Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spam email being sent from my account


  • This topic is locked This topic is locked
10 replies to this topic

#1 villadrivers

villadrivers

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 03 April 2012 - 10:25 AM

Hello

At wits end. Over the last month on multiple occasions spam email is being sent out in my name to people who are in my address book and to people who are NOT in my address book addressed from me. I have tried everything to stop this to no avail. My friends notify me when they get one of these spam emails because nothing shows up as being sent in my "sent" folder. I am using verizon netmail. I have changed the password, run scans, etc. What I don't get is how are emails being sent from me to people who are not in my address book and I don't even know them. The amount of spam I get everyday via verizon is ridiculous. I have contacted them but nothing ever happens. The emails that have gone out look to be disguised as a pharmacy company in Canada. Hopefully someone can help. I greatly appreciate it.

Edited by hamluis, 03 April 2012 - 10:54 AM.
No logs, moved from Malware Removal Logs to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,350 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:46 AM

Posted 03 April 2012 - 01:31 PM

Hello, most likely your computer has been Spoofed/Forged . Change your email password from another PC if possible.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



.I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 villadrivers

villadrivers
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 04 April 2012 - 04:40 PM

Thank you for your quick reply. I was able to run TDSSKILLER and I will supply the report below but everytime I ran ESET Online Scan it would get to about 99% and hang there for about 3 hours then the computer would restart itself. I did notice that each time it would find win32powerreg. Hope this helps.


