Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:JS/Medfos.B Infection


  • Please log in to reply
17 replies to this topic

#1 mrrsmiley

mrrsmiley

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 30 December 2012 - 08:45 PM

Microsoft Security Essentials has been prompting me that I have a "quarantined" Trojan on a pc.

The item in question is Trojan:JS/Medfos.B

Could I have some assistance in removing this trojan? All forum posts I have found so far seem to indicate pc specific fixes, not generic manual removals.

Thank you in advance for your expertise!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 PM

Posted 30 December 2012 - 09:08 PM

Hello, if MSE has "quarantined" it ,it is now safe.

If you keep seeing it then run these.

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
    [/list


    MiniToolBox
    Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
    [list]
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 mrrsmiley

mrrsmiley
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 31 December 2012 - 09:13 AM

Thank you boopme!
I'm still seeing popups for it being quarantined.
Here are the logs requested:

******mbar-log-2012-12-30 (22-19-18).txt******

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.31.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: JENN_DESKTOP [administrator]

12/30/2012 10:19:18 PM
mbar-log-2012-12-30 (22-19-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28053
Time elapsed: 36 minute(s), 35 second(s)

Memory Processes Detected: 1
C:\WINDOWS\system32\dmwu.exe (PUP.InstallBrain) -> 4900 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CouponXplorer_5zService (PUP.MyWebSearch) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{7d69ed06-0171-4379-9528-08df51092727}\InprocServer32 (PUP.MyWebSearch) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{0297a026-3011-46d3-ad62-bb9a7612aea7}\InprocServer32 (PUP.MyWebSearch) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CouponXplorer_5zbar Uninstall (PUP.MyWebSearch) -> Delete on reboot.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CouponXplorer_5z Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\COUPON~2\bar\1.bin\5zbrmon.exe -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CouponXplorer Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\COUPON~2\bar\1.bin\5zsrchmn.exe" /m=2 /w /h -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Vabelybe (Trojan.Zbot) -> Data: "C:\Documents and Settings\HP_Administrator\Application Data\Itoffa\iqep.exe" -> Delete on reboot.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Vabelybe (Trojan.Zbot) -> Data: "C:\Documents and Settings\HP_Administrator\Application Data\Itoffa\iqep.exe" -> Delete on reboot.
HKCU\SOFTWARE\CROSSRIDER|215AppVerifier (Adware.GamePlayLab) -> Data: e626893a84227a87c38f541d2aeccdc6 -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Program Files\CouponXplorer_5z\bar\1.bin\5zbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\CouponXplorer_5z\bar\1.bin\5zbrmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Documents and Settings\HP_Administrator\Application Data\Itoffa\iqep.exe (Trojan.Zbot) -> Delete on reboot.
C:\Program Files\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\CouponXplorer_5z\bar\1.bin\5zbar.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\WINDOWS\system32\dmwu.exe (PUP.InstallBrain) -> Delete on reboot.

(end)


******system-log.txt******
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.866000 GHz
Memory total: 1072041984, free: 492507136

------------ Kernel report ------------
12/30/2012 21:42:29
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
viaide.sys
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
iastor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ELacpi.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\hcwPP2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\??\C:\WINDOWS\System32\Drivers\Elmou.sys
\SystemRoot\system32\DRIVERS\PS2.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\??\C:\WINDOWS\System32\Drivers\Elkbd.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\??\C:\WINDOWS\System32\Drivers\Elmon.sys
\??\C:\WINDOWS\System32\Drivers\Elhid.sys
\??\C:\WINDOWS\System32\Drivers\HIDPARSE.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\MSPQM.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR7
Upper Device Object: 0xffffffff8633c720
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff85cba030
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR6
Upper Device Object: 0xffffffff862f5828
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff863a2030
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff861eaab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xffffffff8640d030
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff86532030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff86395ea0
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8684b030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff86c4c030
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.12.31.02
Downloaded database version: v2012.12.27.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8684b030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8684be08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8684b030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86c4c030, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xffffffffe1e27eb0, 0xffffffff8684b030, 0xffffffff8636f788
Lower DeviceData: 0xffffffffe4ad0170, 0xffffffff86c4c030, 0xffffffff86358e48
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CAB10BEE

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 470334942
Partition file system is NTFS
Partition is bootable

Partition 1 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 470351070 Numsec = 18040995

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 488392065 Numsec = 5087
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff86532030, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86607020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86532030, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86395ea0, DeviceName: \Device\0000006d\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff861eaab8, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8658a8c0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff861eaab8, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8640d030, DeviceName: \Device\0000006e\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff862f5828, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8644c020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff862f5828, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff863a2030, DeviceName: \Device\0000006f\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8633c720, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86553020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8633c720, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85cba030, DeviceName: \Device\00000070\, DriverName: \Driver\usbstor\
------------ End ----------
Done!
Performing system, memory and registry scan...
Infected: C:\Program Files\CouponXplorer_5z\bar\1.bin\5zbrstub.dll --> [PUP.MyWebSearch]
Infected: C:\Program Files\CouponXplorer_5z\bar\1.bin\5zbrmon.exe --> [PUP.MyWebSearch]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CouponXplorer_5z Browser Plugin Loader --> [PUP.MyWebSearch]
Infected: C:\Program Files\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe --> [PUP.MyWebSearch]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CouponXplorer Search Scope Monitor --> [PUP.MyWebSearch]
Infected: C:\Documents and Settings\HP_Administrator\Application Data\Itoffa\iqep.exe --> [Trojan.Zbot]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Vabelybe --> [Trojan.Zbot]
Infected: HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Vabelybe --> [Trojan.Zbot]
Infected: C:\Program Files\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe --> [PUP.MyWebSearch]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CouponXplorer_5zService --> [PUP.MyWebSearch]
Infected: C:\Program Files\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll --> [PUP.MyWebSearch]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{7d69ed06-0171-4379-9528-08df51092727}\InprocServer32 --> [PUP.MyWebSearch]
Infected: C:\Program Files\CouponXplorer_5z\bar\1.bin\5zbar.dll --> [PUP.MyWebSearch]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{0297a026-3011-46d3-ad62-bb9a7612aea7}\InprocServer32 --> [PUP.MyWebSearch]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CouponXplorer_5zbar Uninstall --> [PUP.MyWebSearch]
Infected: HKCU\SOFTWARE\CROSSRIDER|215AppVerifier --> [Adware.GamePlayLab]
Infected: HKCU\SOFTWARE\CROSSRIDER --> [Adware.GamePlayLab]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService --> [PUP.InstallBrain]
Infected: C:\WINDOWS\system32\dmwu.exe --> [PUP.InstallBrain]
Infected: C:\WINDOWS\system32\dmwu.exe --> [PUP.InstallBrain]
Done!
Scan finished
=======================================


