Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacker? Virus? Spyware? Help me remove it!!!


  • Please log in to reply
14 replies to this topic

#1 notPCsavvy

notPCsavvy

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 19 June 2012 - 03:04 PM

Hi, I'm posting on this forum hoping someone on here can help me. There's a problem with my computer at work. I just started at this job and have noticed some problems with IE. I have run MalwareBytes twice in Safe Mode with no results returning to show of any problems.

Problem 1: on common webpages like news sites, that don't typically have any pop ups or anything I have a window that will pop up at the bottom right corner of my browser. It appears as one of those ad pop-ups that do open a new browser, but one that slides across the screen and has an X on the right top corner of the tiny window that pops up. The ad that appears also randomly changes every so often. It also closes when you close it but will later reappear when you open the browser or continue to surf the net.

Problem 2: not only is there a pop-up that always appears, every so often when clicking a link on a website the page will appear to load but then jump sites a few times redirecting the webpage to a completely unrelated website. Not too sure if these two things go hand in hand, but it appears that there is something seriously wrong with my browser!

Problem 3: the browser (IE) will constantly freeze and not close. Again, I'm not sure if this is a related problem or just another problem all together.


If someone can kindly write back with a step-by-step way to scan for whatever is causing this, and how to remove all threats it would be great. The computer is a work computer so removal of all threats on here is essential!

Thanks For Your Help In Advance!

Edited by hamluis, 20 June 2012 - 08:48 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 43,094 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:17 AM

Posted 19 June 2012 - 03:18 PM

Well...IMO, any existing problems with a work system...should be brought to the immediate attention of IT personnel.

The fact that you are new and the problems existed when you took over the system...merely emphasizes proper reporting.

Since the system is probably part of a domain...this should have been done ASAP.

Louis

#3 notPCsavvy

notPCsavvy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 20 June 2012 - 08:07 AM

Well...IMO, any existing problems with a work system...should be brought to the immediate attention of IT personnel.

The fact that you are new and the problems existed when you took over the system...merely emphasizes proper reporting.

Since the system is probably part of a domain...this should have been done ASAP.

Louis



I agree with you completely! Unfortunately we don't have an IT dept or else they would have been on it by now. My boss highly recommended this site and said he even paid the last person who helped him remove any problems he had. He did mention buying a new computer, however I think someone on this site can help me fix the problem so it would make my time here until he bought a new computer better. I don't even like checking my email at work because I'm worried something may be tracking my browser.

It appears to only have infected IE. This computer only has Safari and IE but I don't really use Safari much. The few times I have I haven't noticed any of the problems I mentioned above.

EDIT: I'm also not sure if the computers here are linked up together as part of a domain. Not sure if that makes much of a difference with my problem? The other 3 computers appear to be working fine as far as I'm aware. Its not a huge office.

Edited by notPCsavvy, 20 June 2012 - 08:11 AM.


#4 George127

George127

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 20 June 2012 - 08:26 AM

If your boss wants you to fix the problem I would suggest the following steps.

1. If you are running IE8 go into the control panel, add and remove and remove IE8. That will return the computer to the previous IE installed.

2. If that doesn't solve the problem download and install Firefox and see if that solves the issue.

3. Download and install Ccleaner and SpyBot Search and Destroy and run those programs. You can download both from www.download.com

#5 notPCsavvy

notPCsavvy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 20 June 2012 - 08:42 AM

If your boss wants you to fix the problem I would suggest the following steps.

1. If you are running IE8 go into the control panel, add and remove and remove IE8. That will return the computer to the previous IE installed.

2. If that doesn't solve the problem download and install Firefox and see if that solves the issue.

3. Download and install Ccleaner and SpyBot Search and Destroy and run those programs. You can download both from www.download.com



Thanks for your advice. Although I see that you are a member like myself and I am wondering if this will be adequate enough to solve for my problem. I have no idea whether this is a virus, spyware, malware, browser hijacker etc. I'm not 100% computer literate but I was told by someone to be careful if I try to remove the virus or whatever myself because if I do not do it properly it can reroute itself somewhere further embedding itself in the system?
I don't know if this is true or not but I'm skeptical to try removing anything unless someone is experienced with this sort of thing.

I ran Malwarebytes twice in safe mode no results. I also downloaded CCleaner and removed what it suggested but that didn't fix anything either. I already thought about removing IE and redownloading it hoping that it will remove whatever problem is on here but I'm not sure that it will. I know some programs sometimes don't fully delete themselves from a system when you remove them.

#6 notPCsavvy

notPCsavvy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 20 June 2012 - 01:22 PM

So while awaiting a reply on here I decided to run Malwarebytes in Safemode yet again, hoping to catch something... It did catch 1 threat. It prompted me to remove it, and said that it had been safely removed. The only problem is that it obviously was not removed because the pop-ups still appear! What's even more frustrating is that another scan in Safemode no longer detects any threats like before.

I can copy and paste a copy of the Malwarebytes log if needed but now when hovering over the pop-up ad with the mouse it displays a URL, whereas before it would only display the current webpages URL while hovering over the ad.

