0593 3768 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

17:27:35.0609 3768 NetSvc - ok

17:27:35.0718 3768 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:27:35.0734 3768 NetTcpPortSharing - ok

17:27:35.0859 3768 NICCONFIGSVC (f24bcfefe471f4d34a5786b7fcb9235c) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

17:27:35.0859 3768 NICCONFIGSVC - ok

17:27:36.0031 3768 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

17:27:36.0046 3768 Nla - ok

17:27:36.0109 3768 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:27:36.0109 3768 Npfs - ok

17:27:36.0218 3768 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:27:36.0265 3768 Ntfs - ok

17:27:36.0328 3768 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:27:36.0328 3768 NtLmSsp - ok

17:27:36.0421 3768 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

17:27:36.0453 3768 NtmsSvc - ok

17:27:36.0531 3768 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:27:36.0531 3768 Null - ok

17:27:36.0703 3768 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:27:36.0796 3768 nv - ok

17:27:36.0937 3768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:27:36.0937 3768 NwlnkFlt - ok

17:27:37.0046 3768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:27:37.0046 3768 NwlnkFwd - ok

17:27:37.0187 3768 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

17:27:37.0187 3768 omci - ok

17:27:37.0312 3768 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:27:37.0312 3768 Parport - ok

17:27:37.0390 3768 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:27:37.0390 3768 PartMgr - ok

17:27:37.0453 3768 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:27:37.0453 3768 ParVdm - ok

17:27:37.0515 3768 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:27:37.0531 3768 PCI - ok

17:27:37.0546 3768 PCIDump - ok

17:27:37.0640 3768 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:27:37.0640 3768 PCIIde - ok

17:27:37.0687 3768 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

17:27:37.0687 3768 Pcmcia - ok

17:27:37.0718 3768 PDCOMP - ok

17:27:37.0750 3768 PDFRAME - ok

17:27:37.0781 3768 PDRELI - ok

17:27:37.0796 3768 PDRFRAME - ok

17:27:37.0843 3768 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

17:27:37.0859 3768 perc2 - ok

17:27:37.0906 3768 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

17:27:37.0906 3768 perc2hib - ok

17:27:38.0093 3768 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

17:27:38.0109 3768 PlugPlay - ok

17:27:38.0203 3768 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:27:38.0203 3768 PolicyAgent - ok

17:27:38.0296 3768 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:27:38.0296 3768 PptpMiniport - ok

17:27:38.0328 3768 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:27:38.0343 3768 ProtectedStorage - ok

17:27:38.0406 3768 ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) C:\WINDOWS\system32\PSIService.exe

17:27:38.0453 3768 ProtexisLicensing - ok

17:27:38.0484 3768 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:27:38.0500 3768 PSched - ok

17:27:38.0562 3768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:27:38.0562 3768 Ptilink - ok

17:27:38.0656 3768 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

17:27:38.0656 3768 ql1080 - ok

17:27:38.0703 3768 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

17:27:38.0703 3768 Ql10wnt - ok

17:27:38.0843 3768 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

17:27:38.0843 3768 ql12160 - ok

17:27:38.0953 3768 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

17:27:38.0953 3768 ql1240 - ok

17:27:39.0062 3768 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

17:27:39.0062 3768 ql1280 - ok

17:27:39.0156 3768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:27:39.0156 3768 RasAcd - ok

17:27:39.0250 3768 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

17:27:39.0250 3768 RasAuto - ok

17:27:39.0328 3768 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:27:39.0343 3768 Rasl2tp - ok

17:27:39.0453 3768 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

17:27:39.0484 3768 RasMan - ok

17:27:39.0578 3768 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:27:39.0578 3768 RasPppoe - ok

17:27:39.0625 3768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:27:39.0625 3768 Raspti - ok

17:27:39.0671 3768 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:27:39.0687 3768 Rdbss - ok

17:27:39.0718 3768 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:27:39.0718 3768 RDPCDD - ok

17:27:39.0812 3768 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:27:39.0828 3768 rdpdr - ok

17:27:39.0937 3768 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

17:27:39.0937 3768 RDPWD - ok

17:27:40.0062 3768 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

17:27:40.0062 3768 RDSessMgr - ok

17:27:40.0156 3768 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:27:40.0156 3768 redbook - ok

