Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/sirefef.ac and win32/sirefef.ah please help clear it


  • Please log in to reply
9 replies to this topic

#1 markp

markp

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 21 April 2012 - 02:42 AM

Microsoft essentials found the AH first and shortly after that the AC popped up also. It is a redirect trojan. Says it is cleared, and then comes back. running malaware now to see if it will clear it. thanks for your help again.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:49 PM

Posted 21 April 2012 - 12:32 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 markp

markp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 22 April 2012 - 01:32 PM

Thanks for the directions. since downloading the programs and going through the process, the redirect has dimished (don't know if it has stopped). Microsoft essentials still pops up occasionally saying it has found the win32/sirefef etc.

RESULTS:

securitycheck

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
a-squared Free 3.5
Microsoft Security Essentials
Antivirus out of date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Out of date HijackThis installed!
AOL Spyware Protection
SUPERAntiSpyware
HijackThis 1.99.1
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player ( 10.1.102.64) Flash Player Out of Date!
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

FSS

Farbar Service Scanner Version: 16-04-2012
Ran by MARK (administrator) on 21-04-2012 at 14:17:20
Running from "C:\Documents and Settings\MARK\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2006-02-15 10:02] - [2008-10-16 10:43] - 0138496 ____A (Microsoft Corporation) 7618D5218F2A614672EC61A80D854A37

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) FW1(14) Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(8) Tcpip(3)
0x0E000000040000000100000002000000030000005600000005000000060000000700000008000000090000000B0000000C0000000D0000000E000000
IpSec Tag value is correct.

**** End of log ****


MiniToolBox

MiniToolBox by Farbar Version: 18-01-2012
Ran by MARK (administrator) on 21-04-2012 at 14:21:17
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Media disconnected)
PdaNet Broadband Adapter = PdaNet Broadband Connection (Media disconnected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.


Windows IP Configuration



Host Name . . . . . . . . . . . . : TOSHIBA

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.tn.comcast.net.



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : hsd1.tn.comcast.net.

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-13-02-1C-15-25

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.104

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

Lease Obtained. . . . . . . . . . : Saturday, April 21, 2012 13:48:06

Lease Expires . . . . . . . . . . : Sunday, April 22, 2012 13:48:06



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-A0-D1-36-BE-0F



Ethernet adapter PdaNet Broadband Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : PdaNet Broadband Adapter

Physical Address. . . . . . . . . : 00-26-37-BD-39-42



Ethernet adapter {D3680E17-A9A4-4EBA-8F94-A000DB29BA4C}:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Check Point Virtual Network Adapter For SecureClient - SecuRemote Miniport

Physical Address. . . . . . . . . : 54-3E-BA-11-11-0A



Pinging google.com [74.125.130.101] with 32 bytes of data:



Reply from 74.125.130.101: bytes=32 time=25ms TTL=46

Reply from 74.125.130.101: bytes=32 time=21ms TTL=46



Ping statistics for 74.125.130.101:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 25ms, Average = 23ms



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=156ms TTL=50

Reply from 98.139.183.24: bytes=32 time=95ms TTL=50



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 95ms, Maximum = 156ms, Average = 125ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 02 1c 15 25 ...... Intel® PRO/Wireless 3945ABG Network Connection - SecuRemote Miniport
0x3 ...00 a0 d1 36 be 0f ...... Intel® PRO/100 VE Network Connection - SecuRemote Miniport
0x4 ...00 26 37 bd 39 42 ...... PdaNet Broadband Adapter - SecuRemote Miniport
0x5 ...54 3e ba 11 11 0a ...... Check Point Virtual Network Adapter For SecureClient - SecuRemote Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.104 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.104 192.168.0.104 25
192.168.0.104 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.104 192.168.0.104 25
224.0.0.0 240.0.0.0 192.168.0.104 192.168.0.104 25
255.255.255.255 255.255.255.255 192.168.0.104 5 1
255.255.255.255 255.255.255.255 192.168.0.104 192.168.0.104 1
255.255.255.255 255.255.255.255 192.168.0.104 3 1
255.255.255.255 255.255.255.255 192.168.0.104 4 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 C:\PROGRA~1\SPEEDB~1\sblsp.dll [268552] (Speedbit Ltd.)
Catalog9 02 C:\PROGRA~1\SPEEDB~1\sblsp.dll [268552] (Speedbit Ltd.)
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
Catalog9 30 mswsock.dll [File Not found] ()
Catalog9 31 mswsock.dll [File Not found] ()
Catalog9 32 mswsock.dll [File Not found] ()
Catalog9 33 mswsock.dll [File Not found] ()
Catalog9 34 mswsock.dll [File Not found] ()
Catalog9 35 mswsock.dll [File Not found] ()
Catalog9 36 mswsock.dll [File Not found] ()
Catalog9 37 mswsock.dll [File Not found] ()
Catalog9 38 mswsock.dll [File Not found] ()
Catalog9 39 mswsock.dll [File Not found] ()
Catalog9 40 mswsock.dll [File Not found] ()
Catalog9 41 mswsock.dll [File Not found] ()
Catalog9 42 mswsock.dll [File Not found] ()
Catalog9 43 mswsock.dll [File Not found] ()
Catalog9 44 mswsock.dll [File Not found] ()
Catalog9 45 mswsock.dll [File Not found] ()
Catalog9 46 mswsock.dll [File Not found] ()
Catalog9 47 mswsock.dll [File Not found] ()
Catalog9 48 C:\PROGRA~1\SPEEDB~1\sblsp.dll [268552] (Speedbit Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/21/2012 01:32:06 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.

Error: (04/21/2012 01:22:36 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.

Error: (04/21/2012 00:41:35 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.

Error: (04/21/2012 11:15:24 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.

Error: (04/21/2012 11:12:48 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.

Error: (04/21/2012 11:09:32 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.

Error: (04/21/2012 11:07:35 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.

Error: (04/21/2012 11:06:23 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.

Error: (04/21/2012 10:44:18 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.

Error: (04/21/2012 10:27:26 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.


System errors:
=============
Error: (04/21/2012 00:24:11 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/21/2012 00:03:11 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/21/2012 10:10:18 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/21/2012 09:27:39 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/21/2012 09:25:48 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/21/2012 09:25:48 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/21/2012 02:41:59 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/21/2012 01:39:15 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/21/2012 01:39:14 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (04/21/2012 01:39:14 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127