The URL it shows is: http://adserving.cpxinteractive.com/clk?3,eJytkFtrg

(the ending half of the URL is just a bunch of random letters and numbers and doesn't display the same link when right clicking over the ad and displaying its properties)

*Hopefully this additional info will be of help*

Edited by notPCsavvy, 20 June 2012 - 01:23 PM.


#7 George127

George127

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 20 June 2012 - 02:55 PM

Yes I am a member as you are and own my own computer repair business and have been repairing them for 20yrs. Have you updated Malwarebytes before you run it, it helps greatly if you have the latest updates. Have you tried switching to Firefox, have you downloaded and ran SpyBot?

#8 George127

George127

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 20 June 2012 - 03:29 PM

Is there a antivirus program on the computer, if not I suggest you install one and run it.

#9 notPCsavvy

notPCsavvy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 20 June 2012 - 05:27 PM

Yes I am a member as you are and own my own computer repair business and have been repairing them for 20yrs. Have you updated Malwarebytes before you run it, it helps greatly if you have the latest updates. Have you tried switching to Firefox, have you downloaded and ran SpyBot?

Is there a antivirus program on the computer, if not I suggest you install one and run it.



Yes I have updated Malwarebytes before I scan. And when I have scanned it has been in safe mode. I have heard of SpyBot but my boss strongly urged me not to continue to try and remove it on my own and seek help from moderators on this site. His reasoning behind this is because he used the site before and had to follow step-by-step instructions to remove whatever problem he had and noted that running certain programs in a certain order was necessary to ensure the threat was gone. If Malwarebytes has found and then not found this threat many times already I think that this removal will take a lot more effort than just trying to run Spybot.

There is no antivirus on the computer. Stupid I know but even after requesting that maybe we look into getting an antivirus the answer I got was "I've tried for years to find one that is compatible with the softwares our company uses but it doesn't seem to work. Every antivirus I've tried messes with the other programs and I can't/don't have the time or patience to sit there and refigure out everything."

Antivirus is not possible. My boss won't do it. He would rather replace the computer than install an antivirus, its an XP Home Edition computer. Removing the problem would just mean that reading the news online at work would be possible without these annoying pop-ups and browser redirects!

The computer has Safari and IE. Safari appears to function unaffected. IE on the other hand is not working properly. I prefer not to just download Firefox and start using that (all I use at home is Firefox) just because if something is tracking keystrokes or webpage visits etc. My computer at work will still be affected....

Edited by notPCsavvy, 20 June 2012 - 05:29 PM.


#10 notPCsavvy

notPCsavvy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 25 June 2012 - 08:25 AM

*bump* anyone have any advice....?

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:17 AM

Posted 25 June 2012 - 10:37 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

MiniToolBox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#12 notPCsavvy

notPCsavvy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 25 June 2012 - 02:14 PM