17:27:40.0250 3768 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

17:27:40.0250 3768 RemoteAccess - ok

17:27:40.0406 3768 RimUsb (4f4a4c09cc5be58a76cac1c337e004e6) C:\WINDOWS\system32\Drivers\RimUsb.sys

17:27:40.0406 3768 RimUsb - ok

17:27:40.0468 3768 RimVSerPort (3a5633ad615e2b15291bd0b1b97ccd8a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

17:27:40.0515 3768 RimVSerPort - ok

17:27:40.0562 3768 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

17:27:40.0562 3768 ROOTMODEM - ok

17:27:40.0625 3768 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

17:27:40.0640 3768 RpcLocator - ok

17:27:40.0718 3768 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

17:27:40.0718 3768 RpcSs - ok

17:27:40.0828 3768 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

17:27:40.0843 3768 RSVP - ok

17:27:40.0921 3768 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:27:40.0921 3768 SamSs - ok

17:27:41.0031 3768 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

17:27:41.0078 3768 SCardSvr - ok

17:27:41.0140 3768 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

17:27:41.0156 3768 Schedule - ok

17:27:41.0250 3768 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys

17:27:41.0250 3768 SDDMI2 - ok

17:27:41.0343 3768 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:27:41.0359 3768 Secdrv - ok

17:27:41.0437 3768 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

17:27:41.0453 3768 seclogon - ok

17:27:41.0609 3768 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

17:27:41.0609 3768 SENS - ok

17:27:41.0718 3768 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:27:41.0718 3768 serenum - ok

17:27:41.0812 3768 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

17:27:41.0812 3768 Serial - ok

17:27:41.0890 3768 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:27:41.0890 3768 Sfloppy - ok

17:27:42.0000 3768 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

17:27:42.0015 3768 SharedAccess - ok

17:27:42.0109 3768 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

17:27:42.0125 3768 ShellHWDetection - ok

17:27:42.0234 3768 Simbad - ok

17:27:42.0343 3768 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

17:27:42.0343 3768 sisagp - ok

17:27:42.0437 3768 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:27:42.0437 3768 SLIP - ok

17:27:42.0484 3768 SoC PC-Camera Service - ok

17:27:42.0562 3768 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

17:27:42.0578 3768 Sparrow - ok

17:27:42.0656 3768 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:27:42.0656 3768 splitter - ok

17:27:42.0734 3768 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

17:27:42.0750 3768 Spooler - ok

17:27:42.0796 3768 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:27:42.0796 3768 sr - ok

17:27:42.0859 3768 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

17:27:42.0875 3768 srservice - ok

17:27:42.0984 3768 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:27:42.0984 3768 Srv - ok

17:27:43.0109 3768 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

17:27:43.0125 3768 SSDPSRV - ok

17:27:43.0218 3768 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys

17:27:43.0234 3768 STAC97 - ok

17:27:43.0343 3768 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

17:27:43.0359 3768 stisvc - ok

17:27:43.0468 3768 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:27:43.0484 3768 streamip - ok

17:27:43.0562 3768 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:27:43.0593 3768 swenum - ok

17:27:43.0734 3768 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:27:43.0734 3768 swmidi - ok

17:27:43.0765 3768 SwPrv - ok

17:27:43.0953 3768 Symantec Core LC (4770f773c1417b913196fbf9e13a5ecb) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

17:27:44.0015 3768 Symantec Core LC - ok

17:27:44.0109 3768 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

17:27:44.0109 3768 symc810 - ok

17:27:44.0218 3768 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

17:27:44.0250 3768 symc8xx - ok

17:27:44.0328 3768 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

17:27:44.0328 3768 symlcbrd - ok

17:27:44.0468 3768 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

17:27:44.0468 3768 sym_hi - ok

17:27:44.0578 3768 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

17:27:44.0578 3768 sym_u3 - ok

17:27:44.0671 3768 SynTP (24f75b01c02992ad2e800b387269c50d) C:\WINDOWS\system32\DRIVERS\SynTP.sys