******Result.txt******
MiniToolBox by Farbar Version: 25-11-2012
Ran by HP_Administrator (administrator) on 31-12-2012 at 06:08:11
Running from "C:\Documents and Settings\HP_Administrator\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82562V 10/100 Network Connection = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Jenn_Desktop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : had1.or.comcast.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : had1.or.comcast.net

Description . . . . . . . . . . . : Intel® 82562V 10/100 Network Connection

Physical Address. . . . . . . . . : 00-18-F3-D3-1A-86

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 216.228.160.5

216.228.160.6

216.228.160.7

Lease Obtained. . . . . . . . . . : Monday, December 31, 2012 4:54:02 AM

Lease Expires . . . . . . . . . . : Tuesday, January 01, 2013 4:54:02 AM

Server: ns5.bendcable.com
Address: 216.228.160.5

Name: google.com
Addresses: 173.194.33.1, 173.194.33.2, 173.194.33.3, 173.194.33.4
173.194.33.5, 173.194.33.6, 173.194.33.7, 173.194.33.8, 173.194.33.9
173.194.33.14, 173.194.33.0



Pinging google.com [173.194.33.0] with 32 bytes of data:



Reply from 173.194.33.0: bytes=32 time=17ms TTL=58

Reply from 173.194.33.0: bytes=32 time=18ms TTL=58



Ping statistics for 173.194.33.0:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 18ms, Average = 17ms

Server: ns5.bendcable.com
Address: 216.228.160.5

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=62ms TTL=53

Reply from 98.138.253.109: bytes=32 time=119ms TTL=53



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 62ms, Maximum = 119ms, Average = 90ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 f3 d3 1a 86 ...... Intel® 82562V 10/100 Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.102 192.168.1.102 20
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 20
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 20
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 20
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/30/2012 09:40:04 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/29/2012 07:36:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40244984

Error: (12/29/2012 07:36:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40244984

Error: (12/29/2012 07:36:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2012 07:35:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40229359

Error: (12/29/2012 07:35:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40229359

Error: (12/29/2012 07:35:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2012 07:35:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40213734

Error: (12/29/2012 07:35:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40213734

Error: (12/29/2012 07:35:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/28/2012 06:12:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/28/2012 06:12:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/28/2012 05:56:46 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/28/2012 05:53:28 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.141.2673.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/28/2012 05:53:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/28/2012 05:53:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/28/2012 05:50:17 PM) (Source: DCOM) (User: JENN_DESKTOP)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (12/28/2012 05:45:06 PM) (Source: DCOM) (User: JENN_DESKTOP)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (12/28/2012 05:45:05 PM) (Source: DCOM) (User: JENN_DESKTOP)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (12/28/2012 05:44:59 PM) (Source: DCOM) (User: JENN_DESKTOP)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
4500_G510af_Help_Web (Version: 000.0.440.000)
4500_G510nz_Help_Web (Version: 000.0.440.000)
4500G510af_Software_Min (Version: 000.0.423.000)
4500G510af_web (Version: 000.0.425.000)
4500G510nz_Software_Min (Version: 000.0.423.000)
4500G510nz_web (Version: 000.0.439.000)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Reader 7.0.5 (Version: 7.0.5)
Amazon Kindle
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
AutoUpdate (Version: 1.0)
Bing Bar (Version: 7.1.391.0)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
Coupon Printer for Windows (Version: 5.0.0.1)
CouponXplorer Toolbar
CP_AtenaShokunin1Config (Version: 70.0.170.000)
CP_CalendarTemplates1 (Version: 70.0.170.000)
cp_LightScribeConfig (Version: 70.0.170.000)
cp_OnlineProjectsConfig (Version: 70.0.170.000)
CP_Package_Basic1 (Version: 70.0.170.000)
CP_Package_Variety1 (Version: 70.0.170.000)
CP_Package_Variety2 (Version: 70.0.170.000)
CP_Package_Variety3 (Version: 70.0.170.000)
CP_Panorama1Config (Version: 70.0.170.000)
cp_PosterPrintConfig (Version: 70.0.170.000)
cp_UpdateProjectsConfig (Version: 70.0.170.000)
CueTour (Version: 70.0.170.000)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)
Data Fax SoftModem with SmartCP
Deal Vault (Version: 1.24.151.151)
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
DISCover (Version: 3.33)
DivX (Version: 5.2.1)
Easy Internet Sign-up (Version: FE UI-4.1.0.1680)
Enhanced Multimedia Keyboard Solution
FullDPAppQFolder (Version: 1.00.0000)
GemMaster Mystic
Google Chrome (Version: 23.0.1271.97)
Google Update Helper (Version: 1.3.21.123)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Boot Optimizer (Version: 3.0.0)
HP DigitalMedia Archive (Version: 2.0)
HP DVD Play 2.1
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Officejet 4500 G510a-f (Version: 13.0)
HP Officejet 4500 G510n-z (Version: 13.0)
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5 (Version: 6.5)
HP Software Update (Version: 3.0.7.014)
HP Web Helper
HPPhotoSmartExpress (Version: 70.0.170.000)
HpSdpAppCoreApp (Version: 3.00.0000)
IB Updater 2.0.0.530 (Version: 2.0.0.530)
IB Updater Service (Version: 2.0.0.3)
Incredibar Toolbar on IE
InstantShareAlert (Version: 1.00.0000)
InstantShareDevices (Version: 70.0.170.000)
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® Quick Resume Technology Drivers
Intel® Viiv™ Software (Version: 1.0.3.2019)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
iTunes (Version: 10.7.0.21)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 37 (Version: 6.0.370)
LightScribe 1.4.113.1 (Version: 1.4.113.1)
LiveUpdate 3.1 (Symantec Corporation) (Version: 3.1.0.99)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Money 2006 (Version: 15)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Works (Version: 08.04.0623)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 5.0 (Version: 5.00.050)
muvee autoProducer unPlugged 2.0 (Version: 2.0.0)
My HP Games (Version: HPCMPQ1404)
Netscape Browser (remove only)
Network (Version: 130.0.550.000)
NVIDIA Drivers
OptionalContentQFolder (Version: 1.00.0000)
Otto
PC-Doctor 5 for Windows (Version: 5.00.4060.15)
PhotoGallery (Version: 70.0.170.000)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
Quicken 2012 (Version: 21.1.7.18)
RandMap (Version: 70.0.170.000)
RealPlayer
Realtek High Definition Audio Driver
Remove WeatherBug Installer
Rhapsody
Scan (Version: 13.0.0.0)
ShopAtHome.com Toolbar
SkinsHP1 (Version: 70.0.170.000)
SlideShow (Version: 70.0.170.000)
SlideShowMusic (Version: 70.0.170.000)
Sonic Express Labeler (Version: 2.1.0)
Sonic MyDVD Plus (Version: 6.2.0)
Sonic RecordNow Audio (Version: 2.0.6)
Sonic RecordNow Copy (Version: 2.0.6)
Sonic RecordNow Data (Version: 2.0.6)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 70.0.170.000)
Toolbox (Version: 130.0.648.000)
Unload (Version: 7.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 130.0.132.017)
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 68%
Total physical RAM: 1022.38 MB
Available physical RAM: 325.95 MB
Total Pagefile: 2458.66 MB
Available Pagefile: 1769.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.82 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:224.27 GB) (Free:186.12 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.59 GB) (Free:0.36 GB) FAT32