1. TDSSKiller Log Results

14:09:03.0312 2972 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
14:09:03.0640 2972 ============================================================
14:09:03.0640 2972 Current date / time: 2012/06/25 14:09:03.0640
14:09:03.0640 2972 SystemInfo:
14:09:03.0640 2972
14:09:03.0640 2972 OS Version: 5.1.2600 ServicePack: 3.0
14:09:03.0640 2972 Product type: Workstation
14:09:03.0640 2972 ComputerName: ACCOUNTING
14:09:03.0640 2972 UserName: User1
14:09:03.0640 2972 Windows directory: C:\WINDOWS
14:09:03.0640 2972 System windows directory: C:\WINDOWS
14:09:03.0640 2972 Processor architecture: Intel x86
14:09:03.0640 2972 Number of processors: 1
14:09:03.0640 2972 Page size: 0x1000
14:09:03.0640 2972 Boot type: Normal boot
14:09:03.0640 2972 ============================================================
14:09:04.0812 2972 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:09:04.0828 2972 Drive \Device\Harddisk3\DR6 - Size: 0x775F8000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:09:04.0828 2972 ============================================================
14:09:04.0828 2972 \Device\Harddisk0\DR0:
14:09:04.0828 2972 MBR partitions:
14:09:04.0828 2972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1384C7A, BlocksNum 0x8ACE664
14:09:04.0828 2972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9E532DE, BlocksNum 0x8BC57E3
14:09:04.0828 2972 \Device\Harddisk3\DR6:
14:09:04.0828 2972 MBR partitions:
14:09:04.0828 2972 \Device\Harddisk3\DR6\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3BAD41
14:09:04.0828 2972 ============================================================
14:09:04.0921 2972 C: <-> \Device\Harddisk0\DR0\Partition0
14:09:04.0953 2972 D: <-> \Device\Harddisk0\DR0\Partition1
14:09:04.0953 2972 ============================================================
14:09:04.0953 2972 Initialize success
14:09:04.0953 2972 ============================================================
14:09:34.0890 3956 ============================================================
14:09:34.0890 3956 Scan started
14:09:34.0890 3956 Mode: Manual; TDLFS;
14:09:34.0890 3956 ============================================================
14:09:35.0203 3956 Abiosdsk - ok
14:09:35.0218 3956 abp480n5 - ok
14:09:35.0250 3956 ACPI (ea38c961260f29295c6d03070fa9d0b5) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:09:35.0250 3956 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: ea38c961260f29295c6d03070fa9d0b5, Fake md5: 8fd99680a539792a30e97944fdaecf17
14:09:35.0250 3956 ACPI ( Virus.Win32.Rloader.a ) - infected
14:09:35.0250 3956 ACPI - detected Virus.Win32.Rloader.a (0)
14:09:35.0296 3956 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:09:35.0296 3956 ACPIEC - ok
14:09:35.0296 3956 adpu160m - ok
14:09:35.0328 3956 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:09:35.0343 3956 aec - ok
14:09:35.0390 3956 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:09:35.0406 3956 AFD - ok
14:09:35.0437 3956 AgereModemAudio (8ed60797908fd394eee0d6949f493224) C:\WINDOWS\system32\agrsmsvc.exe
14:09:35.0437 3956 AgereModemAudio - ok
14:09:35.0500 3956 AgereSoftModem (baf68dcba949633df0c16d37af2a2351) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:09:35.0531 3956 AgereSoftModem - ok
14:09:35.0546 3956 Aha154x - ok
14:09:35.0562 3956 aic78u2 - ok
14:09:35.0578 3956 aic78xx - ok
14:09:35.0609 3956 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:09:35.0609 3956 Alerter - ok
14:09:35.0640 3956 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:09:35.0640 3956 ALG - ok
14:09:35.0656 3956 AliIde - ok
14:09:35.0671 3956 amsint - ok
14:09:35.0765 3956 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:09:35.0765 3956 Apple Mobile Device - ok
14:09:35.0781 3956 AppMgmt - ok
14:09:35.0796 3956 asc - ok
14:09:35.0812 3956 asc3350p - ok
14:09:35.0812 3956 asc3550 - ok
14:09:35.0906 3956 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:09:35.0921 3956 aspnet_state - ok
14:09:35.0968 3956 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:09:35.0968 3956 AsyncMac - ok
14:09:36.0000 3956 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:09:36.0000 3956 atapi - ok
14:09:36.0015 3956 Atdisk - ok
14:09:36.0031 3956 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:09:36.0031 3956 Atmarpc - ok
14:09:36.0078 3956 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:09:36.0078 3956 AudioSrv - ok
14:09:36.0109 3956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:09:36.0109 3956 audstub - ok
14:09:36.0140 3956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:09:36.0140 3956 Beep - ok
14:09:36.0203 3956 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:09:36.0218 3956 BITS - ok
14:09:36.0296 3956 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:09:36.0296 3956 Bonjour Service - ok
14:09:36.0343 3956 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:09:36.0343 3956 Browser - ok
14:09:36.0390 3956 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
14:09:36.0390 3956 BrScnUsb - ok
14:09:36.0421 3956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:09:36.0421 3956 cbidf2k - ok
14:09:36.0437 3956 cd20xrnt - ok
14:09:36.0453 3956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:09:36.0453 3956 Cdaudio - ok
14:09:36.0484 3956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:09:36.0484 3956 Cdfs - ok
14:09:36.0515 3956 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:09:36.0515 3956 Cdrom - ok
14:09:36.0531 3956 Changer - ok
14:09:36.0578 3956 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:09:36.0578 3956 CiSvc - ok
14:09:36.0609 3956 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:09:36.0609 3956 ClipSrv - ok
14:09:36.0687 3956 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:09:36.0734 3956 clr_optimization_v2.0.50727_32 - ok
14:09:36.0750 3956 CmdIde - ok
14:09:36.0765 3956 COMSysApp - ok
14:09:36.0781 3956 Cpqarray - ok
14:09:36.0812 3956 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:09:36.0812 3956 CryptSvc - ok
14:09:36.0828 3956 dac2w2k - ok
14:09:36.0843 3956 dac960nt - ok
14:09:36.0906 3956 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:09:36.0906 3956 DcomLaunch - ok
14:09:36.0953 3956 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:09:36.0968 3956 Dhcp - ok
14:09:37.0000 3956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:09:37.0000 3956 Disk - ok
14:09:37.0015 3956 dmadmin - ok
14:09:37.0062 3956 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:09:37.0078 3956 dmboot - ok
14:09:37.0125 3956 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:09:37.0125 3956 dmio - ok
14:09:37.0140 3956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:09:37.0140 3956 dmload - ok
14:09:37.0171 3956 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:09:37.0171 3956 dmserver - ok
14:09:37.0203 3956 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:09:37.0203 3956 DMusic - ok
14:09:37.0250 3956 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:09:37.0250 3956 Dnscache - ok
14:09:37.0281 3956 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:09:37.0281 3956 Dot3svc - ok