17:27:44.0687 3768 SynTP - ok

17:27:44.0765 3768 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:27:44.0765 3768 sysaudio - ok

17:27:44.0859 3768 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

17:27:44.0859 3768 SysmonLog - ok

17:27:44.0984 3768 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

17:27:45.0000 3768 TapiSrv - ok

17:27:45.0156 3768 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:27:45.0171 3768 Tcpip - ok

17:27:45.0296 3768 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:27:45.0328 3768 TDPIPE - ok

17:27:45.0593 3768 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:27:45.0640 3768 TDTCP - ok

17:27:45.0765 3768 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:27:45.0765 3768 TermDD - ok

17:27:45.0859 3768 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

17:27:45.0875 3768 TermService - ok

17:27:45.0953 3768 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

17:27:45.0953 3768 Themes - ok

17:27:46.0078 3768 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys

17:27:46.0093 3768 tmcomm - ok

17:27:46.0156 3768 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

17:27:46.0156 3768 TosIde - ok

17:27:46.0234 3768 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

17:27:46.0234 3768 TrkWks - ok

17:27:46.0343 3768 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:27:46.0343 3768 Udfs - ok

17:27:46.0453 3768 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

17:27:46.0468 3768 ultra - ok

17:27:46.0562 3768 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:27:46.0593 3768 Update - ok

17:27:46.0687 3768 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

17:27:46.0703 3768 upnphost - ok

17:27:46.0812 3768 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

17:27:46.0828 3768 UPS - ok

17:27:46.0968 3768 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

17:27:46.0968 3768 USBAAPL - ok

17:27:47.0125 3768 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:27:47.0125 3768 usbccgp - ok

17:27:47.0218 3768 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:27:47.0218 3768 usbehci - ok

17:27:47.0281 3768 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:27:47.0296 3768 usbhub - ok

17:27:47.0343 3768 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:27:47.0359 3768 usbprint - ok

17:27:47.0406 3768 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:27:47.0406 3768 usbscan - ok

17:27:47.0500 3768 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:27:47.0500 3768 USBSTOR - ok

17:27:47.0609 3768 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:27:47.0609 3768 usbuhci - ok

17:27:47.0703 3768 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:27:47.0718 3768 VgaSave - ok

17:27:47.0796 3768 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

17:27:47.0796 3768 viaagp - ok

17:27:47.0921 3768 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

17:27:47.0921 3768 ViaIde - ok

17:27:48.0062 3768 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe

17:27:48.0062 3768 Viewpoint Manager Service - ok

17:27:48.0187 3768 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:27:48.0187 3768 VolSnap - ok

17:27:48.0343 3768 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

17:27:48.0359 3768 VSS - ok

17:27:48.0453 3768 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

17:27:48.0468 3768 w32time - ok

17:27:48.0546 3768 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:27:48.0546 3768 Wanarp - ok

17:27:48.0640 3768 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

17:27:48.0640 3768 wanatw - ok

17:27:48.0796 3768 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

17:27:48.0828 3768 Wdf01000 - ok

17:27:48.0937 3768 WDICA - ok

17:27:49.0015 3768 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:27:49.0015 3768 wdmaud - ok

17:27:49.0093 3768 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

17:27:49.0093 3768 WebClient - ok

17:27:49.0171 3768 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

17:27:49.0218 3768 winachsf - ok

17:27:49.0421 3768 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

17:27:49.0421 3768 winmgmt - ok

17:27:49.0531 3768 wltrysvc - ok

17:27:49.0625 3768 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

17:27:49.0625 3768 WmdmPmSN - ok

17:27:49.0781 3768 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

17:27:49.0781 3768 WmiApSrv - ok

17:27:50.0000 3768 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\wmpnetwk.exe

17:27:50.0062 3768 WMPNetworkSvc - ok

17:27:50.0234 3768 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

17:27:50.0234 3768 wscsvc - ok

17:27:50.0343 3768 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:27:50.0343 3768 WSTCODEC - ok

17:27:50.0406 3768 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

17:27:50.0421 3768 wuauserv - ok

17:27:50.0500 3768 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:27:50.0500 3768 WudfPf - ok

17:27:50.0546 3768 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:27:50.0546 3768 WudfRd - ok