========================= Users: ========================================

User accounts for \\JENN_DESKTOP

Administrator Guest HelpAssistant
HP_Administrator SUPPORT_388945a0 SUPPORT_fddfa904


**** End of log ****

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 PM

Posted 31 December 2012 - 05:59 PM

OK, stilll some work to do here..

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.


>>>

ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

>>>>

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.


Happy New Year

Edited by boopme, 31 December 2012 - 06:00 PM.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 mrrsmiley

mrrsmiley
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 01 January 2013 - 12:00 PM

Happy New Year to you too.

So, any external link I try from this forum chat goes to an unknown Google page with an "Error 404 (Not Found)!!1" message.
I've used another pc to transfer these files over to the pc with issues. I've been able to run both the TDSKiller and ADW Cleaner, and will attach logs.

I'm running into issues with the ESET Online run, though.

It gives me an error that states "Can not get update. Is proxy configured?" and then will not let me move on.
Ideas?

Here are the other logs.

*****TDSSKiller.2.8.15.0_01.01.2013_08.31.55_log.txt******

08:31:55.0000 5964 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:31:55.0468 5964 ============================================================
08:31:55.0468 5964 Current date / time: 2013/01/01 08:31:55.0468
08:31:55.0468 5964 SystemInfo:
08:31:55.0468 5964
08:31:55.0468 5964 OS Version: 5.1.2600 ServicePack: 3.0
08:31:55.0468 5964 Product type: Workstation
08:31:55.0468 5964 ComputerName: JENN_DESKTOP
08:31:55.0468 5964 UserName: HP_Administrator
08:31:55.0468 5964 Windows directory: C:\WINDOWS
08:31:55.0468 5964 System windows directory: C:\WINDOWS
08:31:55.0468 5964 Processor architecture: Intel x86
08:31:55.0468 5964 Number of processors: 2
08:31:55.0468 5964 Page size: 0x1000
08:31:55.0468 5964 Boot type: Normal boot
08:31:55.0468 5964 ============================================================
08:31:57.0203 5964 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:31:57.0234 5964 ============================================================
08:31:57.0234 5964 \Device\Harddisk0\DR0:
08:31:57.0234 5964 MBR partitions:
08:31:57.0234 5964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C08BDDE
08:31:57.0234 5964 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x1C08FCDE, BlocksNum 0x11348A3
08:31:57.0234 5964 ============================================================
08:31:57.0265 5964 C: <-> \Device\Harddisk0\DR0\Partition1
08:31:57.0281 5964 D: <-> \Device\Harddisk0\DR0\Partition2
08:31:57.0281 5964 ============================================================
08:31:57.0281 5964 Initialize success
08:31:57.0281 5964 ============================================================
08:32:40.0390 6128 ============================================================
08:32:40.0390 6128 Scan started
08:32:40.0390 6128 Mode: Manual; TDLFS;
08:32:40.0390 6128 ============================================================
08:32:41.0109 6128 ================ Scan system memory ========================
08:32:41.0125 6128 System memory - ok
08:32:41.0125 6128 ================ Scan services =============================
08:32:41.0250 6128 Abiosdsk - ok
08:32:41.0250 6128 abp480n5 - ok
08:32:41.0296 6128 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:32:41.0312 6128 ACPI - ok
08:32:41.0359 6128 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:32:41.0375 6128 ACPIEC - ok
08:32:41.0468 6128 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:32:41.0625 6128 AdobeFlashPlayerUpdateSvc - ok
08:32:41.0640 6128 adpu160m - ok
08:32:41.0671 6128 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:32:41.0671 6128 aec - ok
08:32:41.0734 6128 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:32:41.0734 6128 AFD - ok
08:32:41.0734 6128 Aha154x - ok
08:32:41.0750 6128 aic78u2 - ok
08:32:41.0750 6128 aic78xx - ok
08:32:41.0796 6128 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:32:41.0812 6128 Alerter - ok
08:32:41.0843 6128 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:32:41.0843 6128 ALG - ok
08:32:41.0843 6128 AliIde - ok
08:32:41.0859 6128 amsint - ok
08:32:41.0984 6128 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:32:41.0984 6128 Apple Mobile Device - ok
08:32:42.0031 6128 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:32:42.0062 6128 AppMgmt - ok
08:32:42.0109 6128 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:32:42.0140 6128 Arp1394 - ok
08:32:42.0156 6128 asc - ok
08:32:42.0156 6128 asc3350p - ok
08:32:42.0171 6128 asc3550 - ok
08:32:42.0312 6128 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:32:42.0343 6128 aspnet_state - ok
08:32:42.0359 6128 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:32:42.0375 6128 AsyncMac - ok
08:32:42.0390 6128 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:32:42.0437 6128 atapi - ok
08:32:42.0437 6128 Atdisk - ok
08:32:42.0468 6128 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:32:42.0500 6128 Atmarpc - ok
08:32:42.0546 6128 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:32:42.0578 6128 AudioSrv - ok
08:32:42.0625 6128 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:32:42.0640 6128 audstub - ok
08:32:42.0687 6128 [ 0FCFBD0EDAA188B3D652DDCE6D16D866 ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
08:32:42.0703 6128 Automatic LiveUpdate Scheduler - ok
08:32:42.0859 6128 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
08:32:42.0859 6128 BBSvc - ok
08:32:42.0906 6128 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
08:32:43.0015 6128 BBUpdate - ok
08:32:43.0046 6128 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:32:43.0062 6128 Beep - ok
08:32:43.0125 6128 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
08:32:43.0156 6128 BITS - ok
08:32:43.0234 6128 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:32:43.0250 6128 Bonjour Service - ok
08:32:43.0296 6128 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
08:32:43.0296 6128 Browser - ok
08:32:43.0343 6128 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:32:43.0359 6128 cbidf2k - ok
08:32:43.0390 6128 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:32:43.0406 6128 CCDECODE - ok
08:32:43.0406 6128 cd20xrnt - ok
08:32:43.0437 6128 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:32:43.0484 6128 Cdaudio - ok
08:32:43.0500 6128 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:32:43.0500 6128 Cdfs - ok
08:32:43.0500 6128 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:32:43.0546 6128 Cdrom - ok
08:32:43.0546 6128 Changer - ok
08:32:43.0593 6128 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:32:43.0625 6128 CiSvc - ok
08:32:43.0625 6128 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:32:43.0671 6128 ClipSrv - ok
08:32:43.0703 6128 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:32:43.0765 6128 clr_optimization_v2.0.50727_32 - ok
08:32:43.0796 6128 CLTNetCnService - ok
08:32:43.0796 6128 CmdIde - ok
08:32:43.0796 6128 COMSysApp - ok
08:32:43.0906 6128 [ 622FCF264119F7DF127BE353F796B319 ] CouponXplorer_5zService C:\PROGRA~1\COUPON~2\bar\1.bin\5zbarsvc.exe
08:32:43.0906 6128 CouponXplorer_5zService - ok
08:32:43.0906 6128 Cpqarray - ok
08:32:43.0906 6128 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:32:43.0906 6128 CryptSvc - ok
08:32:43.0921 6128 dac2w2k - ok
08:32:43.0921 6128 dac960nt - ok
08:32:43.0984 6128 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:32:44.0000 6128 DcomLaunch - ok
08:32:44.0046 6128 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:32:44.0046 6128 Dhcp - ok
08:32:44.0062 6128 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:32:44.0093 6128 Disk - ok
08:32:44.0093 6128 dmadmin - ok
08:32:44.0171 6128 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:32:44.0218 6128 dmboot - ok
08:32:44.0234 6128 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:32:44.0250 6128 dmio - ok
08:32:44.0281 6128 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:32:44.0296 6128 dmload - ok
08:32:44.0328 6128 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:32:44.0328 6128 dmserver - ok
08:32:44.0328 6128 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:32:44.0359 6128 DMusic - ok
08:32:44.0406 6128 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:32:44.0406 6128 Dnscache - ok
08:32:44.0500 6128 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:32:44.0531 6128 Dot3svc - ok
08:32:44.0531 6128 dpti2o - ok
08:32:44.0546 6128 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:32:44.0562 6128 drmkaud - ok