14:40:43.0876 2368 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
14:40:45.0892 2368 ============================================================
14:40:45.0892 2368 Current date / time: 2012/04/03 14:40:45.0892
14:40:45.0892 2368 SystemInfo:
14:40:45.0892 2368
14:40:45.0892 2368 OS Version: 5.1.2600 ServicePack: 3.0
14:40:45.0892 2368 Product type: Workstation
14:40:45.0892 2368 ComputerName: COLLEEN
14:40:45.0908 2368 UserName: Home
14:40:45.0908 2368 Windows directory: C:\WINDOWS
14:40:45.0908 2368 System windows directory: C:\WINDOWS
14:40:45.0908 2368 Processor architecture: Intel x86
14:40:45.0908 2368 Number of processors: 1
14:40:45.0908 2368 Page size: 0x1000
14:40:45.0908 2368 Boot type: Normal boot
14:40:45.0908 2368 ============================================================
14:40:56.0689 2368 Drive \Device\Harddisk0\DR0 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:40:57.0330 2368 \Device\Harddisk0\DR0:
14:40:57.0455 2368 MBR used
14:40:57.0455 2368 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF7FDBD
14:40:59.0142 2368 Initialize success
14:40:59.0142 2368 ============================================================
14:41:05.0330 0520 ============================================================
14:41:05.0330 0520 Scan started
14:41:05.0330 0520 Mode: Manual;
14:41:05.0330 0520 ============================================================
14:41:05.0814 0520 Abiosdsk - ok
14:41:06.0033 0520 abp480n5 - ok
14:41:06.0486 0520 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:41:06.0533 0520 ACPI - ok
14:41:06.0861 0520 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:41:06.0892 0520 ACPIEC - ok
14:41:06.0955 0520 adpu160m - ok
14:41:07.0173 0520 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
14:41:07.0236 0520 aeaudio - ok
14:41:07.0455 0520 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:41:07.0517 0520 aec - ok
14:41:07.0611 0520 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:41:07.0720 0520 AFD - ok
14:41:07.0845 0520 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:41:07.0892 0520 agp440 - ok
14:41:08.0033 0520 Aha154x - ok
14:41:08.0173 0520 aic78u2 - ok
14:41:08.0455 0520 aic78xx - ok
14:41:09.0080 0520 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:41:09.0080 0520 Alerter - ok
14:41:09.0236 0520 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:41:09.0298 0520 ALG - ok
14:41:09.0423 0520 AliIde - ok
14:41:09.0486 0520 amsint - ok
14:41:09.0642 0520 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:41:09.0720 0520 AppMgmt - ok
14:41:09.0830 0520 asc - ok
14:41:09.0861 0520 asc3350p - ok
14:41:09.0970 0520 asc3550 - ok
14:41:10.0158 0520 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:41:10.0423 0520 aspnet_state - ok
14:41:10.0595 0520 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:41:10.0642 0520 AsyncMac - ok
14:41:10.0736 0520 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:41:10.0736 0520 atapi - ok
14:41:10.0830 0520 Atdisk - ok
14:41:10.0955 0520 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:41:10.0970 0520 Atmarpc - ok
14:41:11.0080 0520 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:41:11.0095 0520 AudioSrv - ok
14:41:11.0251 0520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:41:11.0298 0520 audstub - ok
14:41:12.0033 0520 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe
14:41:12.0970 0520 AVGIDSAgent - ok
14:41:13.0251 0520 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
14:41:13.0330 0520 AVGIDSDriver - ok
14:41:13.0408 0520 AVGIDSEH (f4050c31e6a83cf1e4cdc80d165f7f08) C:\WINDOWS\system32\DRIVERS\avgidsehx.sys
14:41:13.0408 0520 AVGIDSEH - ok
14:41:13.0501 0520 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
14:41:13.0501 0520 AVGIDSFilter - ok
14:41:13.0580 0520 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
14:41:13.0580 0520 AVGIDSShim - ok
14:41:13.0705 0520 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:41:13.0720 0520 Avgldx86 - ok
14:41:13.0783 0520 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:41:13.0814 0520 Avgmfx86 - ok
14:41:13.0861 0520 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:41:13.0876 0520 Avgrkx86 - ok
14:41:13.0970 0520 Avgtdix (b2fc9d4de6a2e57a4dfb5a11440c5b85) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:41:13.0986 0520 Avgtdix - ok
14:41:14.0126 0520 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
14:41:14.0142 0520 avgwd - ok
14:41:14.0220 0520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:41:14.0220 0520 Beep - ok
14:41:14.0330 0520 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:41:14.0392 0520 BITS - ok
14:41:14.0486 0520 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:41:14.0501 0520 Bonjour Service - ok
14:41:14.0580 0520 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:41:14.0580 0520 Browser - ok
14:41:14.0673 0520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:41:14.0673 0520 cbidf2k - ok
14:41:14.0736 0520 cd20xrnt - ok
14:41:14.0814 0520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:41:14.0814 0520 Cdaudio - ok
14:41:14.0892 0520 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:41:14.0923 0520 Cdfs - ok
14:41:14.0970 0520 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:41:14.0970 0520 Cdrom - ok
14:41:15.0001 0520 Changer - ok
14:41:15.0048 0520 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:41:15.0080 0520 CiSvc - ok
14:41:15.0189 0520 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:41:15.0189 0520 ClipSrv - ok
14:41:15.0267 0520 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:41:15.0314 0520 clr_optimization_v2.0.50727_32 - ok
14:41:15.0439 0520 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:41:15.0470 0520 clr_optimization_v4.0.30319_32 - ok
14:41:15.0501 0520 CmdIde - ok
14:41:15.0548 0520 COMSysApp - ok
14:41:15.0595 0520 Cpqarray - ok