Microsoft Office Sessions:
=========================
Error: (04/21/2012 01:32:06 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (04/21/2012 01:22:36 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (04/21/2012 00:41:35 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (04/21/2012 11:15:24 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (04/21/2012 11:12:48 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (04/21/2012 11:09:32 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (04/21/2012 11:07:35 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (04/21/2012 11:06:23 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (04/21/2012 10:44:18 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (04/21/2012 10:27:26 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Word 2000 SR-1 -- Error 1706. No valid source could be found for product Microsoft Word 2000 SR-1. The Windows installer cannot continue.(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.1)
a-squared Free 3.5 (Version: 3.5)
Ad-Aware (Version: 7.1.0.7)
Adobe Flash Player 10 Plugin (Version: 10.1.102.64)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Altysoft Free Video Converter 2.6
Amazing Slow Downer (remove only)
AnyDVD
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Spyware Protection (Version: 1.0.76)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support (Version: 1.0.0.86)
Apple Software Update (Version: 2.0.0.21)
ArcSoft Panorama Maker 3
Ask Toolbar (Version: 1.12.2.0)
aTube Catcher (Version: 2.3.570)
AVS Audio CD Creator version 3.8
AVS Audio CD Grabber version 4.1
AVS Audio Converter version 5.1
AVS Audio Recorder version 3.8
AVS DVD Copy version 1.4
AVS DVDMenu Editor 1.2.1.19
AVS Video Converter 5.6
AVS Video Editor 3.5
AVS4YOU Software Navigator 1.2
BB FlashBack (Version: 1.5.2.137)
Best Buy Digital Music Store
Bing Bar (Version: 5.0.1449.0)
Bing Bar Platform (Version: 5.0.1449.0)
Bluetooth Stack for Windows by Toshiba (Version: v4.00.23(T))
Brother P-touch Editor 4.2 (Version: 4.2.012)
BufferChm (Version: 130.0.331.000)
Canon CanoScan Toolbox 4.1
CD/DVD Drive Acoustic Silencer (Version: 1.00.008)
Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2 (Version: 1.00.0000)
Cisco Connect (Version: 1.2.10218.1)
ClearAllHistory (Version: 6.1)
Coupon Printer for Windows (Version: 5.0.0.0)
Critical Update for Windows Media Player 11 (KB959772)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
Dolet Light for Finale 2005 (Version: 1.5.1)
Download Updater (AOL LLC)
Driver Installer (Version: 2.2.0.536)
DVD-CLONER V6.50 Build 983 (Version: 6.50.0.983)
DVD-RAM Driver (Version: 5.0.2.5)
DVD Audio Extractor 3.1.0 (Version: 3.1.0)
DVD Shrink 3.2
DVDSmith Movie Backup 1.0.5
EPSON NX410 Series Printer Uninstall
EPSON Printer Software
EPSON Scan
ESET Online Scanner v3
ExpertGPS 3.03 (Version: 3.03)
FastStone Image Viewer 3.9 (Version: 3.9)
Finale 2005a
Finale Performance Assessment
FLV Player 1.3.3
Free Audio CD Burner version 1.2
FREE Hi-Q Recorder 1.92
Free Video to MP3 Converter version 3.2
Free YouTube Download 2.3
Free YouTube to MP3 Converter version 3.2
Freeware PDF Unlocker (Version: 1.0.4)
Garmin BaseCamp (Version: 3.3.2)
Garmin Communicator Plugin (Version: 4.0.1)
Garmin Trip and Waypoint Manager v5 (Version: 5.0.0.0)
Garmin USB Drivers (Version: 1.0.0.0)
Garmin USB Drivers (Version: 2.3.0.0)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.111)
Google Updater (Version: 2.4.2432.1652)
GPBaseService2 (Version: 130.0.371.000)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HijackThis 1.99.1 (Version: 1.99.1)
History Audit (Version: 4.0)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photo Creations (Version: 1.0.0.3341)
HP Photosmart Plus B210 series Basic Device Software (Version: 22.0.334.0)
HP Photosmart Plus B210 series Help (Version: 140.0.54.54)
HP Photosmart Plus B210 series Product Improvement Study (Version: 22.0.334.0)
hp photosmart printer series (Remove only)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.002.005.003)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
IDXWebFrameworkControls (Version: 5.02.009)
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software (Version: 10.01.0000)
InterVideo WinDVD Creator 2 (Version: 2.0.14.376)
InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.533)
iPod for Windows 2005-06-26 (Version: 3.8.0)
iTunes (Version: 7.3.0.54)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
LiveReg (Symantec Corporation) (Version: 2.1.5.1502)
LiveUpdate 1.80 (Symantec Corporation) (Version: 1.80.19.0)
Macromedia Flash Player 8 (Version: 8.0.22.0)
Magic DVD Copier Version 4.9.2
MAGIX audio cleaning lab 10 (Version: 6.0.1.0)
MAGIX Media Manager 2004 silver (Version: 2.0.7.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Manual CanoScan LiDE 50
MarketResearch (Version: 130.0.374.000)
mCore (Version: 5.40.0000)
mDrWiFi (Version: 5.40.0000)
Melodyne 3.1 Demo (Version: 3.1.0009)
Melodyne Runtime 4.0 (x86) (Version: 1.0.0)
Melodyne singletrack (Version: 1.02.0029)
MergeModules (Version: 1.0.0)
Metamail (Toshiba Registration Utility) (Version: 4.5)
mHelp (Version: 5.40.0000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft ActiveSync (Version: 4.5.5096.0)
Microsoft Antimalware (Version: 3.0.8107.0)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.1.55.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Search Enhancement Pack (Version: 3.0.126.0)
Microsoft Security Client (Version: 2.0.0657.0)
Microsoft Security Essentials (Version: 2.0.657.0)
Microsoft Silverlight (Version: 4.0.50917.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft WinUsb 1.0
Microsoft Word 2000 SR-1 (Version: 9.00.3821)
Microsoft Works 4.5
Microsoft Works Setup Launcher
Microsoft XML Parser (Version: 8.0.7820.0)
mIWA (Version: 5.40.0000)
mLogView (Version: 5.40.0000)
mMHouse (Version: 5.40.0000)
MotoConnect 1.1.31 (Version: 1.1.31)
Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1)
Move Media Player
MPEG2 Codec(libmpeg2/mad)
mPfMgr (Version: 5.40.0000)
mPfWiz (Version: 5.40.0000)
mProSafe (Version: 9.00.0000)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Music Transfer (Version: 1.3.01.13160)
mWlsSafe (Version: 9.00.0000)
mXML (Version: 5.40.0000)
MyConnect Special Offer (Version: 1.1.0)
MyDefrag v4.3.1 (Version: 4.0.0.0)
MyFonts Order M1488242 (Version: 1.0)
mZConfig (Version: 5.40.0000)
Nero 6 Enterprise Edition
Nokia Connectivity Adapter Cable DKU-5
Office 2003 Trial Assistant (Version: 1.0.0)
OJOsoft Audio Converter (Version: 2.7.3.1204)
OmniPage SE (Version: 11.00.0001)
Otto
Palm Desktop
PdaNet for Android 2.45
PDF Producer
Picasa 3 (Version: 3.8)
Picture Resize Genius 2.5.2
Power Tab Editor 1.7 (Version: 1.7.0)
PowerDVD
Presto! PageManager 6.03
Primo (Version: 1.00.0000)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
Pure Networks Port Magic (Version: 1.2.1393.0)
QuickTime (Version: 7.1.6.200)
RealNetworks - Microsoft Visual C++ 2005 Runtime (Version: 8.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 2.02)
RealUpgrade 1.1 (Version: 1.1.0)
Registry Healer 4.3.0 uninstall (Version: 4.3.0)
Replay Converter 2.10
Replay Radio and Replay A/V 7
Rhapsody
roguescanfix 1.5
Runtime (Version: 1.00.0000)
SCRABBLE (Version: WT004725)
SD Secure Module (Version: 1.0.3)
SmartWebPrinting (Version: 130.0.373.000)
SnagIt 8 (Version: 8.2.2)
SolutionCenter (Version: 130.0.373.000)
Sonic DLA (Version: 5.2.0)
Sonic Encoders (Version: 1.00)
Sonic RecordNow! (Version: 7.31)
Sony Picture Utility (Version: 4.2.11.14260)
SoundTap Streaming Audio Recorder
Status (Version: 130.0.373.000)
Stomp RecordNow MAX (Version: 3.03)
StuffIt 11 (Version: 11.0)
SUPERAntiSpyware (Version: 4.44.1000)
Synaptics Pointing Device Driver (Version: 8.2.9.0)
TeamViewer 5 (Version: 5.0.7572 )
TEFView 2.64
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 1.16.0000)
THOMSON mp3PRO Audio Player
TIPCI (Version: 1.16.0000)
TMPGEnc DVD Author 2.0 (Version: 2.1.9.90)
TOSHIBA Assist
TOSHIBA ConfigFree (Version: 5.90.05)
TOSHIBA Controls
TOSHIBA Game Console
TOSHIBA Hotkey Utility (Version: 1.00.01ST)
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver (Version: 7.03.07.I)
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem (Version: 2.1.62 (SM2162ALD04))
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility (Version: 1.00.01ST)
TOSHIBA Utilities (Version: 1.00.07ST)
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Total Commander (Remove or Repair)
TouchWorks Web Controls (Version: 10.23.0021)
TrayApp (Version: 130.0.376.000)
TuxGuitar 1.2
TweakNow PowerPack 2006 Professional (Version: v1.1.4)
Ultimate DVD Player (remove only)
Uninstall 1.0.0.1
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
VERITAS StorageGuard (Version: 2.61.0)
Video Converter 3 (Version: 3.1.19.1214b)
Vidira ClearerZoom (Version: 1.00.0000)
Viewpoint Media Player
WebEx
WebFldrs XP (Version: 9.50.7523)
WebXContextlets (Version: 1.00.0000)
Winamp (Version: 5.531 )
Window Washer
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPcap 3.1 (Version: 3.1.0.27)
Works Suite OS Pack (Version: 1.0.0.0000)
WOT for Internet Explorer (Version: 10.12.20.0)
WYO Home Inventory 4.15 (Version: 4.15)
XviD MPEG-4 Codec
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
ZC Video Converter 1.2.1

