Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups & high virtual memory warnings.


  • This topic is locked This topic is locked
23 replies to this topic

#1 zombie_crow

zombie_crow

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 20 August 2011 - 07:42 PM

I am running windows XP & the latest version of Internet Explorer. IE will lock up after about 5 min. of use, I continually get pop-ups while surfing the web, & I get frequent low virtual memory notices from norton anti-virus. This has only recently started happening. I have ensured my norton is up to date. I have also run cws shredder & spybot s&d. These have not worked. Any ideas?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:15 AM

Posted 20 August 2011 - 07:59 PM

Hello and welcome..
Please run these,post the logs and update me on how its running,thanks.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware



Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.



Reboot to normal mode/
Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 zombie_crow

zombie_crow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 23 August 2011 - 11:14 PM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7548

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/23/2011 9:29:40 PM
mbam-log-2011-08-23 (21-29-40).txt

Scan type: Quick scan
Objects scanned: 189422
Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\play pickle\pptl.dll (PUP.Magoo) -> Delete on reboot.
c:\program files\play pickle\playpicklelib32.dll (PUP.Magoo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{02F0243C-2E71-4a1a-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PlayPickleText.Linker.1 (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\PlayPickleText.Linker (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\H8SRTd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\play pickle\pptl.dll (PUP.Magoo) -> Delete on reboot.
c:\program files\play pickle\playpicklelib32.dll (PUP.Magoo) -> Delete on reboot.
c:\documents and settings\all users\application data\sysreserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\h8srtwysqkvjlob.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/23/2011 at 11:54 PM

Application Version : 5.0.1118

Core Rules Database Version : 7595
Trace Rules Database Version: 5407

Scan type : Complete Scan
Total Scan Time : 01:05:16

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 618
Memory threats detected : 0
Registry items scanned : 41078
Registry threats detected : 8
File items scanned : 63908
File threats detected : 13

Rogue.Component/Trace
HKLM\Software\Microsoft\7A54D659
HKLM\Software\Microsoft\7A54D659#7a54d659
HKLM\Software\Microsoft\7A54D659#Version
HKLM\Software\Microsoft\7A54D659#7a547bd9
HKLM\Software\Microsoft\7A54D659#7a54123c

Adware.Gamevance
[Play Pickle] C:\PROGRAM FILES\PLAY PICKLE\PLAYPICKLE32.EXE
C:\PROGRAM FILES\PLAY PICKLE\PLAYPICKLE32.EXE
C:\Program Files\PLAY PICKLE\ars.cfg
C:\Program Files\PLAY PICKLE\ppun.exe
C:\Program Files\PLAY PICKLE
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@PLPICKLE.COM\COMPONENTS\PPTLF.DLL

Trojan.Agent/Gen-Alureon
HKU\.DEFAULT\Software\h8srt
HKU\S-1-5-18\Software\h8srt

Adware.MyWebSearch/FunWebProducts
ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS30.ZIP )/F3PSSAVR.SCR
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS30.ZIP
ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH20.ZIP )/BAR/1.BIN/F3PSSAVR.SCR
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH20.ZIP

Adware.MyWebSearch
ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH20.ZIP )/BAR/1.BIN/MWSOEMON.EXE
ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH38.ZIP )/BAR/1.BIN/MWSOEMON.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH38.ZIP

Adware.Tracking Cookie
media.ign.com [ C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\U832LUDH ]

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton 360
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:15 AM

Posted 24 August 2011 - 10:54 PM

Hello, I had to replace my NIC card so I could not get back on until now.

We need to run 2 more tools and see if there's any others as what was found indicates there may be.