08:32:44.0593 6128 [ B0ABABBBE2E61FC916A21182AC2CEFF1 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
08:32:44.0671 6128 e1express - ok
08:32:44.0687 6128 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:32:44.0718 6128 EapHost - ok
08:32:44.0812 6128 [ D039A0C347632622934906BD59A4E1EA ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
08:32:44.0812 6128 ehRecvr - ok
08:32:44.0812 6128 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
08:32:44.0828 6128 ehSched - ok
08:32:44.0875 6128 [ 0923AEC043F5D355B4EF0C2B29A362DE ] ELacpi C:\WINDOWS\system32\DRIVERS\ELacpi.sys
08:32:44.0890 6128 ELacpi - ok
08:32:44.0921 6128 [ CBD71E7772F92BFB85CCC302B2DEEFBA ] ELhid C:\WINDOWS\System32\Drivers\Elhid.sys
08:32:44.0953 6128 ELhid - ok
08:32:44.0968 6128 [ AC75B576C45D144E146FD1F0576A1F53 ] ELkbd C:\WINDOWS\System32\Drivers\Elkbd.sys
08:32:44.0984 6128 ELkbd - ok
08:32:44.0984 6128 [ 483CCE5E40137D4E437F4DEF55C80007 ] ELmon C:\WINDOWS\System32\Drivers\Elmon.sys
08:32:45.0015 6128 ELmon - ok
08:32:45.0015 6128 [ 8E88CAFEAC0812BF2D15BEEEDFCCE8BD ] ELmou C:\WINDOWS\System32\Drivers\Elmou.sys
08:32:45.0031 6128 ELmou - ok
08:32:45.0078 6128 [ 47FCF6628E1A221C41F3F0130FBF258E ] ELService C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
08:32:45.0078 6128 ELService - ok
08:32:45.0109 6128 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:32:45.0109 6128 ERSvc - ok
08:32:45.0156 6128 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:32:45.0187 6128 Eventlog - ok
08:32:45.0218 6128 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
08:32:45.0218 6128 EventSystem - ok
08:32:45.0281 6128 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:32:45.0312 6128 Fastfat - ok
08:32:45.0359 6128 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:32:45.0375 6128 FastUserSwitchingCompatibility - ok
08:32:45.0390 6128 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
08:32:45.0437 6128 Fax - ok
08:32:45.0453 6128 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
08:32:45.0484 6128 Fdc - ok
08:32:45.0500 6128 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:32:45.0515 6128 Fips - ok
08:32:45.0531 6128 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
08:32:45.0546 6128 Flpydisk - ok
08:32:45.0578 6128 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:32:45.0609 6128 FltMgr - ok
08:32:45.0671 6128 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:32:45.0687 6128 FontCache3.0.0.0 - ok
08:32:45.0703 6128 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:32:45.0718 6128 Fs_Rec - ok
08:32:45.0765 6128 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:32:45.0781 6128 Ftdisk - ok
08:32:45.0828 6128 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:32:45.0875 6128 GEARAspiWDM - ok
08:32:45.0906 6128 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:32:45.0937 6128 Gpc - ok
08:32:45.0968 6128 [ 55E4DA7C8CBBA1F2D71720FCA7A5C086 ] hcwPP2 C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
08:32:46.0000 6128 hcwPP2 - ok
08:32:46.0046 6128 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:32:46.0046 6128 HDAudBus - ok
08:32:46.0171 6128 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:32:46.0171 6128 helpsvc - ok
08:32:46.0171 6128 HidServ - ok
08:32:46.0218 6128 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:32:46.0234 6128 HidUsb - ok
08:32:46.0250 6128 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:32:46.0328 6128 hkmsvc - ok
08:32:46.0328 6128 hpn - ok
08:32:46.0484 6128 [ 7F437A78C5B0105B67B830D00AD719F8 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
08:32:46.0500 6128 HPSLPSVC - ok
08:32:46.0546 6128 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:32:46.0578 6128 HPZid412 - ok
08:32:46.0578 6128 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:32:46.0609 6128 HPZipr12 - ok
08:32:46.0609 6128 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:32:46.0625 6128 HPZius12 - ok
08:32:46.0656 6128 [ 1F5C64B0C6B2E2F48735A77AE714CCB8 ] HSXHWBS2 C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
08:32:46.0734 6128 HSXHWBS2 - ok
08:32:46.0796 6128 [ A7F8C9228898A1E871D2AE7082F50AC3 ] HSX_DP C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
08:32:46.0843 6128 HSX_DP - ok
08:32:46.0890 6128 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:32:46.0906 6128 HTTP - ok
08:32:46.0953 6128 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:32:46.0984 6128 HTTPFilter - ok
08:32:46.0984 6128 i2omgmt - ok
08:32:46.0984 6128 i2omp - ok
08:32:47.0015 6128 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:32:47.0046 6128 i8042prt - ok
08:32:47.0109 6128 [ B122BE74E283A2BC7FEBC180BFD2EFD5 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
08:32:47.0109 6128 IAANTMON - ok
08:32:47.0171 6128 [ 019CF5F31C67030841233C545A0E217A ] iaStor C:\WINDOWS\system32\DRIVERS\iastor.sys
08:32:47.0171 6128 iaStor - ok
08:32:47.0250 6128 [ 8B672417438380704E6A39B2F9D78EE8 ] IB Updater C:\Program Files\IB Updater\ExtensionUpdaterService.exe
08:32:47.0250 6128 IB Updater - ok
08:32:47.0328 6128 [ 05B1323C82849E1CC4E774D470254215 ] IBUpdaterService C:\WINDOWS\system32\dmwu.exe
08:32:47.0343 6128 IBUpdaterService - ok
08:32:47.0390 6128 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
08:32:47.0437 6128 IDriverT - ok
08:32:47.0562 6128 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:32:47.0687 6128 idsvc - ok
08:32:47.0734 6128 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:32:47.0765 6128 Imapi - ok
08:32:47.0796 6128 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:32:47.0796 6128 ImapiService - ok
08:32:47.0812 6128 ini910u - ok
08:32:47.0968 6128 [ AB2FE0FAA519880BD16E4A0792D633D2 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:32:48.0031 6128 IntcAzAudAddService - ok
08:32:48.0046 6128 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
08:32:48.0062 6128 IntelIde - ok
08:32:48.0109 6128 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:32:48.0109 6128 intelppm - ok
08:32:48.0125 6128 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:32:48.0187 6128 Ip6Fw - ok
08:32:48.0203 6128 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:32:48.0234 6128 IpFilterDriver - ok
08:32:48.0250 6128 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:32:48.0296 6128 IpInIp - ok
08:32:48.0312 6128 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:32:48.0312 6128 IpNat - ok
08:32:48.0390 6128 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:32:48.0406 6128 iPod Service - ok
08:32:48.0453 6128 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:32:48.0500 6128 IPSec - ok
08:32:48.0531 6128 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:32:48.0546 6128 IRENUM - ok
08:32:48.0578 6128 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:32:48.0609 6128 isapnp - ok
08:32:48.0718 6128 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
08:32:48.0718 6128 JavaQuickStarterService - ok
08:32:48.0765 6128 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:32:48.0796 6128 Kbdclass - ok
08:32:48.0828 6128 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:32:48.0828 6128 kmixer - ok
08:32:48.0859 6128 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:32:48.0859 6128 KSecDD - ok
08:32:48.0890 6128 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:32:48.0890 6128 lanmanserver - ok
08:32:48.0953 6128 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:32:48.0953 6128 lanmanworkstation - ok
08:32:48.0953 6128 lbrtfdc - ok
08:32:49.0031 6128 [ 4C52DC5C6481D13275653CCEB59BF53A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
08:32:49.0031 6128 LightScribeService - ok
08:32:49.0125 6128 [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
08:32:49.0156 6128 LiveUpdate - ok
08:32:49.0156 6128 LiveUpdate Notice Ex - ok
08:32:49.0265 6128 [ 2D1389E05A807D956829F44BD4B60389 ] LiveUpdate Notice Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
08:32:49.0265 6128 LiveUpdate Notice Service - ok
08:32:49.0328 6128 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:32:49.0343 6128 LmHosts - ok
08:32:49.0390 6128 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
08:32:49.0390 6128 McrdSvc - ok
08:32:49.0468 6128 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:32:49.0468 6128 mdmxsdk - ok
08:32:49.0500 6128 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:32:49.0515 6128 Messenger - ok
08:32:49.0578 6128 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
08:32:49.0656 6128 MHN - ok
08:32:49.0671 6128 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
08:32:49.0703 6128 MHNDRV - ok
08:32:49.0718 6128 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:32:49.0734 6128 mnmdd - ok