17:27:50.0578 3768 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

17:27:50.0593 3768 WudfSvc - ok

17:27:50.0750 3768 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

17:27:50.0781 3768 WZCSVC - ok

17:27:50.0968 3768 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

17:27:50.0968 3768 xmlprov - ok

17:27:51.0000 3768 MBR (0x1B8) (dbfb101d7442c448a7964bbb128e1250) \Device\Harddisk0\DR0

17:27:51.0046 3768 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

17:27:51.0046 3768 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

17:27:51.0093 3768 Boot (0x1200) (ca0f171cc60e3a14d27772245ab222a2) \Device\Harddisk0\DR0\Partition0

17:27:51.0093 3768 \Device\Harddisk0\DR0\Partition0 - ok

17:27:51.0093 3768 ============================================================

17:27:51.0093 3768 Scan finished

17:27:51.0093 3768 ============================================================

17:27:51.0125 3352 Detected object count: 1

17:27:51.0125 3352 Actual detected object count: 1

17:27:58.0843 3352 \Device\Harddisk0\DR0\# - copied to quarantine

17:27:58.0843 3352 \Device\Harddisk0\DR0 - copied to quarantine

17:27:58.0890 3352 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

17:27:58.0906 3352 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

17:27:58.0921 3352 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

17:27:58.0984 3352 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

17:27:59.0000 3352 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

17:27:59.0000 3352 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

17:27:59.0031 3352 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

17:27:59.0046 3352 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

17:27:59.0078 3352 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

17:27:59.0078 3352 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

17:27:59.0078 3352 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

17:27:59.0093 3352 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

17:27:59.0125 3352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

17:27:59.0125 3352 \Device\Harddisk0\DR0 - ok

17:27:59.0125 3352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

17:28:06.0687 2080 Deinitialize success

 

MBAM

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.03.23.05

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Rachele :: TARIAN [administrator]

 

3/25/2012 5:34:21 PM

mbam-log-2012-03-25 (17-34-21).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 247643

Time elapsed: 18 minute(s), 35 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 6

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

dds

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Rachele Smaldone at 17:56:08 on 2012-03-25

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.92 [GMT -4:00]

.

AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.google.com/ie

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

mWinlogon: SFCDisable=4 (0x4)

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

uRun: [internet Security] c:\documents and settings\all users\application data\isecurity.exe

uRun: [internet Security] c:\documents and settings\all users\application data\isecurity.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe

mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [dplaysvr] %APPDATA%\dplaysvr.exe

IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{4D2459F3-9612-4793-94FC-1D3C9BD76D07} : DhcpNameServer = 192.168.2.1

Notify: igfxcui - igfxsrvc.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===

Share this post


Link to post
Share on other sites

You had Rootkit.Boot.Pihar.b.

Once you wewre infected with Rootkit.Boot.Pihar.b, your personal information would be recorded and sent to a presupposed attacker, such as confidential data, login numbers and so on. I advise changing all sensitive passwords immediately, especially financial ones like online banking, PayPal.

 

Install a good real-time anti-virus. The Free version of Avast is excellent.

 

Please install a firrewall - the XP one only stops incoming traffic and doesn't stop unwanted outgoing traffic.

We recommend the Free Commodo Firewall.

 

Potentially unwanted programs (PUP): MyWebSearch, Ask, and other toolbars were probably bundled with other programs and may slow your PC and/or track your browsing.

 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    [*]Check "YES, I accept the Terms of Use."

    [*]Click the Start button.

    [*]Accept any security warnings from your browser.

    [*]Under scan settings, check "Scan Archives" and "Remove found threats"

    [*]Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, click List Threats

    [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Click the Back button.

    [*]Click the Finish button.

Please let me know if you see any remaining problems...