14:41:15.0720 0520 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:41:15.0720 0520 CryptSvc - ok
14:41:15.0767 0520 dac2w2k - ok
14:41:15.0798 0520 dac960nt - ok
14:41:15.0892 0520 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:41:15.0923 0520 DcomLaunch - ok
14:41:16.0017 0520 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:41:16.0048 0520 Dhcp - ok
14:41:16.0111 0520 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:41:16.0111 0520 Disk - ok
14:41:16.0142 0520 dmadmin - ok
14:41:16.0283 0520 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:41:16.0330 0520 dmboot - ok
14:41:16.0392 0520 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:41:16.0408 0520 dmio - ok
14:41:16.0486 0520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:41:16.0486 0520 dmload - ok
14:41:16.0564 0520 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:41:16.0580 0520 dmserver - ok
14:41:16.0642 0520 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:41:16.0658 0520 DMusic - ok
14:41:16.0736 0520 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:41:16.0751 0520 Dnscache - ok
14:41:16.0830 0520 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:41:16.0845 0520 Dot3svc - ok
14:41:16.0892 0520 dpti2o - ok
14:41:16.0939 0520 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:41:16.0939 0520 drmkaud - ok
14:41:17.0033 0520 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:41:17.0048 0520 E100B - ok
14:41:17.0126 0520 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:41:17.0126 0520 EapHost - ok
14:41:17.0220 0520 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
14:41:17.0236 0520 EAPPkt - ok
14:41:17.0314 0520 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:41:17.0330 0520 ERSvc - ok
14:41:17.0392 0520 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:41:17.0408 0520 Eventlog - ok
14:41:17.0470 0520 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:41:17.0486 0520 EventSystem - ok
14:41:17.0564 0520 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:41:17.0564 0520 Fastfat - ok
14:41:17.0642 0520 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:41:17.0689 0520 FastUserSwitchingCompatibility - ok
14:41:17.0767 0520 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:41:17.0767 0520 Fdc - ok
14:41:17.0830 0520 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:41:17.0830 0520 Fips - ok
14:41:17.0892 0520 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:41:17.0892 0520 Flpydisk - ok
14:41:17.0939 0520 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:41:17.0955 0520 FltMgr - ok
14:41:18.0111 0520 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:41:18.0126 0520 FontCache3.0.0.0 - ok
14:41:18.0205 0520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:41:18.0205 0520 Fs_Rec - ok
14:41:18.0267 0520 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:41:18.0267 0520 Ftdisk - ok
14:41:18.0314 0520 GEARAspiWDM - ok
14:41:18.0376 0520 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:41:18.0392 0520 Gpc - ok
14:41:18.0455 0520 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:41:18.0470 0520 helpsvc - ok
14:41:18.0548 0520 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
14:41:18.0580 0520 HidServ - ok
14:41:18.0689 0520 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:41:18.0705 0520 hidusb - ok
14:41:18.0814 0520 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:41:18.0830 0520 hkmsvc - ok
14:41:18.0876 0520 hpn - ok
14:41:19.0408 0520 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:41:19.0423 0520 hpqcxs08 - ok
14:41:19.0517 0520 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:41:19.0517 0520 hpqddsvc - ok
14:41:19.0580 0520 HPSLPSVC (568e44f6dcfa173f3670172b69379891) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
14:41:19.0595 0520 HPSLPSVC - ok
14:41:19.0751 0520 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:41:19.0783 0520 HPZid412 - ok
14:41:19.0845 0520 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:41:19.0845 0520 HPZipr12 - ok
14:41:19.0923 0520 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:41:19.0923 0520 HPZius12 - ok
14:41:20.0001 0520 HSFHWBS2 (75ec3f101a68fded25ce1eda3215199f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
14:41:20.0033 0520 HSFHWBS2 - ok
14:41:20.0142 0520 HSF_DP (e756033d49d4a7cf44e0aa8dc95e9348) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:41:20.0189 0520 HSF_DP - ok
14:41:20.0283 0520 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:41:20.0376 0520 HTTP - ok
14:41:20.0470 0520 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:41:20.0486 0520 HTTPFilter - ok
14:41:20.0533 0520 i2omgmt - ok
14:41:20.0595 0520 i2omp - ok
14:41:20.0720 0520 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:41:20.0751 0520 i8042prt - ok
14:41:20.0939 0520 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:41:21.0033 0520 idsvc - ok
14:41:21.0126 0520 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
14:41:21.0173 0520 IHA_MessageCenter - ok
14:41:21.0267 0520 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:41:21.0267 0520 Imapi - ok
14:41:21.0361 0520 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:41:21.0361 0520 ImapiService - ok
14:41:21.0408 0520 ini910u - ok
14:41:21.0470 0520 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:41:21.0486 0520 IntelIde - ok
14:41:21.0564 0520 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:41:21.0564 0520 intelppm - ok
14:41:21.0673 0520 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
14:41:21.0673 0520 IntuitUpdateServiceV4 - ok
14:41:21.0751 0520 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:41:21.0767 0520 Ip6Fw - ok
14:41:21.0892 0520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:41:21.0892 0520 IpFilterDriver - ok
14:41:21.0970 0520 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:41:21.0986 0520 IpInIp - ok
14:41:22.0048 0520 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:41:22.0064 0520 IpNat - ok