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



ESET Online Scan
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 zombie_crow

zombie_crow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 25 August 2011 - 12:03 PM

The scan found no malicious software but here is the log:


2011/08/25 12:57:41.0984 5732 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/25 12:57:44.0015 5732 ================================================================================
2011/08/25 12:57:44.0015 5732 SystemInfo:
2011/08/25 12:57:44.0015 5732
2011/08/25 12:57:44.0015 5732 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/25 12:57:44.0015 5732 Product type: Workstation
2011/08/25 12:57:44.0015 5732 ComputerName: YOUR-4DACD0EA75
2011/08/25 12:57:44.0015 5732 UserName: HP_Administrator
2011/08/25 12:57:44.0015 5732 Windows directory: C:\WINDOWS
2011/08/25 12:57:44.0015 5732 System windows directory: C:\WINDOWS
2011/08/25 12:57:44.0015 5732 Processor architecture: Intel x86
2011/08/25 12:57:44.0015 5732 Number of processors: 2
2011/08/25 12:57:44.0015 5732 Page size: 0x1000
2011/08/25 12:57:44.0015 5732 Boot type: Normal boot
2011/08/25 12:57:44.0015 5732 ================================================================================
2011/08/25 12:57:52.0875 5732 Initialize success
2011/08/25 12:59:21.0125 4908 ================================================================================
2011/08/25 12:59:21.0125 4908 Scan started
2011/08/25 12:59:21.0125 4908 Mode: Manual;
2011/08/25 12:59:21.0125 4908 ================================================================================
2011/08/25 12:59:22.0921 4908 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/25 12:59:23.0046 4908 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/25 12:59:23.0578 4908 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/25 12:59:23.0984 4908 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/25 12:59:25.0015 4908 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/08/25 12:59:27.0968 4908 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
2011/08/25 12:59:28.0375 4908 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
2011/08/25 12:59:28.0515 4908 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
2011/08/25 12:59:28.0656 4908 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
2011/08/25 12:59:29.0218 4908 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/25 12:59:30.0046 4908 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
2011/08/25 12:59:30.0859 4908 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/25 12:59:31.0468 4908 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/25 12:59:31.0968 4908 ati2mtag (dd222ce49e79f15d2312a5e1f42e716e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/25 12:59:32.0406 4908 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/25 12:59:32.0515 4908 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/25 12:59:32.0656 4908 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
2011/08/25 12:59:32.0781 4908 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/25 12:59:33.0406 4908 BHDrvx86 (f7ff24bb7714247f27b615b3a7d8b132) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110812.001\BHDrvx86.sys
2011/08/25 12:59:33.0812 4908 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/25 12:59:33.0906 4908 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/25 12:59:34.0093 4908 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/25 12:59:34.0171 4908 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/25 12:59:34.0281 4908 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/08/25 12:59:34.0375 4908 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/25 12:59:35.0171 4908 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/25 12:59:35.0703 4908 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/25 12:59:35.0937 4908 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/25 12:59:36.0031 4908 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/25 12:59:36.0218 4908 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/25 12:59:36.0562 4908 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/25 12:59:36.0968 4908 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/08/25 12:59:37.0093 4908 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/25 12:59:37.0531 4908 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/25 12:59:37.0671 4908 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/25 12:59:37.0765 4908 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/25 12:59:37.0921 4908 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/25 12:59:38.0375 4908 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/25 12:59:38.0500 4908 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/25 12:59:38.0593 4908 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/25 12:59:39.0093 4908 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
2011/08/25 12:59:39.0593 4908 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/08/25 12:59:39.0750 4908 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/25 12:59:40.0015 4908 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/08/25 12:59:40.0312 4908 hamachi (d30b31375c40309425c21efe75db90bb) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/08/25 12:59:40.0531 4908 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/25 12:59:40.0953 4908 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/25 12:59:41.0859 4908 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/25 12:59:42.0453 4908 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/25 12:59:42.0906 4908 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/25 12:59:43.0468 4908 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/25 12:59:45.0765 4908 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/25 12:59:46.0640 4908 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/08/25 12:59:48.0015 4908 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110822.031\IDSxpx86.sys
2011/08/25 12:59:48.0640 4908 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/25 12:59:50.0531 4908 IntcAzAudAddService (27b220620a480e54bf57e4750ca9b65f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/25 12:59:53.0687 4908 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/25 12:59:54.0437 4908 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/25 12:59:55.0171 4908 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/25 12:59:56.0015 4908 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/25 12:59:56.0703 4908 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/25 12:59:58.0000 4908 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/25 12:59:58.0968 4908 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/25 12:59:59.0984 4908 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/25 13:00:00.0468 4908 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/25 13:00:00.0859 4908 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/25 13:00:01.0078 4908 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/25 13:00:01.0828 4908 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/25 13:00:02.0250 4908 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/25 13:00:02.0968 4908 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/08/25 13:00:03.0390 4908 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/08/25 13:00:03.0828 4908 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/25 13:00:04.0171 4908 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/25 13:00:04.0687 4908 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/25 13:00:05.0015 4908 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/25 13:00:05.0296 4908 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/25 13:00:06.0625 4908 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/25 13:00:07.0937 4908 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/25 13:00:08.0781 4908 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/25 13:00:09.0468 4908 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/25 13:00:09.0859 4908 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/25 13:00:10.0187 4908 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/25 13:00:10.0609 4908 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/25 13:00:11.0156 4908 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/25 13:00:12.0203 4908 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/25 13:00:12.0609 4908 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/25 13:00:13.0531 4908 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110824.050\NAVENG.SYS