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 3061.98 MB
Available physical RAM: 1795.38 MB
Total Pagefile: 5967.94 MB
Available Pagefile: 4816.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.85 MB

========================= Partitions: =====================================

1 Drive c: (SQ004033P03) (Fixed) (Total:42.19 GB) (Free:5.35 GB) NTFS
3 Drive e: () (Fixed) (Total:50.73 GB) (Free:16.55 GB) NTFS

========================= Users: ========================================

User accounts for \\TOSHIBA

Administrator ASPNET Guest
HelpAssistant MARK SUPPORT_388945a0


**** End of log ****


MBAM

This program ran for 10 hours on the quick scan and then seemed to be stuck in a small loop, so I stopped it and this is the log. (I tried to run it again to see if it would be complete but it quit responding)I am posting two of the efforts:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.21.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MARK :: TOSHIBA [administrator]

4/21/2012 14:31:12
mbam-log-2012-04-21 (14-31-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 2008650
Time elapsed: 10 hour(s), 11 minute(s), 38 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.21.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MARK :: TOSHIBA [administrator]

4/21/2012 03:30:35
mbam-log-2012-04-21 (03-30-35).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 355448
Time elapsed: 2 hour(s), 40 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\Temp\0.4658048641496312 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Program Files\OJOsoft\OJOsoft Audio Converter\convert.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)




MBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-22 13:21:51
-----------------------------
13:21:51.296 OS Version: Windows 5.1.2600 Service Pack 3
13:21:51.296 Number of processors: 2 586 0xE08
13:21:51.296 ComputerName: TOSHIBA UserName: MARK
13:21:52.437 Initialize success
13:28:44.593 AVAST engine defs: 12042200
13:34:37.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:34:37.062 Disk 0 Vendor: FUJITSU_MHV2100BH 00000028 Size: 95396MB BusType: 3
13:34:37.078 Disk 0 MBR read successfully
13:34:37.078 Disk 0 MBR scan
13:34:37.156 Disk 0 Windows XP default MBR code
13:34:37.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 43198 MB offset 63
13:34:37.171 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 51944 MB offset 88469955
13:34:37.218 Disk 0 Partition 3 00 88 Linux plaintext AKr' 251 MB offset 194852385
13:34:37.250 Disk 0 scanning sectors +195366465
13:34:37.328 Disk 0 scanning C:\WINDOWS\system32\drivers
13:35:05.156 Service scanning
13:35:37.703 Service MpKsl979da76d C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E73CEEB3-5523-4272-BA4A-86F2B412DF13}\MpKsl979da76d.sys **LOCKED** 32
13:36:06.109 Modules scanning
13:36:12.156 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
13:36:13.375 Disk 0 trace - called modules:
13:36:13.390 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:36:13.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b54eab8]
13:36:13.406 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\000000a3[0x8b5a2030]
13:36:13.406 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b515940]
13:36:13.843 AVAST engine scan C:\WINDOWS
13:36:52.265 AVAST engine scan C:\WINDOWS\system32
13:42:40.140 AVAST engine scan C:\WINDOWS\system32\drivers
13:43:12.718 AVAST engine scan C:\Documents and Settings\MARK
14:02:03.796 AVAST engine scan C:\Documents and Settings\All Users
14:07:50.015 Scan finished successfully
14:08:07.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\MARK\Desktop\MBR.dat"
14:08:07.203 The log file has been saved successfully to "C:\Documents and Settings\MARK\Desktop\aswMBR.txt"


That is it. I will await the next step. Thank you.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:49 PM

Posted 22 April 2012 - 02:21 PM

What file and in what location is marked by MSE as infected?

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

======================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 markp

markp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 23 April 2012 - 12:53 PM

Thanks. so far so good. as I said, the redirect that was messing with google searches has stopped.


I went to microsoft essentials and copied this from settings as to where the virus may be found:

Items:
containerfile:C:\WINDOWS\system32\avg7alrt.dll
file:C:\WINDOWS\system32\avg7alrt.dll->EWS->1.cod