14:41:22.0158 0520 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
14:41:22.0220 0520 iPod Service - ok
14:41:22.0283 0520 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:41:22.0298 0520 IPSec - ok
14:41:22.0361 0520 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:41:22.0376 0520 IRENUM - ok
14:41:22.0470 0520 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:41:22.0486 0520 isapnp - ok
14:41:22.0548 0520 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
14:41:22.0548 0520 JavaQuickStarterService - ok
14:41:22.0611 0520 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:41:22.0626 0520 Kbdclass - ok
14:41:22.0720 0520 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:41:22.0720 0520 kmixer - ok
14:41:22.0783 0520 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:41:22.0814 0520 KSecDD - ok
14:41:22.0923 0520 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:41:22.0955 0520 lanmanserver - ok
14:41:23.0048 0520 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:41:23.0080 0520 lanmanworkstation - ok
14:41:23.0126 0520 lbrtfdc - ok
14:41:23.0205 0520 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:41:23.0205 0520 LmHosts - ok
14:41:23.0251 0520 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
14:41:23.0267 0520 mbamchameleon - ok
14:41:23.0345 0520 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
14:41:23.0361 0520 MCSTRM - ok
14:41:23.0423 0520 mdmxsdk (aeb54ef22cb7c7e3f405f69f048d696c) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:41:23.0423 0520 mdmxsdk - ok
14:41:23.0501 0520 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:41:23.0501 0520 Messenger - ok
14:41:23.0580 0520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:41:23.0580 0520 mnmdd - ok
14:41:23.0673 0520 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:41:23.0673 0520 mnmsrvc - ok
14:41:23.0767 0520 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:41:23.0767 0520 Modem - ok
14:41:23.0830 0520 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:41:23.0845 0520 MODEMCSA - ok
14:41:23.0892 0520 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:41:23.0892 0520 Mouclass - ok
14:41:23.0986 0520 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:41:23.0986 0520 mouhid - ok
14:41:24.0048 0520 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:41:24.0064 0520 MountMgr - ok
14:41:24.0126 0520 mraid35x - ok
14:41:24.0189 0520 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:41:24.0189 0520 MRxDAV - ok
14:41:24.0314 0520 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:41:24.0345 0520 MRxSmb - ok
14:41:24.0408 0520 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:41:24.0439 0520 MSDTC - ok
14:41:24.0486 0520 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:41:24.0517 0520 Msfs - ok
14:41:24.0533 0520 MSIServer - ok
14:41:24.0595 0520 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:41:24.0595 0520 MSKSSRV - ok
14:41:24.0658 0520 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:41:24.0673 0520 MSPCLOCK - ok
14:41:24.0720 0520 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:41:24.0783 0520 MSPQM - ok
14:41:24.0861 0520 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:41:24.0892 0520 mssmbios - ok
14:41:24.0955 0520 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:41:24.0970 0520 Mup - ok
14:41:25.0080 0520 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:41:25.0111 0520 napagent - ok
14:41:25.0173 0520 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:41:25.0205 0520 NDIS - ok
14:41:25.0298 0520 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:41:25.0298 0520 NdisTapi - ok
14:41:25.0361 0520 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:41:25.0376 0520 Ndisuio - ok
14:41:25.0423 0520 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:41:25.0439 0520 NdisWan - ok
14:41:25.0501 0520 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:41:25.0533 0520 NDProxy - ok
14:41:25.0611 0520 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
14:41:25.0642 0520 Net Driver HPZ12 - ok
14:41:25.0705 0520 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:41:25.0736 0520 NetBIOS - ok
14:41:25.0783 0520 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:41:25.0798 0520 NetBT - ok
14:41:25.0892 0520 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:41:25.0908 0520 NetDDE - ok
14:41:25.0939 0520 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:41:25.0939 0520 NetDDEdsdm - ok
14:41:26.0001 0520 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:41:26.0033 0520 Netlogon - ok
14:41:26.0705 0520 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:41:26.0751 0520 Netman - ok
14:41:26.0923 0520 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:41:26.0923 0520 NetTcpPortSharing - ok
14:41:27.0095 0520 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:41:27.0111 0520 Nla - ok
14:41:27.0158 0520 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:41:27.0173 0520 Npfs - ok
14:41:27.0251 0520 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:41:27.0283 0520 Ntfs - ok
14:41:27.0345 0520 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:41:27.0361 0520 NtLmSsp - ok
14:41:27.0439 0520 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:41:27.0486 0520 NtmsSvc - ok
14:41:27.0564 0520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:41:27.0564 0520 Null - ok
14:41:27.0705 0520 nv (225e98ae20ac0a37ee2ab89a1596b0c1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:41:27.0798 0520 nv - ok
14:41:27.0876 0520 NVSvc (1b67a95f47c6ed78710b1c3b0cca8738) C:\WINDOWS\system32\nvsvc32.exe
14:41:27.0908 0520 NVSvc - ok
14:41:27.0970 0520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:41:27.0986 0520 NwlnkFlt - ok
14:41:28.0033 0520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:41:28.0033 0520 NwlnkFwd - ok