2011/08/25 13:00:13.0750 4908 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110824.050\NAVEX15.SYS
2011/08/25 13:00:14.0171 4908 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/25 13:00:14.0234 4908 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/25 13:00:14.0328 4908 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/25 13:00:14.0406 4908 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/25 13:00:14.0500 4908 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/25 13:00:14.0609 4908 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/25 13:00:15.0062 4908 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/25 13:00:15.0187 4908 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/25 13:00:15.0312 4908 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/25 13:00:15.0421 4908 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/25 13:00:15.0578 4908 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/25 13:00:15.0750 4908 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/25 13:00:15.0953 4908 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/25 13:00:16.0156 4908 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/25 13:00:16.0250 4908 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/25 13:00:16.0531 4908 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/25 13:00:16.0781 4908 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/25 13:00:17.0000 4908 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/25 13:00:17.0406 4908 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/25 13:00:17.0531 4908 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/25 13:00:17.0671 4908 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/25 13:00:17.0859 4908 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\penclass.sys
2011/08/25 13:00:18.0062 4908 PID_0928 (5bd2c6d982481d548107c602e7ccfbbc) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
2011/08/25 13:00:18.0218 4908 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/25 13:00:18.0328 4908 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/08/25 13:00:18.0500 4908 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/25 13:00:18.0609 4908 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/25 13:00:18.0703 4908 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/25 13:00:19.0046 4908 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/25 13:00:19.0109 4908 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/25 13:00:19.0250 4908 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/25 13:00:19.0296 4908 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/25 13:00:19.0359 4908 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/25 13:00:19.0406 4908 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/25 13:00:19.0484 4908 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/25 13:00:19.0578 4908 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/25 13:00:19.0656 4908 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/25 13:00:19.0812 4908 RTL8023xp (eacd871fdbe85393d112782896c2d7dd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/08/25 13:00:19.0875 4908 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/08/25 13:00:20.0015 4908 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/25 13:00:20.0078 4908 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/25 13:00:20.0250 4908 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/25 13:00:20.0343 4908 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/25 13:00:20.0453 4908 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/25 13:00:20.0609 4908 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/25 13:00:20.0718 4908 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/08/25 13:00:20.0937 4908 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/25 13:00:21.0046 4908 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/25 13:00:21.0218 4908 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
2011/08/25 13:00:21.0312 4908 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
2011/08/25 13:00:21.0406 4908 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/25 13:00:21.0515 4908 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/25 13:00:21.0687 4908 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/25 13:00:21.0781 4908 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/25 13:00:21.0984 4908 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
2011/08/25 13:00:22.0218 4908 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
2011/08/25 13:00:22.0515 4908 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/08/25 13:00:22.0656 4908 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
2011/08/25 13:00:22.0796 4908 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS
2011/08/25 13:00:22.0953 4908 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/25 13:00:23.0046 4908 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/25 13:00:23.0093 4908 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/25 13:00:23.0140 4908 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/25 13:00:23.0187 4908 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/25 13:00:23.0437 4908 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/25 13:00:23.0687 4908 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/25 13:00:23.0921 4908 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/25 13:00:24.0140 4908 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/25 13:00:24.0484 4908 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/25 13:00:24.0593 4908 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/25 13:00:24.0687 4908 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/25 13:00:24.0828 4908 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/25 13:00:25.0062 4908 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/25 13:00:25.0203 4908 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/25 13:00:25.0312 4908 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/25 13:00:25.0546 4908 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/25 13:00:25.0796 4908 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/25 13:00:25.0875 4908 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/25 13:00:26.0109 4908 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/25 13:00:26.0500 4908 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/25 13:00:26.0921 4908 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/08/25 13:00:27.0437 4908 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/08/25 13:00:28.0343 4908 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/08/25 13:00:28.0531 4908 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/08/25 13:00:28.0687 4908 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/25 13:00:28.0921 4908 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/25 13:00:29.0046 4908 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
2011/08/25 13:00:29.0156 4908 Boot (0x1200) (b976359df8be409e597c5b0c3ddd1789) \Device\Harddisk0\DR0\Partition0
2011/08/25 13:00:29.0171 4908 Boot (0x1200) (97c11dcfd5827e76db9eaca593da9123) \Device\Harddisk0\DR0\Partition1
2011/08/25 13:00:29.0187 4908 ================================================================================
2011/08/25 13:00:29.0187 4908 Scan finished
2011/08/25 13:00:29.0187 4908 ================================================================================
2011/08/25 13:00:29.0218 5424 Detected object count: 0
2011/08/25 13:00:29.0218 5424 Actual detected object count: 0