14:09:37.0296 3956 dpti2o - ok
14:09:37.0328 3956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:09:37.0328 3956 drmkaud - ok
14:09:37.0359 3956 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:09:37.0375 3956 EapHost - ok
14:09:37.0406 3956 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:09:37.0406 3956 ERSvc - ok
14:09:37.0453 3956 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:09:37.0453 3956 Eventlog - ok
14:09:37.0500 3956 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:09:37.0515 3956 EventSystem - ok
14:09:37.0546 3956 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:09:37.0562 3956 Fastfat - ok
14:09:37.0593 3956 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:09:37.0593 3956 FastUserSwitchingCompatibility - ok
14:09:37.0640 3956 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
14:09:37.0656 3956 Fax - ok
14:09:37.0687 3956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:09:37.0687 3956 Fdc - ok
14:09:37.0703 3956 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:09:37.0703 3956 Fips - ok
14:09:37.0703 3956 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:09:37.0703 3956 Flpydisk - ok
14:09:37.0734 3956 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:09:37.0734 3956 FltMgr - ok
14:09:37.0812 3956 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:09:37.0812 3956 FontCache3.0.0.0 - ok
14:09:37.0828 3956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:09:37.0828 3956 Fs_Rec - ok
14:09:37.0859 3956 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:09:37.0859 3956 Ftdisk - ok
14:09:38.0000 3956 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
14:09:38.0000 3956 GameConsoleService - ok
14:09:38.0031 3956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:09:38.0031 3956 GEARAspiWDM - ok
14:09:38.0062 3956 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:09:38.0062 3956 Gpc - ok
14:09:38.0093 3956 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:09:38.0093 3956 HDAudBus - ok
14:09:38.0140 3956 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:09:38.0140 3956 helpsvc - ok
14:09:38.0156 3956 HidServ - ok
14:09:38.0203 3956 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:09:38.0203 3956 HidUsb - ok
14:09:38.0218 3956 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:09:38.0234 3956 hkmsvc - ok
14:09:38.0234 3956 hpn - ok
14:09:38.0281 3956 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:09:38.0296 3956 HPZid412 - ok
14:09:38.0312 3956 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:09:38.0312 3956 HPZipr12 - ok
14:09:38.0359 3956 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:09:38.0359 3956 HPZius12 - ok
14:09:38.0421 3956 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:09:38.0421 3956 HTTP - ok
14:09:38.0468 3956 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:09:38.0468 3956 HTTPFilter - ok
14:09:38.0484 3956 i2omgmt - ok
14:09:38.0500 3956 i2omp - ok
14:09:38.0531 3956 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:09:38.0546 3956 i8042prt - ok
14:09:38.0671 3956 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:09:38.0703 3956 idsvc - ok
14:09:38.0734 3956 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:09:38.0734 3956 Imapi - ok
14:09:38.0781 3956 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:09:38.0796 3956 ImapiService - ok
14:09:38.0812 3956 ini910u - ok
14:09:38.0890 3956 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
14:09:38.0890 3956 int15.sys - ok
14:09:39.0093 3956 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:09:39.0203 3956 IntcAzAudAddService - ok
14:09:39.0296 3956 IntelIde - ok
14:09:39.0312 3956 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:09:39.0312 3956 Ip6Fw - ok
14:09:39.0343 3956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:09:39.0343 3956 IpFilterDriver - ok
14:09:39.0390 3956 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:09:39.0390 3956 IpInIp - ok
14:09:39.0406 3956 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:09:39.0421 3956 IpNat - ok
14:09:39.0500 3956 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
14:09:39.0531 3956 iPod Service - ok
14:09:39.0546 3956 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:09:39.0546 3956 IPSec - ok
14:09:39.0593 3956 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:09:39.0593 3956 IRENUM - ok
14:09:39.0625 3956 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:09:39.0625 3956 isapnp - ok
14:09:39.0718 3956 JavaQuickStarterService (11c3efb4bac41175d03b1595db1a4a4f) C:\Program Files\Java\jre6\bin\jqs.exe
14:09:39.0718 3956 JavaQuickStarterService - ok
14:09:39.0750 3956 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:09:39.0750 3956 Kbdclass - ok
14:09:39.0781 3956 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:09:39.0781 3956 kmixer - ok
14:09:39.0828 3956 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:09:39.0828 3956 KSecDD - ok
14:09:39.0875 3956 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:09:39.0875 3956 LanmanServer - ok
14:09:39.0921 3956 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:09:39.0921 3956 lanmanworkstation - ok
14:09:39.0937 3956 lbrtfdc - ok
14:09:40.0046 3956 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:09:40.0046 3956 LightScribeService - ok
14:09:40.0078 3956 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:09:40.0078 3956 LmHosts - ok
14:09:40.0156 3956 MatSvc (9f04b1edc2dca29bbea94f37dacb55b7) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
14:09:40.0171 3956 MatSvc - ok
14:09:40.0218 3956 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys
14:09:40.0218 3956 mbamchameleon - ok
14:09:40.0250 3956 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:09:40.0250 3956 Messenger - ok
14:09:40.0281 3956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:09:40.0281 3956 mnmdd - ok
14:09:40.0312 3956 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:09:40.0312 3956 mnmsrvc - ok
14:09:40.0343 3956 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:09:40.0343 3956 Modem - ok
14:09:40.0375 3956 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:09:40.0375 3956 Mouclass - ok
14:09:40.0406 3956 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:09:40.0406 3956 mouhid - ok
14:09:40.0437 3956 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:09:40.0437 3956 MountMgr - ok
14:09:40.0453 3956 mraid35x - ok
14:09:40.0500 3956 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:09:40.0515 3956 MRxDAV - ok
14:09:40.0562 3956 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:09:40.0593 3956 MRxSmb - ok
14:09:40.0625 3956 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:09:40.0625 3956 MSDTC - ok
14:09:40.0640 3956 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:09:40.0640 3956 Msfs - ok
14:09:40.0656 3956 MSIServer - ok
14:09:40.0687 3956 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:09:40.0687 3956 MSKSSRV - ok
14:09:40.0718 3956 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:09:40.0718 3956 MSPCLOCK - ok
14:09:40.0750 3956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:09:40.0750 3956 MSPQM - ok