14:41:28.0126 0520 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:41:28.0126 0520 Parport - ok
14:41:28.0205 0520 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:41:28.0220 0520 PartMgr - ok
14:41:28.0298 0520 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:41:28.0298 0520 ParVdm - ok
14:41:28.0345 0520 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:41:28.0361 0520 PCI - ok
14:41:28.0408 0520 PCIDump - ok
14:41:28.0455 0520 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:41:28.0455 0520 PCIIde - ok
14:41:28.0501 0520 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:41:28.0517 0520 Pcmcia - ok
14:41:28.0564 0520 PDCOMP - ok
14:41:28.0626 0520 PDFRAME - ok
14:41:28.0673 0520 PDRELI - ok
14:41:28.0720 0520 PDRFRAME - ok
14:41:28.0767 0520 perc2 - ok
14:41:28.0798 0520 perc2hib - ok
14:41:28.0876 0520 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:41:28.0892 0520 PlugPlay - ok
14:41:28.0970 0520 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
14:41:28.0970 0520 Pml Driver HPZ12 - ok
14:41:29.0033 0520 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:41:29.0048 0520 PolicyAgent - ok
14:41:29.0095 0520 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:41:29.0111 0520 PptpMiniport - ok
14:41:29.0158 0520 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:41:29.0158 0520 ProtectedStorage - ok
14:41:29.0189 0520 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:41:29.0205 0520 PSched - ok
14:41:29.0236 0520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:41:29.0236 0520 Ptilink - ok
14:41:29.0283 0520 ql1080 - ok
14:41:29.0314 0520 Ql10wnt - ok
14:41:29.0345 0520 ql12160 - ok
14:41:29.0392 0520 ql1240 - ok
14:41:29.0423 0520 ql1280 - ok
14:41:29.0548 0520 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
14:41:29.0642 0520 RapportCerberus_34302 - ok
14:41:29.0720 0520 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
14:41:29.0783 0520 RapportEI - ok
14:41:29.0814 0520 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
14:41:33.0189 0520 RapportIaso - ok
14:41:33.0314 0520 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\WINDOWS\system32\Drivers\RapportKELL.sys
14:41:33.0314 0520 RapportKELL - ok
14:41:33.0439 0520 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
14:41:33.0470 0520 RapportMgmtService - ok
14:41:33.0501 0520 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
14:41:33.0533 0520 RapportPG - ok
14:41:33.0611 0520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:41:33.0626 0520 RasAcd - ok
14:41:33.0689 0520 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:41:33.0705 0520 RasAuto - ok
14:41:33.0767 0520 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:41:33.0783 0520 Rasl2tp - ok
14:41:33.0861 0520 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:41:33.0939 0520 RasMan - ok
14:41:34.0001 0520 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:41:34.0017 0520 RasPppoe - ok
14:41:34.0080 0520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:41:34.0095 0520 Raspti - ok
14:41:34.0158 0520 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:41:34.0173 0520 Rdbss - ok
14:41:34.0205 0520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:41:34.0220 0520 RDPCDD - ok
14:41:34.0283 0520 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:41:34.0314 0520 rdpdr - ok
14:41:34.0408 0520 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:41:34.0439 0520 RDPWD - ok
14:41:34.0517 0520 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:41:34.0533 0520 RDSessMgr - ok
14:41:34.0689 0520 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:41:34.0705 0520 redbook - ok
14:41:34.0783 0520 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:41:34.0814 0520 RemoteAccess - ok
14:41:34.0908 0520 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:41:34.0923 0520 RemoteRegistry - ok
14:41:34.0970 0520 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:41:34.0986 0520 RpcLocator - ok
14:41:35.0064 0520 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:41:35.0080 0520 RpcSs - ok
14:41:35.0158 0520 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:41:35.0158 0520 RSVP - ok
14:41:35.0251 0520 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
14:41:35.0267 0520 RTLWUSB - ok
14:41:35.0330 0520 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:41:35.0345 0520 SamSs - ok
14:41:35.0408 0520 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:41:35.0423 0520 SCardSvr - ok
14:41:35.0486 0520 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:41:35.0517 0520 Schedule - ok
14:41:35.0595 0520 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:41:35.0611 0520 Secdrv - ok
14:41:35.0673 0520 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:41:35.0689 0520 seclogon - ok
14:41:35.0736 0520 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:41:35.0751 0520 SENS - ok
14:41:35.0798 0520 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:41:35.0814 0520 serenum - ok
14:41:35.0861 0520 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:41:35.0861 0520 Serial - ok
14:41:35.0970 0520 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:41:35.0970 0520 Sfloppy - ok
14:41:36.0048 0520 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:41:36.0095 0520 SharedAccess - ok
14:41:36.0205 0520 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:41:36.0205 0520 ShellHWDetection - ok
14:41:36.0267 0520 Simbad - ok
14:41:36.0345 0520 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
14:41:36.0361 0520 SjyPkt - ok
14:41:36.0455 0520 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
14:41:36.0486 0520 smwdm - ok
14:41:36.0517 0520 Sparrow - ok
14:41:36.0611 0520 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:41:36.0611 0520 splitter - ok
14:41:36.0705 0520 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:41:36.0720 0520 Spooler - ok