#6 zombie_crow

zombie_crow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 25 August 2011 - 12:14 PM

When trying to download the virus signature database through ESET I receive the message: "CANNOT UPDATE. IS PROXY CONFIGURED?".

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:15 AM

Posted 25 August 2011 - 12:36 PM

Try an alternate.

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 zombie_crow

zombie_crow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 30 August 2011 - 04:12 AM

Sorry it has taken me so long to reply back. When I tried to access BitDefender it would not begin the scan.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:15 AM

Posted 30 August 2011 - 08:24 PM

No problem, was busy myself today.
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Try MBAM again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 zombie_crow

zombie_crow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 08 September 2011 - 07:17 PM

exeHelper by Raktor
Build 20100414
Run at 20:15:24 on 09/08/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

#11 zombie_crow

zombie_crow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 08 September 2011 - 07:44 PM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7680

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/8/2011 8:26:33 PM
mbam-log-2011-09-08 (20-26-32).txt

Scan type: Quick scan
Objects scanned: 192540
Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:15 AM

Posted 08 September 2011 - 08:51 PM

Are you still redirecting??

IF so ... Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 zombie_crow

zombie_crow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 09 September 2011 - 04:32 AM

No, I do not use Firefox. I am not redirecting anymore, but I still get the high memory usage warning causing my browser to lock-up when I am online. I have bring up Windows Task Manager to end iexplorer.exe to free up memory during a lock-up I notice that I have four iexplorer.exe listed in the pane. Is this normal? Here is the Mini Toolbox Log file:

MiniToolBox by Farbar
Ran by HP_Administrator (administrator) on 09-09-2011 at 05:22:49
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: :0

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "localhost,*.local"

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : your-4dacd0ea75

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.pa.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.pa.comcast.net.