I ran the GMER program twice and the screen went black after several hours both times. so I ran it in safe mode, and after 5 hours the scrolling work stopped but there was no indication it was finished. so I stopped it and created a log. If it is not enough I will try it one more time with devices unchecked. the log I was able to get is here:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-23 13:22:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2100BH rev.00000028
Running: kyqn4f0u.exe; Driver: E:\DOCUME~1\MARK\MYDOCU~1\Temp\\pwldipow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Cdfs \Cdfs BA1D6400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 50A829C3B4B1DFE276D3FA75613E69F4EF17CE035EFD8332E9AEBA61390D7D22D60F73FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A6A0AC4980AC7933FEBC9E127BECC74C1F5C08706AD407E1652F5DD52F41360999439B83DACC577C4D2B34B592FC88D9D18EE589665CE6852A4B5A3436E3D7ECCFAD884753771054482BF38808EDF6350BB92FD85CAC5B2DB2B1B92AB652EC7A02BF2484C6F1158E3C678B20C0DC0FA7C3945F876CFA5C0614417DD2823A869E832316E85205AD7AD6F1E859474C6A84283BC9C4AF25FA02193D7BCCDB72C78F5A63D8A1861D332D7C414A94996137DD18A990BFAF28D9583FCDDC3AFA70E8C14171B964E9CB127D462D43B7A9E6B88F2944AD2F6C27AF03B57D20C30C50B770A6A15EE77445CA897CF4BC295DCAC334234FED4E5869C9BF643C961230D3131DACABBAE714E2F4B021B871560E9EC33082F7F057DA598591E35DE5537B5D6F08A9AC1B25A821B71667FC72328B17B6A5F8C92E104E86D6BC8118883CF3F4553BA9251E6107A15122352DA1AD96102EFEE9B96B3B822345CDBF09CB8217C6607E697935E5792812032895B8C4E5865269ED1D47A23A87EA91D2ADD06054A2C2645D72A9FC3C9F61268EE742F1239CDA56D1AD32152D2CF89A25E90E149
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ Wireless
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ProcessGroupPolicy ProcessWIRELESSPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ Folder Redirection
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ProcessGroupPolicyEx ProcessGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@DllName fdeploy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoMachinePolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@EventSources (Folder Redirection,Application)?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ Microsoft Disk Quota
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName dskquota.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ QoS Packet Scheduler
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ProcessGroupPolicy ProcessPSCHEDPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ Scripts
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicy ProcessScriptsGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicyEx ProcessScriptsGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@GenerateGroupPolicy GenerateScriptsGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NotifyLinkTransition 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ Internet Explorer Zonemapping
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy ProcessGroupPolicyForZoneMap
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ Internet Explorer User Accelerators
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicy ProcessGroupPolicyForActivities
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicyEx ProcessGroupPolicyForActivitiesEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessSecurityPolicyGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy SceGenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx SceProcessSecurityPolicyGPOEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval 960
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx ProcessGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ Internet Explorer Branding
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3014
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessEFSRecoveryGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ EFS recovery
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ 802.3 Group Policy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DisplayName @dot3gpclnt.dll,-100
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ProcessGroupPolicyEx ProcessLANPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@GenerateGroupPolicy GenerateLANPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DllName dot3gpclnt.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ Microsoft Offline Files
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName %SystemRoot%\System32\cscui.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ Software Installation
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName appmgmts.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx ProcessGroupPolicyObjectsEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources (Application Management,Application)?(MsiInstaller,Application)?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ Internet Explorer Machine Accelerators
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicy ProcessGroupPolicyForActivities
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicyEx ProcessGroupPolicyForActivitiesEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ IP Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ProcessGroupPolicy ProcessIPSECPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@DllName C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logon SABWINLOLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logoff SABWINLOLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Startup SABWINLOStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Shutdown SABWINLOShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify@DLLName ckpNotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify@Logoff WLEventLogOff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify@Logon WLEventLogOn
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify@Shutdown WLEventShutDown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@DllName crypt32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Logoff ChainWlxLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@DllName cryptnet.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Logoff CryptnetWlxLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@DLLName cscdll.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logon WinlogonLogonEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logoff WinlogonLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@ScreenSaver WinlogonScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Startup WinlogonStartupEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Shutdown WinlogonShutdownEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@StartShell WinlogonStartShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@DllName %SystemRoot%\System32\dimsntfy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Startup WlDimsStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Shutdown WlDimsShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logon WlDimsLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logoff WlDimsLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@StartShell WlDimsStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Lock WlDimsLock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Unlock WlDimsUnlock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName igfxdev.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@Unlock WinlogonUnlockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@DLLName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logon SCardStartCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logoff SCardStopCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Lock SCardSuspendCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Unlock SCardResumeCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Enabled 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@DllName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@StartShell SchedStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Logoff SchedEventLogOff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Logoff WLEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@DllName sclgntfy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@DLLName WlNotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Lock SensLockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logon SensLogonEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logoff SensLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Safe 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@MaxWait 600
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartScreenSaver SensStartScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StopScreenSaver SensStopScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Startup SensStartupEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Shutdown SensShutdownEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartShell SensStartShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@PostShell SensPostShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Disconnect SensDisconnectEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Reconnect SensReconnectEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Unlock SensUnlockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@DllName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logoff TSEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logon TSEventLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@PostShell TSEventPostShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Shutdown TSEventShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@StartShell TSEventStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Startup TSEventStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@MaxWait 600
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Reconnect TSEventReconnect
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Disconnect TSEventDisconnect
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@DLLName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logon RegisterTicketExpiredNotificationEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logoff UnregisterTicketExpiredNotificationEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@HelpAssistant 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@TsInternetUser 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@SQLAgentCmdExec 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@NetShowServices 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IWAM_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@VUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@ASPNET 0

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB36956$\305431144 0 bytes
File C:\WINDOWS\$NtUninstallKB36956$\305431144\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB36956$\305431144\cfg.ini 170 bytes
File C:\WINDOWS\$NtUninstallKB36956$\305431144\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB36956$\305431144\L 0 bytes
File C:\WINDOWS\$NtUninstallKB36956$\305431144\L\pavtnywh 455680 bytes
File C:\WINDOWS\$NtUninstallKB36956$\305431144\oemid 161 bytes
File C:\WINDOWS\$NtUninstallKB36956$\305431144\U 0 bytes
File C:\WINDOWS\$NtUninstallKB36956$\305431144\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB36956$\305431144\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB36956$\305431144\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB36956$\305431144\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB36956$\305431144\U\80000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB36956$\305431144\U\80000032.@ 115712 bytes
File C:\WINDOWS\$NtUninstallKB36956$\305431144\version 1127 bytes
File C:\WINDOWS\$NtUninstallKB36956$\3869724823 0 bytes

---- EOF - GMER 1.0.15 ----


The boot kit log is here:

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
-------------------------------

Thanks for your help.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:49 PM

Posted 23 April 2012 - 06:30 PM

You're still infected.

Firstly, let's check that file...
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINDOWS\system32\avg7alrt.dll
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

Then...

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 markp

markp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 23 April 2012 - 08:58 PM

still no redirects. I opened windows explorer, and made the proper checkmarks for hidden files etc, and opened virustotal.com and the file C:\WINDOWS\system32\avg7alrt.dll was not found, neither by browsing on the virustotal page nor by searching on the computer. I looked for any file in system32 that might hold that file and saw nothing.

then I downloaded TDSSKiller , ran it and no infection was found. here is the log.

Thanks!!