08:32:49.0781 6128 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:32:49.0828 6128 mnmsrvc - ok
08:32:49.0890 6128 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:32:49.0890 6128 Modem - ok
08:32:49.0890 6128 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:32:49.0906 6128 Mouclass - ok
08:32:49.0921 6128 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:32:49.0953 6128 MountMgr - ok
08:32:49.0984 6128 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:32:50.0015 6128 MpFilter - ok
08:32:50.0203 6128 [ A69630D039C38018689190234F866D77 ] MpKslfdd4bacb c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E034EDEC-2301-4062-A553-B109D88D9B83}\MpKslfdd4bacb.sys
08:32:50.0203 6128 MpKslfdd4bacb - ok
08:32:50.0203 6128 mraid35x - ok
08:32:50.0218 6128 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:32:50.0218 6128 MRxDAV - ok
08:32:50.0265 6128 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:32:50.0265 6128 MRxSmb - ok
08:32:50.0312 6128 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:32:50.0328 6128 MSDTC - ok
08:32:50.0343 6128 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:32:50.0421 6128 Msfs - ok
08:32:50.0421 6128 MSIServer - ok
08:32:50.0453 6128 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:32:50.0468 6128 MSKSSRV - ok
08:32:50.0546 6128 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:32:50.0562 6128 MsMpSvc - ok
08:32:50.0609 6128 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:32:50.0625 6128 MSPCLOCK - ok
08:32:50.0656 6128 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:32:50.0656 6128 MSPQM - ok
08:32:50.0671 6128 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:32:50.0671 6128 mssmbios - ok
08:32:50.0687 6128 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
08:32:50.0703 6128 MSTEE - ok
08:32:50.0750 6128 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:32:50.0765 6128 Mup - ok
08:32:50.0796 6128 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:32:50.0828 6128 NABTSFEC - ok
08:32:50.0875 6128 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:32:50.0937 6128 napagent - ok
08:32:50.0968 6128 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:32:51.0015 6128 NDIS - ok
08:32:51.0046 6128 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:32:51.0062 6128 NdisIP - ok
08:32:51.0093 6128 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:32:51.0093 6128 NdisTapi - ok
08:32:51.0156 6128 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:32:51.0171 6128 Ndisuio - ok
08:32:51.0171 6128 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:32:51.0218 6128 NdisWan - ok
08:32:51.0265 6128 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:32:51.0265 6128 NDProxy - ok
08:32:51.0312 6128 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
08:32:51.0312 6128 Net Driver HPZ12 - ok
08:32:51.0328 6128 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:32:51.0359 6128 NetBIOS - ok
08:32:51.0375 6128 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:32:51.0421 6128 NetBT - ok
08:32:51.0468 6128 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:32:51.0546 6128 NetDDE - ok
08:32:51.0546 6128 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:32:51.0546 6128 NetDDEdsdm - ok
08:32:51.0593 6128 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:32:51.0593 6128 Netlogon - ok
08:32:51.0609 6128 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:32:51.0609 6128 Netman - ok
08:32:51.0687 6128 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:32:51.0718 6128 NetTcpPortSharing - ok
08:32:51.0750 6128 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:32:51.0750 6128 NIC1394 - ok
08:32:51.0796 6128 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:32:51.0812 6128 Nla - ok
08:32:51.0812 6128 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:32:51.0843 6128 Npfs - ok
08:32:51.0890 6128 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:32:51.0937 6128 Ntfs - ok
08:32:51.0953 6128 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:32:51.0953 6128 NtLmSsp - ok
08:32:52.0031 6128 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:32:52.0078 6128 NtmsSvc - ok
08:32:52.0125 6128 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:32:52.0140 6128 Null - ok
08:32:52.0250 6128 [ EB2858F920B8135B807B5CCAA3ED73DC ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:32:52.0312 6128 nv - ok
08:32:52.0359 6128 [ 36032035FA55F030D55237D5C639A81D ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
08:32:52.0359 6128 NVSvc - ok
08:32:52.0390 6128 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:32:52.0406 6128 NwlnkFlt - ok
08:32:52.0421 6128 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:32:52.0437 6128 NwlnkFwd - ok
08:32:52.0562 6128 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:32:52.0656 6128 odserv - ok
08:32:52.0703 6128 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:32:52.0703 6128 ohci1394 - ok
08:32:52.0750 6128 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:32:52.0843 6128 ose - ok
08:32:52.0890 6128 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
08:32:52.0937 6128 Parport - ok
08:32:52.0937 6128 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:32:52.0968 6128 PartMgr - ok
08:32:52.0984 6128 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:32:53.0000 6128 ParVdm - ok
08:32:53.0015 6128 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:32:53.0046 6128 PCI - ok
08:32:53.0046 6128 PCIDump - ok
08:32:53.0062 6128 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:32:53.0078 6128 PCIIde - ok
08:32:53.0125 6128 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:32:53.0140 6128 Pcmcia - ok
08:32:53.0156 6128 PDCOMP - ok
08:32:53.0156 6128 PDFRAME - ok
08:32:53.0156 6128 PDRELI - ok
08:32:53.0171 6128 PDRFRAME - ok
08:32:53.0171 6128 perc2 - ok
08:32:53.0171 6128 perc2hib - ok
08:32:53.0203 6128 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:32:53.0203 6128 PlugPlay - ok
08:32:53.0218 6128 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
08:32:53.0218 6128 Pml Driver HPZ12 - ok
08:32:53.0234 6128 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:32:53.0234 6128 PolicyAgent - ok
08:32:53.0250 6128 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:32:53.0281 6128 PptpMiniport - ok
08:32:53.0281 6128 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:32:53.0281 6128 ProtectedStorage - ok
08:32:53.0328 6128 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
08:32:53.0359 6128 Ps2 - ok
08:32:53.0359 6128 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:32:53.0406 6128 PSched - ok
08:32:53.0406 6128 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:32:53.0421 6128 Ptilink - ok
08:32:53.0437 6128 [ 97B735DE4E3CD44C71C8CB09BDBF07B7 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:32:53.0468 6128 PxHelp20 - ok
08:32:53.0468 6128 ql1080 - ok
08:32:53.0484 6128 Ql10wnt - ok
08:32:53.0484 6128 ql12160 - ok
08:32:53.0484 6128 ql1240 - ok
08:32:53.0500 6128 ql1280 - ok
08:32:53.0546 6128 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:32:53.0578 6128 RasAcd - ok
08:32:53.0625 6128 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:32:53.0656 6128 RasAuto - ok
08:32:53.0656 6128 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:32:53.0687 6128 Rasl2tp - ok
08:32:53.0734 6128 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:32:53.0734 6128 RasMan - ok
08:32:53.0796 6128 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:32:53.0812 6128 RasPppoe - ok
08:32:53.0828 6128 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:32:53.0843 6128 Raspti - ok
08:32:53.0875 6128 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:32:53.0890 6128 Rdbss - ok
08:32:53.0890 6128 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:32:53.0906 6128 RDPCDD - ok
08:32:53.0906 6128 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:32:53.0937 6128 rdpdr - ok
08:32:53.0984 6128 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:32:53.0984 6128 RDPWD - ok
08:32:54.0000 6128 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:32:54.0062 6128 RDSessMgr - ok
08:32:54.0078 6128 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:32:54.0109 6128 redbook - ok
08:32:54.0156 6128 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:32:54.0203 6128 RemoteAccess - ok
08:32:54.0250 6128 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:32:54.0250 6128 RemoteRegistry - ok
08:32:54.0265 6128 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
08:32:54.0296 6128 RpcLocator - ok
08:32:54.0343 6128 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
08:32:54.0343 6128 RpcSs - ok
08:32:54.0375 6128 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:32:54.0421 6128 RSVP - ok