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-14-2A-B7-A0-45

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.87.75.198

68.87.64.150

Lease Obtained. . . . . . . . . . : Friday, September 09, 2011 5:17:33 AM

Lease Expires . . . . . . . . . . : Saturday, September 10, 2011 5:17:33 AM

Server: cns.summitpark.pa.pitt.comcast.net
Address: 68.87.75.198

Name: google.com
Addresses: 74.125.113.105, 74.125.113.147, 74.125.113.104, 74.125.113.99
74.125.113.103, 74.125.113.106



Pinging google.com [74.125.113.147] with 32 bytes of data:



Reply from 74.125.113.147: bytes=32 time=39ms TTL=48

Reply from 74.125.113.147: bytes=32 time=40ms TTL=48



Ping statistics for 74.125.113.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 39ms, Maximum = 40ms, Average = 39ms

Server: cns.summitpark.pa.pitt.comcast.net
Address: 68.87.75.198

Name: yahoo.com
Addresses: 209.191.122.70, 67.195.160.76, 69.147.125.65, 72.30.2.43
98.137.149.56



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=58ms TTL=49

Reply from 209.191.122.70: bytes=32 time=55ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 55ms, Maximum = 58ms, Average = 56ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 14 2a b7 a0 45 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.101 192.168.1.101 20
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 20
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 20
224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 20
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/01/2011 05:23:01 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msxml3.dll, version 8.100.1052.0, fault address 0x000337c5.
Processing media-specific event for [iexplore.exe!ws!]

Error: (08/31/2011 07:00:24 PM) (Source: Application Error) (User: )
Description: Fault bucket 514885794.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/31/2011 06:39:24 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x0000001b.
Processing media-specific event for [iexplore.exe!ws!]

Error: (08/31/2011 06:23:18 PM) (Source: Application Error) (User: )
Description: Fault bucket -1706219451.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/31/2011 06:23:04 PM) (Source: Application Error) (User: )
Description: Faulting application flashutil10t_activex.exe, version 10.3.181.26, faulting module d.tmp, version 10.3.181.26, fault address 0x0000c118.
Processing media-specific event for [flashutil10t_activex.exe!ws!]

Error: (08/29/2011 06:02:36 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/29/2011 05:50:54 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19120, fault address 0x00067b98.
Processing media-specific event for [iexplore.exe!ws!]

Error: (08/29/2011 05:48:44 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19120, fault address 0x00067b98.
Processing media-specific event for [iexplore.exe!ws!]

Error: (08/20/2011 08:53:09 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19120, fault address 0x00067b98.
Processing media-specific event for [iexplore.exe!ws!]

Error: (08/15/2011 07:28:27 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (09/08/2011 08:03:04 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/08/2011 08:02:46 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/08/2011 08:02:33 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/08/2011 08:02:28 PM) (Source: Service Control Manager) (User: )
Description: The Comcast AntiSpyware service terminated unexpectedly. It has done this 1 time(s).

Error: (09/05/2011 10:29:27 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/05/2011 10:29:16 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/05/2011 10:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/05/2011 10:29:02 PM) (Source: Service Control Manager) (User: )
Description: The Comcast AntiSpyware service terminated unexpectedly. It has done this 1 time(s).

Error: (09/05/2011 10:27:41 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the ARSVC service.