21:50:56.0463 5756 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
21:50:57.0400 5756 ============================================================
21:50:57.0400 5756 Current date / time: 2012/04/23 21:50:57.0400
21:50:57.0400 5756 SystemInfo:
21:50:57.0400 5756
21:50:57.0400 5756 OS Version: 5.1.2600 ServicePack: 3.0
21:50:57.0400 5756 Product type: Workstation
21:50:57.0400 5756 ComputerName: TOSHIBA
21:50:57.0400 5756 UserName: MARK
21:50:57.0400 5756 Windows directory: C:\WINDOWS
21:50:57.0400 5756 System windows directory: C:\WINDOWS
21:50:57.0400 5756 Processor architecture: Intel x86
21:50:57.0400 5756 Number of processors: 2
21:50:57.0400 5756 Page size: 0x1000
21:50:57.0400 5756 Boot type: Normal boot
21:50:57.0400 5756 ============================================================
21:50:59.0119 5756 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:50:59.0119 5756 Drive \Device\Harddisk1\DR6 - Size: 0x3BC000000 (14.94 Gb), SectorSize: 0x200, Cylinders: 0x79D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:50:59.0135 5756 ============================================================
21:50:59.0135 5756 \Device\Harddisk0\DR0:
21:50:59.0150 5756 MBR partitions:
21:50:59.0150 5756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x545F184
21:50:59.0150 5756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x545F1C3, BlocksNum 0x657445E
21:50:59.0150 5756 \Device\Harddisk1\DR6:
21:50:59.0150 5756 MBR partitions:
21:50:59.0150 5756 \Device\Harddisk1\DR6\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DDE000
21:50:59.0150 5756 ============================================================
21:50:59.0166 5756 C: <-> \Device\Harddisk0\DR0\Partition0
21:50:59.0197 5756 E: <-> \Device\Harddisk0\DR0\Partition1
21:50:59.0197 5756 ============================================================
21:50:59.0197 5756 Initialize success
21:50:59.0197 5756 ============================================================
21:51:17.0650 4428 ============================================================
21:51:17.0650 4428 Scan started
21:51:17.0650 4428 Mode: Manual;
21:51:17.0650 4428 ============================================================
21:51:18.0135 4428 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:51:18.0135 4428 !SASCORE - ok
21:51:18.0229 4428 a2free (fbbb4ccf7daea065e97363e727b929a4) C:\Program Files\a-squared Free\a2service.exe
21:51:18.0229 4428 a2free - ok
21:51:18.0338 4428 a8djavs - ok
21:51:18.0432 4428 aawservice (17067069b9a7865028c1f2e6971d0ccc) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
21:51:18.0463 4428 aawservice - ok
21:51:18.0494 4428 Abiosdsk - ok
21:51:18.0510 4428 abp480n5 - ok
21:51:18.0541 4428 ACGPRS (599a126109bfca4b89c1ed01b78ba068) C:\WINDOWS\system32\DRIVERS\acgprs.sys
21:51:18.0557 4428 ACGPRS - ok
21:51:18.0604 4428 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:51:18.0604 4428 ACPI - ok
21:51:18.0604 4428 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:51:18.0604 4428 ACPIEC - ok
21:51:18.0619 4428 adpu160m - ok
21:51:18.0650 4428 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:51:18.0650 4428 aec - ok
21:51:18.0666 4428 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:51:18.0666 4428 AegisP - ok
21:51:18.0713 4428 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
21:51:18.0713 4428 AFD - ok
21:51:18.0791 4428 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:51:18.0807 4428 AgereSoftModem - ok
21:51:18.0807 4428 Aha154x - ok
21:51:18.0807 4428 aic78u2 - ok
21:51:18.0822 4428 aic78xx - ok
21:51:18.0822 4428 akshasp - ok
21:51:18.0854 4428 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:51:18.0869 4428 Alerter - ok
21:51:18.0885 4428 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:51:18.0885 4428 ALG - ok
21:51:18.0885 4428 AliIde - ok
21:51:18.0885 4428 ALYac_PZSrv - ok
21:51:18.0900 4428 amsint - ok
21:51:18.0932 4428 AnyDVD (ff2142c8aef38bb25c7f764b3ceddc2e) C:\WINDOWS\system32\Drivers\AnyDVD.sys
21:51:18.0932 4428 AnyDVD - ok
21:51:19.0041 4428 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
21:51:19.0041 4428 AOL ACS - ok
21:51:19.0057 4428 AOL TopSpeedMonitor (7fb54900aa9792ab6307c699ec1859d4) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
21:51:19.0057 4428 AOL TopSpeedMonitor - ok
21:51:19.0072 4428 aolservice - ok
21:51:19.0104 4428 APLMp50 (a9a22d7bad607cf7f698e32fb2983d2d) C:\WINDOWS\system32\Drivers\APLMp50.sys
21:51:19.0104 4428 APLMp50 - ok
21:51:19.0150 4428 Apowersoft_AudioDevice (85ece26f326c2d07ba77a60343468272) C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys
21:51:19.0150 4428 Apowersoft_AudioDevice - ok
21:51:19.0213 4428 Apple Mobile Device (2acfc9242be81ae2356e14e5e05c02bb) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
21:51:19.0213 4428 Apple Mobile Device - ok
21:51:19.0260 4428 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:51:19.0275 4428 AppMgmt - ok
21:51:19.0275 4428 arc - ok
21:51:19.0307 4428 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:51:19.0307 4428 Arp1394 - ok
21:51:19.0322 4428 asc - ok
21:51:19.0322 4428 asc3350p - ok
21:51:19.0322 4428 asc3550 - ok
21:51:19.0369 4428 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
21:51:19.0385 4428 ASPI - ok
21:51:19.0416 4428 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\Aspi32.sys
21:51:19.0416 4428 Aspi32 - ok
21:51:19.0541 4428 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:51:19.0541 4428 aspnet_state - ok
21:51:19.0557 4428 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:51:19.0557 4428 AsyncMac - ok
21:51:19.0572 4428 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:51:19.0572 4428 atapi - ok
21:51:19.0588 4428 Atdisk - ok
21:51:19.0588 4428 atitool - ok
21:51:19.0604 4428 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:51:19.0604 4428 Atmarpc - ok
21:51:19.0650 4428 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:51:19.0650 4428 AudioSrv - ok
21:51:19.0682 4428 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:51:19.0682 4428 audstub - ok
21:51:19.0697 4428 bbcap (7fc61edc0b094270b7a42921599a3d0e) C:\WINDOWS\system32\DRIVERS\bbcap.sys
21:51:19.0697 4428 bbcap - ok
21:51:19.0697 4428 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:51:19.0697 4428 Beep - ok
21:51:19.0760 4428 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:51:19.0791 4428 BITS - ok
21:51:19.0791 4428 bltrust - ok
21:51:19.0791 4428 bridgemp - ok
21:51:19.0854 4428 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:51:19.0854 4428 Browser - ok
21:51:19.0900 4428 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
21:51:19.0900 4428 BTCFilterService - ok
21:51:20.0010 4428 catchme - ok
21:51:20.0041 4428 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:51:20.0041 4428 cbidf2k - ok
21:51:20.0041 4428 ccevtmgr - ok
21:51:20.0041 4428 cd20xrnt - ok
21:51:20.0057 4428 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:51:20.0057 4428 Cdaudio - ok
21:51:20.0072 4428 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:51:20.0072 4428 Cdfs - ok
21:51:20.0119 4428 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:51:20.0119 4428 Cdrom - ok
21:51:20.0197 4428 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
21:51:20.0197 4428 CFSvcs - ok
21:51:20.0213 4428 Changer - ok
21:51:20.0275 4428 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:51:20.0275 4428 CiSvc - ok
21:51:20.0307 4428 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:51:20.0307 4428 ClipSrv - ok
21:51:20.0385 4428 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:51:20.0385 4428 clr_optimization_v2.0.50727_32 - ok