Share this post


Link to post
Share on other sites

I am downloading Avast/Commodo now, would you recommend i delete the PUP apps in MBAM? heres the log:

 

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\63\40b3013f-155f13d0 Java/Exploit.Blacole.AN trojan deleted - quarantined

C:\Documents and Settings\Rachele\Application Data\Sun\Java\Deployment\cache\6.0\17\f17ac11-7ebc5553 multiple threats deleted - quarantined

C:\Documents and Settings\Rachele\Application Data\Sun\Java\Deployment\cache\6.0\23\35249897-4465ac58 multiple threats deleted - quarantined

C:\Documents and Settings\Rachele\Application Data\Sun\Java\Deployment\cache\6.0\42\3b8f0baa-585bd62f a variant of Java/TrojanDownloader.Agent.AD trojan deleted - quarantined

C:\Documents and Settings\Rachele\Application Data\Sun\Java\Deployment\cache\6.0\44\ebc5dac-32fc178a multiple threats deleted - quarantined

C:\Documents and Settings\Rachele\Local Settings\Temp\jar_cache5388144586252487028.tmp probably a variant of Java/TrojanDownloader.OpenStream.NCI trojan deleted - quarantined

C:\Documents and Settings\Rachele\Local Settings\Temp\Photo.class a variant of Java/TrojanDownloader.Agent.AD trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0004.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0006.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0007.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\25.03.2012_17.26.53\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\apkygjkf.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\athdcjpi.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\bcbeg.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\bcbeg.bak2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\bcbeg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\bcbeg.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\bcbeg.tmp Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\bvdlicdr.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\CmdLineExt03.dll probably a variant of Win32/Agent.GMDYZPF trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\dntkxxco.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\doojdlbo.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\edjkunno.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\eqyqclwp.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\hanefcir.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\hjfdjggx.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\hpqfjkxc.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\hvvcebop.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\igufyqrb.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\jmgysmxp.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\jxyhvuyi.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\kavjhpqg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\kitxwaue.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\knniwmpy.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\lflmpblr.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\mdnojivs.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\ndvakfeu.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\nhxqjrsl.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\omtiisyw.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\ooqjjgww.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\opaprqea.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\qixcvegt.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\qlstvfec.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\sccksvne.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\sktitykx.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\snngxrny.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\tocfehyr.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\toffcqgb.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\tsvqepxg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\usflakro.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\vbykfvvy.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\vjwarkvi.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\vnipgsyn.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\wddwdtoc.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\xqrlmvdr.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\yaudtkxg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\ybajqcbs.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\ykimvwqg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\ynbxodwg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\yphgusor.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\yrtjtauw.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\yyjohgmp.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\system32\yyvyqmpm.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\WINDOWS\Temp\jar_cache2679399629908082218.tmp a variant of Java/TrojanDownloader.Agent.NDR trojan deleted - quarantined

C:\WINDOWS\Temp\jar_cache289062250196441589.tmp a variant of Java/TrojanDownloader.Agent.NDR trojan deleted - quarantined

C:\WINDOWS\Temp\Main.class a variant of Java/Exploit.CVE-2011-3544.BF trojan cleaned by deleting - quarantined

Operating memory a variant of Win32/Spy.SpyEye.CA trojan

Share this post


Link to post
Share on other sites
would you recommend i delete the PUP apps in MBAM?

Yes, please have MBAM take care of any remaining PUPs. Surf only very cautiously until you have Avast installed, and do change your passwords.

 

Post the new MBAM log.

Share this post


Link to post
Share on other sites

1. Is there a popup blocker that blocks popups that IE doesnt catch and still pop up?

2. I got a message before that said virtual memory too low, im guessing its because im running avast now and i have a very slow machine

3. Heres the latest MBAM log with the PUP removed:

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.03.23.05

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Rachele :: TARIAN [administrator]

 

3/26/2012 2:49:58 PM

mbam-log-2012-03-26 (14-49-58).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 248975

Time elapsed: 34 minute(s), 16 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 6

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Share this post


Link to post
Share on other sites

Virtual memory refers to the swap file.

 

Please download MiniToolBox, save it to your desktop and run it.

 

Checkmark the following checkboxes:

  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Share this post


Link to post
Share on other sites

MiniToolBox by Farbar Version: 18-01-2012

Ran by Rachele(administrator) on 26-03-2012 at 16:52:08

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Boot Mode: Normal

***************************************************************************

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (03/25/2012 07:17:51 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (03/25/2012 06:41:43 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (03/25/2012 01:38:46 PM) (Source: Application Hang) (User: )

Description: Hanging application CorelReg.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (03/24/2012 06:31:28 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (03/24/2012 11:53:12 AM) (Source: Application Hang) (User: )

Description: Fault bucket 1180947459.