08:32:54.0437 6128 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
08:32:54.0468 6128 rtl8139 - ok
08:32:54.0484 6128 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:32:54.0484 6128 SamSs - ok
08:32:54.0546 6128 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:32:54.0593 6128 SCardSvr - ok
08:32:54.0640 6128 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:32:54.0671 6128 Schedule - ok
08:32:54.0703 6128 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:32:54.0718 6128 Secdrv - ok
08:32:54.0750 6128 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:32:54.0750 6128 seclogon - ok
08:32:54.0750 6128 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:32:54.0750 6128 SENS - ok
08:32:54.0796 6128 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
08:32:54.0796 6128 Serial - ok
08:32:54.0859 6128 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:32:54.0875 6128 Sfloppy - ok
08:32:54.0921 6128 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:32:54.0937 6128 SharedAccess - ok
08:32:54.0953 6128 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:32:54.0953 6128 ShellHWDetection - ok
08:32:54.0968 6128 Simbad - ok
08:32:54.0984 6128 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:32:55.0015 6128 SLIP - ok
08:32:55.0015 6128 Sparrow - ok
08:32:55.0046 6128 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:32:55.0062 6128 splitter - ok
08:32:55.0109 6128 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:32:55.0109 6128 Spooler - ok
08:32:55.0125 6128 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:32:55.0171 6128 sr - ok
08:32:55.0218 6128 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:32:55.0218 6128 srservice - ok
08:32:55.0250 6128 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:32:55.0265 6128 Srv - ok
08:32:55.0265 6128 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:32:55.0265 6128 SSDPSRV - ok
08:32:55.0312 6128 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:32:55.0312 6128 stisvc - ok
08:32:55.0343 6128 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:32:55.0359 6128 streamip - ok
08:32:55.0375 6128 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:32:55.0390 6128 swenum - ok
08:32:55.0406 6128 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:32:55.0421 6128 swmidi - ok
08:32:55.0437 6128 SwPrv - ok
08:32:55.0437 6128 symc810 - ok
08:32:55.0453 6128 symc8xx - ok
08:32:55.0453 6128 sym_hi - ok
08:32:55.0453 6128 sym_u3 - ok
08:32:55.0468 6128 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:32:55.0500 6128 sysaudio - ok
08:32:55.0531 6128 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:32:55.0562 6128 SysmonLog - ok
08:32:55.0593 6128 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:32:55.0593 6128 TapiSrv - ok
08:32:55.0625 6128 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:32:55.0625 6128 Tcpip - ok
08:32:55.0671 6128 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:32:55.0687 6128 TDPIPE - ok
08:32:55.0703 6128 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:32:55.0718 6128 TDTCP - ok
08:32:55.0765 6128 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:32:55.0796 6128 TermDD - ok
08:32:55.0890 6128 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:32:55.0890 6128 TermService - ok
08:32:55.0937 6128 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
08:32:55.0937 6128 Themes - ok
08:32:56.0000 6128 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
08:32:56.0062 6128 TlntSvr - ok
08:32:56.0078 6128 TosIde - ok
08:32:56.0093 6128 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:32:56.0109 6128 TrkWks - ok
08:32:56.0140 6128 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:32:56.0187 6128 Udfs - ok
08:32:56.0203 6128 ultra - ok
08:32:56.0250 6128 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
08:32:56.0281 6128 UMWdf - ok
08:32:56.0328 6128 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:32:56.0359 6128 Update - ok
08:32:56.0500 6128 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:32:56.0546 6128 upnphost - ok
08:32:56.0546 6128 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:32:56.0625 6128 UPS - ok
08:32:56.0656 6128 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
08:32:56.0703 6128 USBAAPL - ok
08:32:56.0734 6128 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:32:56.0765 6128 usbccgp - ok
08:32:56.0781 6128 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:32:56.0812 6128 usbehci - ok
08:32:56.0828 6128 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:32:56.0859 6128 usbhub - ok
08:32:56.0890 6128 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:32:56.0921 6128 usbprint - ok
08:32:56.0921 6128 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:32:56.0968 6128 usbscan - ok
08:32:56.0984 6128 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:32:57.0015 6128 usbstor - ok
08:32:57.0015 6128 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:32:57.0046 6128 usbuhci - ok
08:32:57.0078 6128 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:32:57.0109 6128 VgaSave - ok
08:32:57.0140 6128 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
08:32:57.0156 6128 ViaIde - ok
08:32:57.0156 6128 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:32:57.0187 6128 VolSnap - ok
08:32:57.0218 6128 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:32:57.0265 6128 VSS - ok
08:32:57.0296 6128 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
08:32:57.0296 6128 W32Time - ok
08:32:57.0343 6128 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:32:57.0375 6128 Wanarp - ok
08:32:57.0406 6128 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
08:32:57.0421 6128 WDC_SAM - ok
08:32:57.0421 6128 WDICA - ok
08:32:57.0453 6128 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:32:57.0500 6128 wdmaud - ok
08:32:57.0546 6128 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:32:57.0546 6128 WebClient - ok
08:32:57.0578 6128 [ 11EC1AFCEB5C917CE73D3C301FF4291E ] winachsx C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
08:32:57.0609 6128 winachsx - ok
08:32:57.0703 6128 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:32:57.0703 6128 winmgmt - ok
08:32:57.0765 6128 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
08:32:57.0812 6128 WmdmPmSN - ok
08:32:57.0859 6128 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
08:32:57.0875 6128 Wmi - ok
08:32:57.0906 6128 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:32:57.0984 6128 WmiApSrv - ok
08:32:58.0031 6128 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:32:58.0078 6128 wscsvc - ok
08:32:58.0109 6128 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:32:58.0125 6128 WSTCODEC - ok
08:32:58.0156 6128 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:32:58.0156 6128 wuauserv - ok
08:32:58.0218 6128 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:32:58.0234 6128 WZCSVC - ok
08:32:58.0250 6128 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:32:58.0296 6128 xmlprov - ok
08:32:58.0343 6128 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:32:58.0359 6128 YahooAUService - ok
08:32:58.0359 6128 zoybwvmw - ok
08:32:58.0375 6128 ================ Scan global ===============================
08:32:58.0421 6128 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:32:58.0468 6128 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:32:58.0484 6128 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:32:58.0515 6128 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:32:58.0515 6128 [Global] - ok
08:32:58.0515 6128 ================ Scan MBR ==================================
08:32:58.0546 6128 [ D11C727E03BB7318DCDA069B06E652F0 ] \Device\Harddisk0\DR0
08:32:58.0828 6128 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:32:58.0828 6128 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:32:58.0828 6128 ================ Scan VBR ==================================
08:32:58.0828 6128 [ A379A91A462E914B6EEF2F2DB36F8E42 ] \Device\Harddisk0\DR0\Partition1
08:32:58.0843 6128 \Device\Harddisk0\DR0\Partition1 - ok
08:32:58.0843 6128 [ 8C8675CF139138FFB24536176A2AC904 ] \Device\Harddisk0\DR0\Partition2
08:32:58.0843 6128 \Device\Harddisk0\DR0\Partition2 - ok
08:32:58.0843 6128 ============================================================
08:32:58.0843 6128 Scan finished
08:32:58.0843 6128 ============================================================
08:32:58.0859 6120 Detected object count: 1
08:32:58.0859 6120 Actual detected object count: 1
08:33:42.0109 6120 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:33:42.0109 6120 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
08:34:10.0734 5948 Deinitialize success