21:51:20.0416 4428 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:51:20.0416 4428 CmBatt - ok
21:51:20.0432 4428 CmdIde - ok
21:51:20.0447 4428 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:51:20.0447 4428 Compbatt - ok
21:51:20.0447 4428 COMSysApp - ok
21:51:20.0463 4428 Cpqarray - ok
21:51:20.0494 4428 cpqvcagent - ok
21:51:20.0510 4428 CP_OMDRV (7f1706911862276f5144984d07ba9e3b) C:\WINDOWS\system32\drivers\omdrv.sys
21:51:20.0510 4428 CP_OMDRV - ok
21:51:20.0541 4428 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:51:20.0557 4428 CryptSvc - ok
21:51:20.0557 4428 ctxhttp - ok
21:51:20.0557 4428 cwafreportscheduler - ok
21:51:20.0572 4428 CX88ENC - ok
21:51:20.0572 4428 cyberpowerups - ok
21:51:20.0572 4428 dac2w2k - ok
21:51:20.0588 4428 dac960nt - ok
21:51:20.0635 4428 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:51:20.0666 4428 DcomLaunch - ok
21:51:20.0666 4428 de_serv - ok
21:51:20.0713 4428 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:51:20.0713 4428 Dhcp - ok
21:51:20.0729 4428 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:51:20.0729 4428 Disk - ok
21:51:20.0822 4428 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:51:20.0822 4428 DLABOIOM - ok
21:51:20.0822 4428 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:51:20.0822 4428 DLACDBHM - ok
21:51:20.0838 4428 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
21:51:20.0838 4428 DLADResN - ok
21:51:20.0854 4428 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:51:20.0854 4428 DLAIFS_M - ok
21:51:20.0869 4428 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:51:20.0869 4428 DLAOPIOM - ok
21:51:20.0869 4428 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:51:20.0869 4428 DLAPoolM - ok
21:51:20.0885 4428 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:51:20.0885 4428 DLARTL_N - ok
21:51:20.0885 4428 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:51:20.0900 4428 DLAUDFAM - ok
21:51:20.0916 4428 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:51:20.0916 4428 DLAUDF_M - ok
21:51:20.0916 4428 dmadmin - ok
21:51:20.0994 4428 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:51:21.0025 4428 dmboot - ok
21:51:21.0057 4428 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:51:21.0057 4428 dmio - ok
21:51:21.0057 4428 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:51:21.0057 4428 dmload - ok
21:51:21.0104 4428 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:51:21.0104 4428 dmserver - ok
21:51:21.0119 4428 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:51:21.0119 4428 DMusic - ok
21:51:21.0119 4428 DN2AKNET - ok
21:51:21.0135 4428 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:51:21.0135 4428 Dnscache - ok
21:51:21.0166 4428 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:51:21.0182 4428 Dot3svc - ok
21:51:21.0213 4428 Dot4 HPH09 (ad4bf19f18e56e9cc23b02b53321336e) C:\WINDOWS\system32\DRIVERS\hphid409.sys
21:51:21.0213 4428 Dot4 HPH09 - ok
21:51:21.0244 4428 Dot4Print HPH09 (81ac4ae8ff949bf5924b5ee00d5ac90b) C:\WINDOWS\system32\DRIVERS\hphipr09.sys
21:51:21.0260 4428 Dot4Print HPH09 - ok
21:51:21.0275 4428 Dot4Storage HPH09 (47b5fd84ca8d16060c4e59647d80c0ca) C:\WINDOWS\system32\Drivers\hphs2k09.sys
21:51:21.0275 4428 Dot4Storage HPH09 - ok
21:51:21.0291 4428 Dot4Usb HPH09 (eb20c76c39917b1641bb4c5206be7d76) C:\WINDOWS\system32\drivers\hphius09.sys
21:51:21.0291 4428 Dot4Usb HPH09 - ok
21:51:21.0291 4428 dpti2o - ok
21:51:21.0307 4428 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:51:21.0307 4428 drmkaud - ok
21:51:21.0322 4428 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:51:21.0322 4428 DRVMCDB - ok
21:51:21.0338 4428 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:51:21.0338 4428 DRVNDDM - ok
21:51:21.0369 4428 DVD-RAM_Service (c9ffbd6b8edc46cd3d13e3c6db914fb7) C:\WINDOWS\system32\DVDRAMSV.exe
21:51:21.0369 4428 DVD-RAM_Service - ok
21:51:21.0400 4428 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:51:21.0400 4428 E100B - ok
21:51:21.0447 4428 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:51:21.0447 4428 e1express - ok
21:51:21.0479 4428 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:51:21.0479 4428 EapHost - ok
21:51:21.0572 4428 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
21:51:21.0572 4428 ehRecvr - ok
21:51:21.0604 4428 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
21:51:21.0604 4428 ehSched - ok
21:51:21.0650 4428 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
21:51:21.0650 4428 ElbyCDIO - ok
21:51:21.0650 4428 emclisrv - ok
21:51:21.0650 4428 epsonbidirectionalservice - ok
21:51:21.0682 4428 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:51:21.0682 4428 ERSvc - ok
21:51:21.0697 4428 eSettingsService - ok
21:51:21.0729 4428 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:51:21.0729 4428 Eventlog - ok
21:51:21.0791 4428 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:51:21.0791 4428 EventSystem - ok
21:51:21.0900 4428 EvtEng (56ded3ade453272e6a0ad582d945d1a4) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
21:51:21.0900 4428 EvtEng - ok
21:51:21.0900 4428 ezplay - ok
21:51:21.0947 4428 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:51:21.0947 4428 Fastfat - ok
21:51:21.0994 4428 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:51:21.0994 4428 FastUserSwitchingCompatibility - ok
21:51:22.0041 4428 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
21:51:22.0057 4428 Fax - ok
21:51:22.0104 4428 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:51:22.0104 4428 Fdc - ok
21:51:22.0119 4428 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:51:22.0119 4428 Fips - ok
21:51:22.0119 4428 FireHook - ok
21:51:22.0135 4428 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:51:22.0135 4428 Flpydisk - ok
21:51:22.0150 4428 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:51:22.0150 4428 FltMgr - ok
21:51:22.0260 4428 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:51:22.0260 4428 FontCache3.0.0.0 - ok
21:51:22.0260 4428 fshttps - ok
21:51:22.0307 4428 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:51:22.0307 4428 Fs_Rec - ok
21:51:22.0322 4428 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:51:22.0322 4428 Ftdisk - ok
21:51:22.0510 4428 FW1 (e03a6d546c2cccfcf07ae8a1a0a9347d) C:\WINDOWS\system32\DRIVERS\fw.sys
21:51:22.0525 4428 FW1 - ok
21:51:22.0650 4428 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:51:22.0650 4428 GEARAspiWDM - ok
21:51:22.0697 4428 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:51:22.0697 4428 Gpc - ok
21:51:22.0744 4428 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
21:51:22.0744 4428 grmnusb - ok
21:51:22.0744 4428 GT891x - ok
21:51:22.0869 4428 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:51:22.0869 4428 gupdate - ok
21:51:22.0885 4428 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:51:22.0885 4428 gupdatem - ok
21:51:22.0932 4428 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:51:22.0932 4428 gusvc - ok
21:51:22.0932 4428 hdaudaddservice - ok
21:51:22.0979 4428 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:51:22.0994 4428 HDAudBus - ok
21:51:23.0057 4428 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:51:23.0057 4428 helpsvc - ok
21:51:23.0088 4428 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:51:23.0104 4428 HidServ - ok
21:51:23.0150 4428 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:51:23.0150 4428 HidUsb - ok
21:51:23.0182 4428 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:51:23.0182 4428 hkmsvc - ok
21:51:23.0182 4428 hpn - ok