14:09:40.0781 3956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:09:40.0781 3956 mssmbios - ok
14:09:40.0812 3956 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:09:40.0812 3956 Mup - ok
14:09:40.0859 3956 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:09:40.0875 3956 napagent - ok
14:09:40.0906 3956 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:09:40.0921 3956 NDIS - ok
14:09:40.0953 3956 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:09:40.0953 3956 NdisTapi - ok
14:09:40.0968 3956 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:09:40.0968 3956 Ndisuio - ok
14:09:40.0984 3956 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:09:41.0000 3956 NdisWan - ok
14:09:41.0031 3956 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:09:41.0031 3956 NDProxy - ok
14:09:41.0062 3956 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:09:41.0062 3956 NetBIOS - ok
14:09:41.0078 3956 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:09:41.0078 3956 NetBT - ok
14:09:41.0125 3956 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:09:41.0125 3956 NetDDE - ok
14:09:41.0140 3956 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:09:41.0140 3956 NetDDEdsdm - ok
14:09:41.0171 3956 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:09:41.0171 3956 Netlogon - ok
14:09:41.0203 3956 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:09:41.0218 3956 Netman - ok
14:09:41.0328 3956 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:09:41.0328 3956 NetTcpPortSharing - ok
14:09:41.0375 3956 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:09:41.0390 3956 Nla - ok
14:09:41.0421 3956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:09:41.0421 3956 Npfs - ok
14:09:41.0468 3956 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:09:41.0484 3956 Ntfs - ok
14:09:41.0531 3956 NTIDrvr (5535174933a08bb8f1cee26dffb930e4) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
14:09:41.0531 3956 NTIDrvr - ok
14:09:41.0546 3956 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:09:41.0546 3956 NtLmSsp - ok
14:09:41.0593 3956 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:09:41.0625 3956 NtmsSvc - ok
14:09:41.0656 3956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:09:41.0656 3956 Null - ok
14:09:41.0921 3956 nv (8e6c08918dd6af8403cc24969582761a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:09:42.0078 3956 nv - ok
14:09:42.0187 3956 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:09:42.0187 3956 NVENETFD - ok
14:09:42.0203 3956 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:09:42.0203 3956 nvnetbus - ok
14:09:42.0250 3956 NVSvc (7e5b3be5dcd54bbb44b0c7db7bd3ec8f) C:\WINDOWS\system32\nvsvc32.exe
14:09:42.0250 3956 NVSvc - ok
14:09:42.0281 3956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:09:42.0281 3956 NwlnkFlt - ok
14:09:42.0312 3956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:09:42.0312 3956 NwlnkFwd - ok
14:09:42.0421 3956 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:09:42.0437 3956 odserv - ok
14:09:42.0484 3956 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:09:42.0500 3956 ose - ok
14:09:42.0546 3956 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:09:42.0546 3956 Parport - ok
14:09:42.0578 3956 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:09:42.0578 3956 PartMgr - ok
14:09:42.0609 3956 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:09:42.0609 3956 ParVdm - ok
14:09:42.0625 3956 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:09:42.0625 3956 PCI - ok
14:09:42.0656 3956 PCIDump - ok
14:09:42.0656 3956 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:09:42.0671 3956 PCIIde - ok
14:09:42.0703 3956 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:09:42.0703 3956 Pcmcia - ok
14:09:42.0718 3956 PDCOMP - ok
14:09:42.0734 3956 PDFRAME - ok
14:09:42.0734 3956 PDRELI - ok
14:09:42.0750 3956 PDRFRAME - ok
14:09:42.0765 3956 perc2 - ok
14:09:42.0781 3956 perc2hib - ok
14:09:42.0843 3956 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:09:42.0843 3956 PlugPlay - ok
14:09:42.0890 3956 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
14:09:42.0906 3956 Pml Driver HPZ12 - ok
14:09:42.0937 3956 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:09:42.0937 3956 PolicyAgent - ok
14:09:42.0968 3956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:09:42.0984 3956 PptpMiniport - ok
14:09:43.0000 3956 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:09:43.0000 3956 Processor - ok
14:09:43.0015 3956 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:09:43.0015 3956 ProtectedStorage - ok
14:09:43.0046 3956 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:09:43.0046 3956 PSched - ok
14:09:43.0062 3956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:09:43.0062 3956 Ptilink - ok
14:09:43.0078 3956 ql1080 - ok
14:09:43.0078 3956 Ql10wnt - ok
14:09:43.0093 3956 ql12160 - ok
14:09:43.0109 3956 ql1240 - ok
14:09:43.0125 3956 ql1280 - ok
14:09:43.0140 3956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:09:43.0140 3956 RasAcd - ok
14:09:43.0187 3956 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:09:43.0187 3956 RasAuto - ok
14:09:43.0218 3956 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:09:43.0218 3956 Rasl2tp - ok
14:09:43.0250 3956 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:09:43.0265 3956 RasMan - ok
14:09:43.0281 3956 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:09:43.0281 3956 RasPppoe - ok
14:09:43.0296 3956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:09:43.0296 3956 Raspti - ok
14:09:43.0343 3956 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:09:43.0359 3956 Rdbss - ok
14:09:43.0375 3956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:09:43.0375 3956 RDPCDD - ok
14:09:43.0437 3956 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
14:09:43.0453 3956 RDPWD - ok
14:09:43.0500 3956 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:09:43.0500 3956 RDSessMgr - ok
14:09:43.0546 3956 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:09:43.0546 3956 redbook - ok
14:09:43.0578 3956 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:09:43.0593 3956 RemoteAccess - ok
14:09:43.0703 3956 RichVideo (06a49b7bdc36cfbf97dd90804f833369) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
14:09:43.0718 3956 RichVideo - ok
14:09:43.0765 3956 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:09:43.0765 3956 RpcLocator - ok
14:09:43.0812 3956 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:09:43.0828 3956 RpcSs - ok
14:09:43.0859 3956 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:09:43.0875 3956 RSVP - ok
14:09:43.0890 3956 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:09:43.0890 3956 SamSs - ok
14:09:43.0937 3956 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:09:43.0937 3956 SCardSvr - ok
14:09:43.0968 3956 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:09:43.0984 3956 Schedule - ok
14:09:44.0046 3956 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:09:44.0046 3956 Secdrv - ok