*****AdwCleaner[S1].txt*****


# AdwCleaner v2.104 - Logfile created 01/01/2013 at 08:36:32
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Administrator - JENN_DESKTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : IB Updater
Stopped & Deleted : IBUpdaterService

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Deleted on reboot : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Deleted on reboot : C:\Program Files\IB Updater
Deleted on reboot : C:\Program Files\incredibar.com
File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\incredibar.com
Folder Deleted : C:\Program Files\Perion
Folder Deleted : C:\Program Files\SelectRebates
Folder Deleted : C:\WINDOWS\system32\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\IB Updater
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar.com
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019866.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019866.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019866.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019866.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\Software\WNLT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://mystart.incredibar.com/mb185?a=6PQUlclSBF&i=26" ]
Deleted [l.35] : icon_url = "hxxp://mystart.incredibar.com/mb185/favicon.ico",
Deleted [l.38] : keyword = "mystart.incredibar.com/mb185",
Deleted [l.41] : search_url = "hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&search={searchTerms}&a=6PQUlclSB[...]
Deleted [l.1932] : urls_to_restore_on_startup = [ "hxxp://mystart.incredibar.com/mb185?a=6PQUlclSBF&i=26" ]

*************************

AdwCleaner[S1].txt - [10090 octets] - [01/01/2013 08:36:32]

########## EOF - C:\AdwCleaner[S1].txt - [10151 octets] ##########

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 PM

Posted 01 January 2013 - 12:42 PM

Are you running ESET thru a browser other than Internet Explorer. Alyhough it should work in others,sometimes it has to be.