21:51:23.0947 4428 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:51:23.0979 4428 hpqcxs08 - ok
21:51:24.0275 4428 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:51:24.0275 4428 hpqddsvc - ok
21:51:24.0291 4428 HpqRemHid - ok
21:51:24.0729 4428 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:51:24.0729 4428 HPZid412 - ok
21:51:24.0744 4428 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:51:24.0744 4428 HPZipr12 - ok
21:51:24.0760 4428 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:51:24.0775 4428 HPZius12 - ok
21:51:24.0775 4428 hSONYPVh - ok
21:51:24.0822 4428 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:51:24.0822 4428 HTTP - ok
21:51:24.0869 4428 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:51:24.0869 4428 HTTPFilter - ok
21:51:24.0869 4428 i2omgmt - ok
21:51:24.0885 4428 i2omp - ok
21:51:24.0932 4428 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:51:24.0932 4428 i8042prt - ok
21:51:25.0041 4428 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:51:25.0057 4428 ialm - ok
21:51:25.0182 4428 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:51:25.0182 4428 IDriverT - ok
21:51:25.0463 4428 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:51:25.0525 4428 idsvc - ok
21:51:25.0588 4428 ikfilesec - ok
21:51:25.0682 4428 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:51:25.0682 4428 Imapi - ok
21:51:25.0775 4428 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:51:25.0775 4428 ImapiService - ok
21:51:25.0775 4428 ini910u - ok
21:51:25.0791 4428 ino_flpy - ok
21:51:26.0072 4428 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:51:26.0104 4428 IntcAzAudAddService - ok
21:51:26.0213 4428 IntelIde - ok
21:51:26.0229 4428 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:51:26.0229 4428 intelppm - ok
21:51:26.0260 4428 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:51:26.0260 4428 Ip6Fw - ok
21:51:26.0260 4428 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:51:26.0275 4428 IpFilterDriver - ok
21:51:26.0307 4428 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:51:26.0307 4428 IpInIp - ok
21:51:26.0354 4428 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:51:26.0354 4428 IpNat - ok
21:51:26.0494 4428 iPod Service (b960fa3b5a10588dc00bbecb662a9397) C:\Program Files\iPod\bin\iPodService.exe
21:51:26.0541 4428 iPod Service - ok
21:51:26.0557 4428 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:51:26.0557 4428 IPSec - ok
21:51:26.0588 4428 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:51:26.0588 4428 IRENUM - ok
21:51:26.0619 4428 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:51:26.0619 4428 isapnp - ok
21:51:26.0635 4428 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
21:51:26.0635 4428 Iviaspi - ok
21:51:26.0713 4428 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
21:51:26.0713 4428 JavaQuickStarterService - ok
21:51:26.0775 4428 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:51:26.0775 4428 Kbdclass - ok
21:51:26.0822 4428 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:51:26.0822 4428 kbdhid - ok
21:51:26.0869 4428 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:51:26.0869 4428 kmixer - ok
21:51:26.0916 4428 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
21:51:26.0932 4428 KR10N - ok
21:51:26.0932 4428 KR3NPXP - ok
21:51:26.0932 4428 kraidsvc - ok
21:51:26.0947 4428 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:51:26.0947 4428 KSecDD - ok
21:51:26.0994 4428 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:51:27.0010 4428 lanmanserver - ok
21:51:27.0041 4428 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:51:27.0041 4428 lanmanworkstation - ok
21:51:27.0057 4428 lbrtfdc - ok
21:51:27.0088 4428 LKNUCMP (e19b79a7c6217b40253fa1e8e01d8ad9) C:\WINDOWS\system32\DRIVERS\lknucmp.sys
21:51:27.0088 4428 LKNUCMP - ok
21:51:27.0119 4428 lknuhst (16aa31702b14f0176df86409cc133b64) C:\WINDOWS\system32\DRIVERS\lknuhst.sys
21:51:27.0119 4428 lknuhst - ok
21:51:27.0166 4428 LKNUHUB (9b1eee47969a977da0d26c98c93cbe0b) C:\WINDOWS\system32\DRIVERS\lknuhub.sys
21:51:27.0166 4428 LKNUHUB - ok
21:51:27.0182 4428 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:51:27.0197 4428 LmHosts - ok
21:51:27.0197 4428 LMIRfsDriver - ok
21:51:27.0197 4428 LPCFilter - ok
21:51:27.0213 4428 lvmvdrv - ok
21:51:27.0213 4428 mcontrol - ok
21:51:27.0291 4428 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
21:51:27.0291 4428 McrdSvc - ok
21:51:27.0291 4428 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
21:51:27.0307 4428 MCSTRM - ok
21:51:27.0307 4428 mcsysmon - ok
21:51:27.0354 4428 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
21:51:27.0354 4428 meiudf - ok
21:51:27.0385 4428 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:51:27.0385 4428 Messenger - ok
21:51:27.0479 4428 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
21:51:27.0479 4428 mf - ok
21:51:27.0510 4428 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
21:51:27.0510 4428 MHN - ok
21:51:27.0557 4428 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:51:27.0557 4428 MHNDRV - ok
21:51:27.0572 4428 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:51:27.0572 4428 mnmdd - ok
21:51:27.0588 4428 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:51:27.0604 4428 mnmsrvc - ok
21:51:27.0619 4428 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:51:27.0619 4428 Modem - ok
21:51:27.0650 4428 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys
21:51:27.0650 4428 motandroidusb - ok
21:51:27.0682 4428 motccgp (7b8d7bb9ae3ae9cd133bbc5aa91dd3cc) C:\WINDOWS\system32\DRIVERS\motccgp.sys
21:51:27.0682 4428 motccgp - ok
21:51:27.0697 4428 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
21:51:27.0697 4428 motccgpfl - ok
21:51:27.0697 4428 motmodem (c3b0fd4f463e90b3917ff6ccea853bb6) C:\WINDOWS\system32\DRIVERS\motmodem.sys
21:51:27.0697 4428 motmodem - ok
21:51:27.0807 4428 MotoConnect Service (9b2923c59d49672d1205c391a1296525) C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
21:51:27.0807 4428 MotoConnect Service - ok
21:51:27.0822 4428 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
21:51:27.0822 4428 MotoSwitchService - ok
21:51:27.0838 4428 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
21:51:27.0838 4428 Motousbnet - ok
21:51:27.0854 4428 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:51:27.0854 4428 Mouclass - ok
21:51:27.0885 4428 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:51:27.0885 4428 mouhid - ok
21:51:27.0932 4428 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:51:27.0932 4428 MountMgr - ok
21:51:27.0963 4428 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:51:27.0963 4428 MpFilter - ok
21:51:28.0104 4428 MpKsl979da76d (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E73CEEB3-5523-4272-BA4A-86F2B412DF13}\MpKsl979da76d.sys
21:51:28.0104 4428 MpKsl979da76d - ok
21:51:28.0104 4428 mraid35x - ok
21:51:28.0166 4428 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:51:28.0166 4428 MRxDAV - ok
21:51:28.0197 4428 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:51:28.0197 4428 MSDTC - ok
21:51:28.0213 4428 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:51:28.0213 4428 Msfs - ok
21:51:28.0213 4428 msftesql - ok
21:51:28.0213 4428 MSIServer - ok
21:51:28.0229 4428 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:51:28.0229 4428 MSKSSRV - ok
21:51:28.0275 4428 MsMpSvc (90dc23d940551db35367fb1e40575b25) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:51:28.0291 4428 MsMpSvc - ok