14:09:44.0093 3956 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:09:44.0093 3956 seclogon - ok
14:09:44.0109 3956 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:09:44.0125 3956 SENS - ok
14:09:44.0140 3956 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:09:44.0140 3956 Serial - ok
14:09:44.0187 3956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:09:44.0187 3956 Sfloppy - ok
14:09:44.0234 3956 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:09:44.0250 3956 SharedAccess - ok
14:09:44.0281 3956 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:09:44.0281 3956 ShellHWDetection - ok
14:09:44.0296 3956 Simbad - ok
14:09:44.0312 3956 Sparrow - ok
14:09:44.0343 3956 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:09:44.0343 3956 splitter - ok
14:09:44.0390 3956 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:09:44.0390 3956 Spooler - ok
14:09:44.0421 3956 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:09:44.0421 3956 sr - ok
14:09:44.0453 3956 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:09:44.0468 3956 srservice - ok
14:09:44.0515 3956 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:09:44.0515 3956 Srv - ok
14:09:44.0546 3956 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:09:44.0546 3956 SSDPSRV - ok
14:09:44.0593 3956 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:09:44.0593 3956 stisvc - ok
14:09:44.0640 3956 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:09:44.0640 3956 swenum - ok
14:09:44.0687 3956 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:09:44.0687 3956 swmidi - ok
14:09:44.0703 3956 SwPrv - ok
14:09:44.0703 3956 symc810 - ok
14:09:44.0718 3956 symc8xx - ok
14:09:44.0734 3956 SymIM - ok
14:09:44.0750 3956 SymIMMP - ok
14:09:44.0750 3956 sym_hi - ok
14:09:44.0765 3956 sym_u3 - ok
14:09:44.0796 3956 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:09:44.0796 3956 sysaudio - ok
14:09:44.0843 3956 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:09:44.0843 3956 SysmonLog - ok
14:09:44.0890 3956 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:09:44.0890 3956 TapiSrv - ok
14:09:44.0953 3956 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:09:44.0968 3956 Tcpip - ok
14:09:45.0015 3956 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:09:45.0015 3956 TDPIPE - ok
14:09:45.0031 3956 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:09:45.0031 3956 TDTCP - ok
14:09:45.0046 3956 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:09:45.0046 3956 TermDD - ok
14:09:45.0093 3956 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:09:45.0109 3956 TermService - ok
14:09:45.0156 3956 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:09:45.0156 3956 Themes - ok
14:09:45.0171 3956 TosIde - ok
14:09:45.0203 3956 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:09:45.0218 3956 TrkWks - ok
14:09:45.0250 3956 UBHelper (5e3966a0d9b57531264fc0c835021fa1) C:\WINDOWS\system32\drivers\UBHelper.sys
14:09:45.0250 3956 UBHelper - ok
14:09:45.0281 3956 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:09:45.0281 3956 Udfs - ok
14:09:45.0296 3956 ultra - ok
14:09:45.0328 3956 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:09:45.0343 3956 Update - ok
14:09:45.0390 3956 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:09:45.0406 3956 upnphost - ok
14:09:45.0421 3956 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:09:45.0421 3956 UPS - ok
14:09:45.0468 3956 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:09:45.0468 3956 USBAAPL - ok
14:09:45.0515 3956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:09:45.0515 3956 usbccgp - ok
14:09:45.0546 3956 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:09:45.0562 3956 usbehci - ok
14:09:45.0593 3956 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:09:45.0593 3956 usbhub - ok
14:09:45.0609 3956 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:09:45.0609 3956 usbohci - ok
14:09:45.0640 3956 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:09:45.0640 3956 usbprint - ok
14:09:45.0687 3956 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:09:45.0687 3956 usbscan - ok
14:09:45.0703 3956 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:09:45.0703 3956 USBSTOR - ok
14:09:45.0718 3956 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:09:45.0718 3956 VgaSave - ok
14:09:45.0734 3956 ViaIde - ok
14:09:45.0750 3956 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:09:45.0750 3956 VolSnap - ok
14:09:45.0796 3956 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:09:45.0812 3956 VSS - ok
14:09:45.0859 3956 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:09:45.0875 3956 W32Time - ok
14:09:45.0890 3956 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:09:45.0890 3956 Wanarp - ok
14:09:45.0890 3956 WDICA - ok
14:09:45.0921 3956 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:09:45.0937 3956 wdmaud - ok
14:09:45.0953 3956 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:09:45.0968 3956 WebClient - ok
14:09:46.0031 3956 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:09:46.0031 3956 winmgmt - ok
14:09:46.0093 3956 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
14:09:46.0093 3956 WmdmPmSN - ok
14:09:46.0125 3956 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:09:46.0125 3956 WmiAcpi - ok
14:09:46.0156 3956 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:09:46.0156 3956 WmiApSrv - ok
14:09:46.0203 3956 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:09:46.0218 3956 wscsvc - ok
14:09:46.0234 3956 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:09:46.0234 3956 wuauserv - ok
14:09:46.0281 3956 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:09:46.0296 3956 WZCSVC - ok
14:09:46.0328 3956 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:09:46.0328 3956 xmlprov - ok
14:09:46.0359 3956 MBR (0x1B8) (3b00354a3923e2550a9af30ada33077f) \Device\Harddisk0\DR0
14:09:50.0343 3956 \Device\Harddisk0\DR0 - ok
14:09:50.0390 3956 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk3\DR6
14:09:50.0906 3956 \Device\Harddisk3\DR6 - ok
14:09:50.0921 3956 Boot (0x1200) (24d8b49f3a5dc260a671af62836c1134) \Device\Harddisk0\DR0\Partition0
14:09:50.0921 3956 \Device\Harddisk0\DR0\Partition0 - ok
14:09:50.0953 3956 Boot (0x1200) (22c32b504d27981345f4476d7d6e559a) \Device\Harddisk0\DR0\Partition1
14:09:50.0953 3956 \Device\Harddisk0\DR0\Partition1 - ok
14:09:50.0984 3956 Boot (0x1200) (fb7ba65fcddb4943396c8142eeb6a9ec) \Device\Harddisk3\DR6\Partition0
14:09:50.0984 3956 \Device\Harddisk3\DR6\Partition0 - ok
14:09:50.0984 3956 ============================================================
14:09:50.0984 3956 Scan finished
14:09:50.0984 3956 ============================================================
14:09:51.0000 3944 Detected object count: 1
14:09:51.0000 3944 Actual detected object count: 1
14:11:16.0031 3944 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
14:11:16.0593 3944 Backup copy found, using it..
14:11:16.0625 3944 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
14:11:16.0625 3944 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
14:11:36.0140 0772 Deinitialize success