Error: (09/02/2011 04:39:13 PM) (Source: Service Control Manager) (User: )
Description: The Comcast AntiSpyware service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (11/12/2008 07:12:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4823 seconds with 480 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

2100 (Version: 50.0.206.000)
2100_Help (Version: 50.0.206.000)
2100Tour (Version: 50.0.206.000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe Acrobat 7.0 Professional (Version: 7.0.0)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Illustrator CS (Version: 11)
Adobe Photoshop CS (Version: CS)
Adobe Reader 9.4.5 (Version: 9.4.5)
Adobe Shockwave Player (Version: 11)
Adobe SVG Viewer 3.0 (Version: 3.0)
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan (Version: 50.0.206.000)
AiO_Scan_CDA (Version: 50.0.214.000)
AiOSoftware (Version: 50.0.206.000)
AiOSoftwareNPI (Version: 50.0.214.000)
AnswerWorks Runtime
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ATI Control Panel (Version: 6.14.10.5186)
ATI Display Driver (Version: 8.25-060404a1-032740C-HP)
AutoCAD 2008 - English (Version: 17.1.51.0)
Autodesk DWF Viewer 7 (Version: 7.2.0)
Autodesk Map 5 (Version: 5.0.025.0)
AutoUpdate (Version: 1.1)
AXIS Media Control Embedded
Barbie™ as Rapunzel
Bonjour (Version: 3.0.0.2)
BufferChm (Version: 53.0.13.000)
CA Pest Patrol Realtime Protection (Version: 001.001.0034)
Call of Duty® 4 - Modern Warfare™ 1.4 Patch
CameraDrivers (Version: 5.0.0.290)
CameraDrivers (Version: 5.0.0.328)
CCleaner (Version: 2.30)
CDisplay 1.8
Comcast Desktop Software (v1.2.0.9) (Version: 23)
Comcast High-Speed Internet Install Wizard
Comcast Toolbar 3.0
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
CP_AtenaShokunin1Config (Version: 53.0.13.000)
CP_CalendarTemplates1 (Version: 53.0.13.000)
cp_LightScribeConfig (Version: 53.0.24.000)
cp_LightScribePlugin (Version: 53.0.24.000)
CP_Package_Basic1 (Version: 53.0.13.000)
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
CP_Panorama1Config (Version: 53.0.13.000)
CueTour (Version: 53.0.13.000)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)
Desktop Doctor (Version: 2.5.5)
Destinations (Version: 53.0.13.000)
DeviceManagementQFolder (Version: 1.00.0000)
DISCover (Version: 3.21)
DivX Codec (Version: 6.6.1)
DivX Content Uploader (Version: 1.2.1)
DivX Converter (Version: 6.2.1)
DivX Player (Version: 6.4.3)
DivX Web Player (Version: 1.3.1)
DocProc (Version: 5.2.0.0)
DocumentViewer (Version: 53.0.13.000)
DocumentViewerQFolder (Version: 1.00.0000)
Easy Internet Sign-up (Version: FE UI-4.1.0.1680)
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
EVEREST Home Edition v2.20 (Version: 2.20)
Fax (Version: 50.0.206.000)
Fax_CDA (Version: 50.0.214.000)
Garmin City Navigator North America NT 2010.10 Update (Version: 13.0.0.0)
Garmin USB Drivers (Version: 1.0.0.0)
Garmin WebUpdater (Version: 2.4.2)
GdiplusUpgrade (Version: 1.00.01)
GearDrvs (Version: 5.0.0.2)
GemMaster Mystic
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.65)
Greetings Workshop
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
HP Deskjet Printer Preload (Version: 10.1.0)
HP DigitalMedia Archive (Version: 1.2)
HP Document Viewer 5.3 (Version: 5.3)
HP Image Zone 5.3 (Version: 5.3)
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3 (Version: 5.3)
HP Photosmart 330,380,420,470,7800,8000,8200 Series (Version: 8.1)
HP Photosmart Cameras 5.0 (Version: 5.0)
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Software Update (Version: 3.0.6.002)
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3)
HPProductAssistant (Version: 53.0.13.000)
HpSdpAppCoreApp (Version: 3.00.0000)
InstantShareDevices (Version: 53.0.13.000)
InterVideo WinDVD Player
InterVideo WinDVD Player (Version: 5.0-B11.896)
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
LightScribe 1.4.52.1 (Version: 1.4.52.1)
Logitech Desktop Messenger
Logitech QuickCam Software (Version: 8.47.0000)