 

Error: (03/24/2012 11:52:41 AM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (03/24/2012 11:52:41 AM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (03/23/2012 09:15:28 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (03/23/2012 09:15:24 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (03/23/2012 09:15:24 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

 

System errors:

=============

Error: (03/25/2012 05:29:46 PM) (Source: Service Control Manager) (User: )

Description: The MCSTRM service failed to start due to the following error:

%%2

 

Error: (03/25/2012 05:29:46 PM) (Source: Service Control Manager) (User: )

Description: The Automatic LiveUpdate Scheduler service failed to start due to the following error:

%%3

 

Error: (03/25/2012 05:16:54 PM) (Source: Service Control Manager) (User: )

Description: The MCSTRM service failed to start due to the following error:

%%2

 

Error: (03/25/2012 05:16:54 PM) (Source: Service Control Manager) (User: )

Description: The Automatic LiveUpdate Scheduler service failed to start due to the following error:

%%3

 

Error: (03/25/2012 05:13:11 PM) (Source: Service Control Manager) (User: )

Description: The Application Management service terminated with the following error:

%%126

 

Error: (03/25/2012 05:13:11 PM) (Source: Service Control Manager) (User: )

Description: The Application Management service terminated with the following error:

%%126

 

Error: (03/25/2012 05:13:10 PM) (Source: Service Control Manager) (User: )

Description: The Application Management service terminated with the following error:

%%126

 

Error: (03/25/2012 05:13:10 PM) (Source: Service Control Manager) (User: )

Description: The Application Management service terminated with the following error:

%%126

 

Error: (03/25/2012 05:13:10 PM) (Source: Service Control Manager) (User: )

Description: The Application Management service terminated with the following error:

%%126

 

Error: (03/25/2012 05:13:10 PM) (Source: Service Control Manager) (User: )

Description: The Application Management service terminated with the following error:

%%126

 

 

Microsoft Office Sessions:

=========================

Error: (03/25/2012 07:17:51 PM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (03/25/2012 06:41:43 PM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (03/25/2012 01:38:46 PM) (Source: Application Hang)(User: )

Description: CorelReg.exe1.0.0.0hungapp0.0.0.000000000

 

Error: (03/24/2012 06:31:28 PM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (03/24/2012 11:53:12 AM) (Source: Application Hang)(User: )

Description: 1180947459

 

Error: (03/24/2012 11:52:41 AM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (03/24/2012 11:52:41 AM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (03/23/2012 09:15:28 PM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (03/23/2012 09:15:24 PM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

Error: (03/23/2012 09:15:24 PM) (Source: Application Hang)(User: )

Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 83%

Total physical RAM: 247.37 MB

Available physical RAM: 41.33 MB

Total Pagefile: 625.43 MB

Available Pagefile: 212.53 MB

Total Virtual: 2047.88 MB

Available Virtual: 1955.48 MB

 

========================= Partitions: =====================================

 

1 Drive c: () (Fixed) (Total:33.62 GB) (Free:9.54 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\TARIAN

 

Administrator Delaro Guest

HelpAssistant Rachele SUPPORT_388945a0

 

 

**** End of log ****

Share this post


Link to post
Share on other sites

You have very little memory compared to the 1 to 4 G seen nowadays. It is enough for XP but only marginal if you have many things running.

 

The usual directions for blocking popups?

Open Internet Explorer by clicking the Start button , and then clicking Internet Explorer.

Click the Tools button, click Pop-up Blocker, and then click Pop-up Blocker Settings.

Under Filter level, select '
High: Block all pop-ups
', and then click Close.

If you want to see pop-ups that are blocked when you have this setting turned on, hold down CTRL + ALT while the window opens.

But perhaps you already have it set that way? Please tell me what sites you see popups in with IE set to block all of them.

Share this post


Link to post
Share on other sites

You had

the internet redirects me to other sites still and my computers overall functionality has decreased

Would you say those things are now fixed?

 

Please run a complete scan with Avast and let me know if it finds anything.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0