2. aswMBR Results

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-25 14:14:41
-----------------------------
14:14:41.531 OS Version: Windows 5.1.2600 Service Pack 3
14:14:41.531 Number of processors: 1 586 0x7F02
14:14:41.531 ComputerName: ACCOUNTING UserName: User1
14:14:41.734 Initialize success
14:17:23.421 AVAST engine defs: 12062500
14:17:38.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7
14:17:38.140 Disk 0 Vendor: ST3160815AS 4.AAA Size: 152627MB BusType: 3
14:17:38.171 Disk 0 MBR read successfully
14:17:38.171 Disk 0 MBR scan
14:17:38.218 Disk 0 unknown MBR code
14:17:38.218 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 9993 MB offset 63
14:17:38.250 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71068 MB offset 20466810
14:17:38.281 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71562 MB offset 166015710
14:17:38.312 Disk 0 scanning sectors +312576705
14:17:38.406 Disk 0 scanning C:\WINDOWS\system32\drivers
14:17:45.406 Service scanning
14:18:02.296 Modules scanning
14:18:08.671 Disk 0 trace - called modules:
14:18:09.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys tsk15.tmp hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:18:09.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851caab8]
14:18:09.234 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000005e[0x852a51a8]
14:18:09.250 5 tsk15.tmp[f7347620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-7[0x851e9b28]
14:18:09.546 AVAST engine scan C:\WINDOWS
14:18:15.453 AVAST engine scan C:\WINDOWS\system32
14:21:01.515 AVAST engine scan C:\WINDOWS\system32\drivers
14:21:13.328 AVAST engine scan C:\Documents and Settings\User1
14:23:48.234 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
14:23:48.250 The log file has been saved successfully to "C:\aswMBR.txt"