14:41:36.0767 0520 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:41:36.0783 0520 sr - ok
14:41:36.0861 0520 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:41:36.0892 0520 srservice - ok
14:41:36.0986 0520 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:41:37.0033 0520 Srv - ok
14:41:37.0095 0520 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:41:37.0126 0520 SSDPSRV - ok
14:41:37.0220 0520 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:41:37.0251 0520 stisvc - ok
14:41:37.0345 0520 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:41:37.0376 0520 swenum - ok
14:41:37.0455 0520 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:41:37.0470 0520 swmidi - ok
14:41:37.0501 0520 SwPrv - ok
14:41:37.0548 0520 symc810 - ok
14:41:37.0611 0520 symc8xx - ok
14:41:37.0642 0520 sym_hi - ok
14:41:37.0705 0520 sym_u3 - ok
14:41:37.0767 0520 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:41:37.0783 0520 sysaudio - ok
14:41:37.0845 0520 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:41:37.0861 0520 SysmonLog - ok
14:41:37.0923 0520 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:41:37.0970 0520 TapiSrv - ok
14:41:38.0080 0520 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:41:38.0095 0520 Tcpip - ok
14:41:38.0158 0520 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:41:38.0173 0520 TDPIPE - ok
14:41:38.0236 0520 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:41:38.0236 0520 TDTCP - ok
14:41:38.0298 0520 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:41:38.0298 0520 TermDD - ok
14:41:38.0392 0520 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:41:38.0439 0520 TermService - ok
14:41:38.0564 0520 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:41:38.0564 0520 Themes - ok
14:41:38.0658 0520 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
14:41:38.0673 0520 TlntSvr - ok
14:41:38.0736 0520 TosIde - ok
14:41:38.0798 0520 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:41:38.0830 0520 TrkWks - ok
14:41:38.0908 0520 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:41:38.0923 0520 Udfs - ok
14:41:38.0970 0520 ultra - ok
14:41:39.0064 0520 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:41:39.0080 0520 Update - ok
14:41:39.0173 0520 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:41:39.0205 0520 upnphost - ok
14:41:39.0267 0520 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:41:39.0283 0520 UPS - ok
14:41:39.0314 0520 USBAAPL - ok
14:41:39.0392 0520 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:41:39.0392 0520 usbccgp - ok
14:41:39.0439 0520 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:41:39.0455 0520 usbehci - ok
14:41:39.0501 0520 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:41:39.0501 0520 usbhub - ok
14:41:39.0533 0520 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:41:39.0548 0520 usbprint - ok
14:41:39.0611 0520 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:41:39.0611 0520 usbscan - ok
14:41:39.0689 0520 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:41:39.0689 0520 USBSTOR - ok
14:41:39.0783 0520 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:41:39.0798 0520 usbuhci - ok
14:41:39.0892 0520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:41:39.0923 0520 VgaSave - ok
14:41:40.0001 0520 ViaIde - ok
14:41:40.0142 0520 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:41:40.0173 0520 VolSnap - ok
14:41:40.0361 0520 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:41:40.0408 0520 VSS - ok
14:41:40.0658 0520 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:41:40.0705 0520 W32Time - ok
14:41:40.0845 0520 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:41:40.0861 0520 Wanarp - ok
14:41:40.0970 0520 WDICA - ok
14:41:41.0189 0520 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:41:41.0220 0520 wdmaud - ok
14:41:41.0376 0520 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:41:41.0423 0520 WebClient - ok
14:41:41.0658 0520 winachsf (208ebc0a4e49315ac2386bb7d65cc90d) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:41:41.0830 0520 winachsf - ok
14:41:42.0173 0520 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:41:42.0267 0520 winmgmt - ok
14:41:42.0392 0520 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:41:42.0408 0520 WmdmPmSN - ok
14:41:42.0564 0520 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:41:42.0642 0520 Wmi - ok
14:41:42.0798 0520 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:41:42.0861 0520 WmiApSrv - ok
14:41:43.0486 0520 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:41:44.0189 0520 WPFFontCache_v0400 - ok
14:41:44.0470 0520 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:41:44.0548 0520 wscsvc - ok
14:41:44.0923 0520 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:41:45.0001 0520 wuauserv - ok
14:41:45.0455 0520 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:41:45.0486 0520 WudfPf - ok
14:41:45.0689 0520 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:41:45.0705 0520 WudfRd - ok
14:41:45.0861 0520 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:41:45.0876 0520 WudfSvc - ok
14:41:46.0048 0520 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:41:46.0126 0520 WZCSVC - ok
14:41:46.0298 0520 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:41:46.0314 0520 xmlprov - ok
14:41:46.0376 0520 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:41:47.0220 0520 \Device\Harddisk0\DR0 - ok
14:41:47.0267 0520 Boot (0x1200) (71d7124fbaccc6d268b14f23f6486e21) \Device\Harddisk0\DR0\Partition0
14:41:47.0330 0520 \Device\Harddisk0\DR0\Partition0 - ok
14:41:47.0408 0520 ============================================================
14:41:47.0408 0520 Scan finished
14:41:47.0408 0520 ============================================================
14:41:47.0439 0968 Detected object count: 0
14:41:47.0439 0968 Actual detected object count: 0
14:45:37.0923 2752 Deinitialize success