Or

Some infections change settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.

FixNCR.reg

insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#7 mrrsmiley

mrrsmiley
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 01 January 2013 - 01:33 PM

Still no luck.
I downloaded the reg file, and uploaded to the infected pc. Then applied reg change.
Still can not run ESET. My second iexplorer window gives me a message of " 404. That’s an error. The requested URL /us/online-scanner-popup/ was not found on this server. That’s all we know."

If I try to run ESET straight from the desktop after getting the executable, I get the "is proxy configured?" message after the eula.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 PM

Posted 01 January 2013 - 04:09 PM

Hmmm try ...


Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.

Now check again.

or

open MSE and Go to Settings and click on Real Time and then uncheck the box at the top to disable real time. Click on Save to save the changes. It should not be necessary to reboot - you'll know if the MSE icon turns red and the MSE home page also gets a red border instead of the normal green one and says that MSE is not enabled and not protecting your system.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#9 mrrsmiley

mrrsmiley
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 01 January 2013 - 04:46 PM

Verified that no proxy is being used in IE.
Disabled MSE, still no success.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 PM

Posted 01 January 2013 - 05:00 PM

Uggh... Can you do this

Please run the F-Secure Online Scanner
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#11 mrrsmiley

mrrsmiley
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 01 January 2013 - 07:09 PM

Thanks for hanging with me boopme.

F-Secure wanted to uninstall MSE, so I let it while it ran.
After running, when I launched IE, F-Secure blocked something called "Deal Vault".
I am going to uninstall that if I can as it's unknown to the pc's owner.
I would like to get MSE back up on here at some point, but will wait till you give the go-ahead!

Here's the scan results from F-Secure.


Scanning Report
01 January 2013 14:25:33 - 15:12:54
Computer name: JENN_DESKTOP
Scanning type: Full scan
Target: C:\ D:\ + system + rootkits


--------------------------------------------------------------------------------

Result
No malware found




--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 114899
Not scanned: 2
Result:
Viruses: 0
Spyware: 0
Suspicious items: 0
Riskware: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Quarantined: 0
Failed: 0
Boot Sectors:
Scanned: 6
Infected: 0
Suspicious items: 0
Disinfected: 0
Files not scanned:
Cannot open file (click here for more info) C:\HIBERFIL.SYS
Cannot open file (click here for more info) C:\PAGEFILE.SYS


--------------------------------------------------------------------------------

Options
Definitions version:
Viruses: 2012-12-31_03
Spyware: 2012-12-31_03
Scanning Engines:
F-Secure Hydra: 5.05.7110, 2012-12-31
F-Secure Gemini: 3.02.110, 2012-12-07
F-Secure BlackLight: 1.00.68, 2009-09-22
Scanning options:
Scan defined files: ANI ASP AX BAT BIN BOO CHM CMD COM CPL DLL DOC DOT DRV EML EXE HLP HTA HTM HTML HTT INF INI JOB JS JSE LNK LSP MDB MHT MPP MPT MSG MSO OCX PDF PHP PIF POT PPT RTF SCR SHS SWF SYS TD0 VBE VBS VXD WBK WMA WMV WMF WSC WSF WSH WRI XLS XLT XML CLASS ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Scan inside archives
Actions:
Viruses: Ask after scan
Spyware: Ask after scan
Show suspicious items after a full scan

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 PM

Posted 01 January 2013 - 09:05 PM

The problem is they use Coupon searchers,
CouponXplorer Toolbar
Incredibar Toolbar on IE
ShopAtHome.com Toolbar
Deal Vault (Version: 1.24.151.151)

215 Apps developes a number of adware driven toolbar programs such as DropinSavings, Vid-Saver, Giant Savings, Savings Sidekick, etc.. If they need to keep them then they need to use a tool like MBAM weekly.

Or reinstall them and watch not to install the tool bars.
Re instal MSE.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#13 mrrsmiley

mrrsmiley
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 02 January 2013 - 09:17 AM

Thanks for the info. We'll address the coupon searchers.

Here's the latest.
Re-ran F-Secure for giggles, it found 1 virus (Gen:Variant.Graftor.61824). Let F-Secure fix it.
Uninstalled F-Secure, then installed MSE.
MSE still seeing Medfos.B.
Able to run ESET now, though, through IE.
Following are the ESET threat results if you're still willing to review!

ESET:
C:\Documents and Settings\HP_Administrator\Application Data\rvcas.dll a variant of Win32/Medfos.HK trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\HP_Administrator\Application Data\snhle.dll a variant of Win32/Medfos.HK trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DM\malwarebytes-anti-malware_049\software\Dealvault.exe Win32/Toolbar.CrossRider.B application cleaned by deleting - quarantined
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DM\malwarebytes-anti-malware_049\software\Incredibar2.exe Win32/OutBrowse.C application cleaned by deleting - quarantined
C:\hp\bin\wbug\HPPavillion_Spring06.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
C:\Program Files\CouponXplorer_5z\bar\1.bin\5zieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\Deal Vault\Deal Vault.dll a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
D:\I386\APPS\APP23722\src\CompaqPresario_Spring06.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
D:\I386\APPS\APP23722\src\HPPavillion_Spring06.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 PM

Posted 02 January 2013 - 03:28 PM

Reboot and see if MSE still sees Medfos.B

If so can you note the location...eg
C:\Documents and Settings\HP_Administrator\Application Data\rvcas.dll a variant of Win32/Medfos.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#15 mrrsmiley

mrrsmiley
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 03 January 2013 - 09:48 AM

It's looking good now boopme.

I rebooted and re-ran MSE with no malware etc. found.
The only oddity I note is on reboot a message of file not found "C:\Documents and Settings\HP_Administrator\Application Data\snhle.dll"
If that's not part of this medfos issue, I'll track some other route.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users