Logitech® Camera Driver
LSI PCI-SV92PP Soft Modem (Version: 2.2.98)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Away Mode (Version: 6.0.0160.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005 (Version: 14)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Windows Media Video 9 VCM
Microsoft Works (Version: 08.04.0623)
MobileMe Control Panel (Version: 3.1.1.0)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
muvee autoProducer 4.5 (Version: 4.50.050)
muvee autoProducer unPlugged 1.2 (Version: 1.20.100)
My Little Pony
Netflix Movie Viewer (Version: 1.2.211)
Network Play System (Patching)
NewCopy (Version: 50.0.206.000)
NewCopy_CDA (Version: 50.0.214.000)
Norton 360 (Version: 5.1.0.29)
PanoStandAlone (Version: 53.0.13.000)
PC-Doctor 5 for Windows (Version: 5.00.3187.03)
PC Pitstop Driver Alert 1.0.0.13 (Version: 1.0.0.13)
Pen Tablet (Version: 4.78)
PhotoGallery (Version: 53.0.13.000)
ProductContext (Version: 50.0.206.000)
PS2
PSPrinters08 (Version: 8.01.0000)
PSTAPlugin (Version: 8.01.0000)
PureEdge Viewer 6.5
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
Quicken 2006 (Version: 15.1.1.29)
QuickTime (Version: 7.70.80.34)
RandMap (Version: 53.0.13.000)
Readme (Version: 50.0.214.000)
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0 (Version: 1.0.0)
Remove IntelliMover Demo
Scan (Version: 5.2.0.0)
ScannerCopy (Version: 5.2.0.0)
Scholastic's I SPY Spooky Mansion
SkinsHP1 (Version: 53.0.13.000)
SolutionCenter (Version: 50.0.152.000)
Sonic Express Labeler (Version: 2.1.0)
Sonic MyDVD Plus (Version: 6.2.0)
Sonic RecordNow Audio (Version: 2.0.4)
Sonic RecordNow Copy (Version: 2.0.4)
Sonic RecordNow Data (Version: 2.0.4)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 53.0.13.000)
Sony Picture Utility (Version: 2.0.05.12060)
Sony USB Driver (Version: 2.00)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.1 (Version: 4.1.0)
Status (Version: 53.0.13.000)
steelers_2008 Screen Saver
SUPERAntiSpyware (Version: 5.0.1118)
The Game Of Life
The Sims Vacation
The Weather Channel Desktop 6
Thomas & Friends - The Great Festival Adventure
TrayApp (Version: 53.0.13.000)
Unload (Version: 5.0.0)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VBA (2627.01) (Version: 6.03.00.9402)
VideoCam Suite (Version: 1.00.000)
VideoCam Suite 1.0 (Version: 1.00.019.0009)
Virtools 3D Life Player (Version: 4.0.0.x)
Volo View Express
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (Version: 03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061017.133151)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live installer (Version: 12.0.1471.1025)
Windows Live Messenger (Version: 8.5.1302.1018)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinZip 12.0 (Version: 12.0.8252)
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 76%
Total physical RAM: 959.36 MB
Available physical RAM: 229.52 MB
Total Pagefile: 2312.79 MB
Available Pagefile: 1624.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1992.5 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:177.79 GB) (Free:125.99 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.5 GB) (Free:1.11 GB) FAT32
3 Drive e: (Rapunzel) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\YOUR-4DACD0EA75

Administrator Guest HelpAssistant
HP_Administrator SUPPORT_388945a0 SUPPORT_fddfa904

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini052710-01.dmp

**** End of log ****

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:15 AM

Posted 09 September 2011 - 12:19 PM

Lets look for rootkits.
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 zombie_crow

zombie_crow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 09 September 2011 - 08:14 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-09 21:11:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD2000JD-60KLB0 rev.08.05J08
Running: voeed0m1.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kwxdafod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users