3. ESET Online Scanner Results

C:\TDSSKiller_Quarantine\25.06.2012_14.09.03\rtkt0000\svc0000\tsk0000.dta Win32/Agent.SUC.Gen trojan deleted - quarantined



4. MiniToolBox Results

MiniToolBox by Farbar Version: 09-06-2012
Ran by User1 (administrator) on 25-06-2012 at 15:09:18
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : Accounting Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : gateway.2wire.netEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Networking Controller Physical Address. . . . . . . . . : 00-1D-72-B7-D8-BE Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.2.15 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.2.1 Lease Obtained. . . . . . . . . . : Monday, June 25, 2012 2:12:44 PM Lease Expires . . . . . . . . . . : Thursday, June 28, 2012 2:12:44 PMServer: mymodem
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.Server: mymodem
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=61ms TTL=50Reply from 98.139.183.24: bytes=32 time=59ms TTL=50Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 59ms, Maximum = 61ms, Average = 60msServer: mymodem
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 72 b7 d8 be ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.15 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.2.15 192.168.2.15 20
192.168.2.0 255.255.255.0 192.168.2.15 192.168.2.15 20
192.168.2.15 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.15 192.168.2.15 20
224.0.0.0 240.0.0.0 192.168.2.15 192.168.2.15 20
255.255.255.255 255.255.255.255 192.168.2.15 192.168.2.15 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/25/2012 02:11:38 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (06/22/2012 03:15:59 AM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (06/20/2012 03:11:28 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (06/20/2012 00:58:41 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (06/20/2012 00:41:58 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (06/20/2012 11:56:44 AM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (06/20/2012 11:48:15 AM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (06/20/2012 11:30:21 AM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (06/20/2012 11:01:29 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (06/20/2012 10:33:04 AM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]


System errors:
=============
Error: (06/25/2012 02:12:56 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (06/20/2012 01:51:12 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/20/2012 01:50:22 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/20/2012 01:49:59 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/20/2012 01:49:50 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/20/2012 01:49:26 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/20/2012 01:49:25 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (06/20/2012 01:47:04 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/20/2012 01:46:02 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/20/2012 01:44:08 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Reader 8.1.4 (Version: 8.1.4)
Agere Systems PCI-SV92EX Soft Modem
AiO_Scan (Version: 47.0.1.000)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.4518.1014)
Corel Applications
Crystal Reports Basic Runtime for Visual Studio 2008 (Version: 10.5.0.0)
CyberLink DVD Suite (Version: 6.0.2110)
CyberLink Power2Go (Version: 6.0.2115)
CyberLink PowerDVD (Version: 7.0.3409.a)
eMachines Games (Version: 1.0.0.52)
ESET Online Scanner v3
GearDrvs (Version: 1.00.0000)
HP Image Zone 4.7 (Version: 4.7)
HP PSC & OfficeJet 4.7
IKEA Home Planner (Version: 2.0.3)
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
LightScribe 1.4.142.1 (Version: 1.4.142.1)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Automated Troubleshooting Services Shim
Microsoft Fix it Center (Version: 1.0.0090)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (Version: 12.0.6215.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6215.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.6.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NTI Media Maker 8 (Version: 8.0.12.6325)
NVIDIA Drivers
PhonePad Version 4.20
QFolder (Version: 1.00.0000)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 5.10.0.5628)
Safari (Version: 5.34.50.0)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (Version: 13.0.1.220)
Scan (Version: 4.5.0.0)
Simply Accounting by Sage 2006 (Version: Release A)
Simply Accounting by Sage 2007 (Version: 2007)
Simply Accounting by Sage 2007 (Version: Release A)
Tansee iPhone Transfer SMS 2.3.1.0 (Version: 2.3.1.0)
TimePilot Central (Version: 4.0.2036)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Office 2007 (KB946691)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Vetro Data Manager (Version: 4.0.1033)
WebEx Record and Playback (Version: 1.00.0000)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows PowerShell™ 1.0 (Version: 2)
WinRAR 4.20 beta 3 (32-bit) (Version: 4.20.3)

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 894.42 MB
Available physical RAM: 583.39 MB
Total Pagefile: 2168.02 MB
Available Pagefile: 1961.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.75 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:69.4 GB) (Free:40.15 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:69.89 GB) (Free:69.75 GB) NTFS
6 Drive j: () (Removable) (Total:1.86 GB) (Free:1.64 GB) FAT

========================= Users: ========================================

User accounts for \\ACCOUNTING

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 User1


**** End of log ****

Edited by notPCsavvy, 25 June 2012 - 02:16 PM.


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:17 AM

Posted 25 June 2012 - 10:29 PM

Do you still have redirects?


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

#14 notPCsavvy

notPCsavvy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 26 June 2012 - 09:56 AM

THANK YOU SO MUCH FOR YOUR HELP! Sorry for the caps. I'm glad to say that I ran a Malwarebytes scan in safemode and turned up no results. The problem appears to be solved too. No strange behaviour on IE anymore. Can you tell me if you accept donations?

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:17 AM

Posted 26 June 2012 - 10:24 AM

That looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users