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,350 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:46 AM

Posted 04 April 2012 - 08:23 PM

Lets see if there is a ESET log..

The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start >> Run dialog box from the Start Menu on the desktop.



Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 villadrivers

villadrivers
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 06 April 2012 - 10:46 AM

This is what I found for the eset log:

ESETSmartInstaller@High as downloader log:
all ok

MBAM log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.06.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home :: COLLEEN [administrator]

4/6/2012 10:45:46 AM
mbam-log-2012-04-06 (10-45-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211453
Time elapsed: 8 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,350 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:46 AM

Posted 06 April 2012 - 11:38 AM

OK, the machine isclean.. If you changed the email passwoird they should stop in couple days..If not we'll reset the router.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#7 villadrivers

villadrivers
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 07 April 2012 - 12:12 PM

Sounds good. I appreciate the help. I will let you know if it happens again. Thanks again.

#8 villadrivers

villadrivers
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 21 April 2012 - 11:53 AM

Looks like it happened again. I was away for the week and a friend let me know that another spam email was sent out from my account to him.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,350 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:46 AM

Posted 22 April 2012 - 12:50 PM

Perhaps we should get a deeper look and see if there is something hidden.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#10 villadrivers

villadrivers
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 24 April 2012 - 11:36 AM

No problems with the DDS scan. I ran the GMER scan multiple times but each time it restarted the computer about 10-15 minutes into the scan. I posted the results in the new forum.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,350 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:46 AM

Posted 24 April 2012 - 02:04 PM

Looks good there,,
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users