21:51:28.0291 4428 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:51:28.0291 4428 MSPCLOCK - ok
21:51:28.0307 4428 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:51:28.0307 4428 MSPQM - ok
21:51:28.0338 4428 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:51:28.0338 4428 mssmbios - ok
21:51:28.0338 4428 MSSQL$MSSMLBIZ - ok
21:51:28.0354 4428 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:51:28.0354 4428 Mup - ok
21:51:28.0400 4428 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:51:28.0400 4428 napagent - ok
21:51:28.0447 4428 NCHSSVAD (0df9cc7b5cc173f545723f23e68fac93) C:\WINDOWS\system32\drivers\nchssvad.sys
21:51:28.0447 4428 NCHSSVAD - ok
21:51:28.0463 4428 NCPro - ok
21:51:28.0479 4428 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:51:28.0479 4428 NDIS - ok
21:51:28.0510 4428 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:51:28.0510 4428 NdisTapi - ok
21:51:28.0541 4428 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:51:28.0541 4428 Ndisuio - ok
21:51:28.0557 4428 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:51:28.0557 4428 NdisWan - ok
21:51:28.0588 4428 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:51:28.0588 4428 NDProxy - ok
21:51:28.0619 4428 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
21:51:28.0635 4428 Net Driver HPZ12 - ok
21:51:28.0666 4428 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:51:28.0666 4428 NetBIOS - ok
21:51:28.0697 4428 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:51:28.0697 4428 NetBT - ok
21:51:28.0744 4428 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:51:28.0744 4428 NetDDE - ok
21:51:28.0744 4428 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:51:28.0744 4428 NetDDEdsdm - ok
21:51:28.0775 4428 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
21:51:28.0775 4428 Netdevio - ok
21:51:28.0838 4428 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:51:28.0838 4428 Netlogon - ok
21:51:28.0869 4428 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:51:28.0869 4428 Netman - ok
21:51:29.0057 4428 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:51:29.0057 4428 NetTcpPortSharing - ok
21:51:29.0057 4428 netwg311 - ok
21:51:29.0119 4428 NetworkLog (65f5103187c53999c8fc9872f7496dcf) C:\WINDOWS\svcs.exe
21:51:29.0150 4428 NetworkLog - ok
21:51:29.0197 4428 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:51:29.0197 4428 NIC1394 - ok
21:51:29.0197 4428 nidomainservice - ok
21:51:29.0244 4428 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:51:29.0260 4428 Nla - ok
21:51:29.0275 4428 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
21:51:29.0275 4428 nm - ok
21:51:29.0275 4428 Nmea - ok
21:51:29.0307 4428 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
21:51:29.0307 4428 NPF - ok
21:51:29.0369 4428 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:51:29.0369 4428 Npfs - ok
21:51:29.0432 4428 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:51:29.0432 4428 Ntfs - ok
21:51:29.0479 4428 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:51:29.0479 4428 NtLmSsp - ok
21:51:29.0541 4428 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:51:29.0557 4428 NtmsSvc - ok
21:51:29.0588 4428 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:51:29.0588 4428 Null - ok
21:51:29.0635 4428 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
21:51:29.0635 4428 NWADI - ok
21:51:29.0666 4428 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:51:29.0666 4428 NwlnkFlt - ok
21:51:29.0682 4428 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:51:29.0682 4428 NwlnkFwd - ok
21:51:29.0697 4428 NWUSBModem - ok
21:51:29.0697 4428 NWUSBPort - ok
21:51:29.0713 4428 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:51:29.0713 4428 ohci1394 - ok
21:51:29.0713 4428 omniusbl - ok
21:51:29.0729 4428 oracleorahomeclientcache - ok
21:51:29.0729 4428 orbpvr - ok
21:51:29.0854 4428 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:51:29.0854 4428 ose - ok
21:51:29.0885 4428 PalmUSBD (7238442742146a64fac40fa0f9afd491) C:\WINDOWS\system32\drivers\PalmUSBD.sys
21:51:29.0885 4428 PalmUSBD - ok
21:51:29.0947 4428 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:51:29.0947 4428 Parport - ok
21:51:30.0025 4428 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:51:30.0025 4428 PartMgr - ok
21:51:30.0104 4428 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:51:30.0135 4428 ParVdm - ok
21:51:30.0135 4428 pavprsrv - ok
21:51:30.0260 4428 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
21:51:30.0260 4428 PCASp50 - ok
21:51:30.0260 4428 pcctlcom - ok
21:51:30.0572 4428 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:51:30.0572 4428 PCI - ok
21:51:30.0588 4428 PCIDump - ok
21:51:30.0650 4428 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:51:30.0650 4428 PCIIde - ok
21:51:30.0650 4428 PCISys - ok
21:51:30.0932 4428 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:51:30.0932 4428 Pcmcia - ok
21:51:31.0041 4428 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
21:51:31.0041 4428 pcouffin - ok
21:51:31.0041 4428 PCTINDIS5 - ok
21:51:31.0041 4428 PDCOMP - ok
21:51:31.0057 4428 PDFRAME - ok
21:51:31.0057 4428 pdlnebas - ok
21:51:31.0072 4428 PDRELI - ok
21:51:31.0072 4428 PDRFRAME - ok
21:51:31.0088 4428 perc2 - ok
21:51:31.0088 4428 perc2hib - ok
21:51:31.0135 4428 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
21:51:31.0150 4428 Pfc - ok
21:51:31.0182 4428 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:51:31.0182 4428 PlugPlay - ok
21:51:31.0229 4428 Pml Driver (913aef7fc38959155f426b1e997e798f) C:\WINDOWS\system32\HPHipm09.exe
21:51:31.0229 4428 Pml Driver - ok
21:51:31.0260 4428 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
21:51:31.0260 4428 Pml Driver HPZ12 - ok
21:51:31.0291 4428 pneteth (088335b06f75adbcbb81575c7cae6c43) C:\WINDOWS\system32\DRIVERS\pneteth.sys
21:51:31.0291 4428 pneteth - ok
21:51:31.0338 4428 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
21:51:31.0338 4428 pnetmdm - ok
21:51:31.0338 4428 PolarUSB - ok
21:51:31.0385 4428 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:51:31.0385 4428 PolicyAgent - ok
21:51:31.0416 4428 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:51:31.0416 4428 PptpMiniport - ok
21:51:31.0416 4428 prism_a02 - ok
21:51:31.0432 4428 prohlp02 - ok
21:51:31.0432 4428 prosync1 - ok
21:51:31.0447 4428 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:51:31.0447 4428 ProtectedStorage - ok
21:51:31.0463 4428 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:51:31.0463 4428 PSched - ok
21:51:31.0494 4428 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:51:31.0494 4428 Ptilink - ok
21:51:31.0557 4428 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:51:31.0557 4428 PxHelp20 - ok
21:51:31.0557 4428 ql1080 - ok
21:51:31.0572 4428 Ql10wnt - ok
21:51:31.0572 4428 ql12160 - ok
21:51:31.0588 4428 ql1240 - ok
21:51:31.0588 4428 ql1280 - ok
21:51:31.0604 4428 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:51:31.0604 4428 RasAcd - ok
21:51:31.0635 4428 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:51:31.0635 4428 RasAuto - ok
21:51:31.0650 4428 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:51:31.0650 4428 Rasl2tp - ok
21:51:31.0682 4428 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:51:31.0682 4428 RasMan - ok
21:51:31.0697 4428 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:51:31.0697 4428 RasPppoe - ok
21:51:31.0713 4428 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:51:31.0713 4428 Raspti - ok
21:51:31.0744 4428 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:51:31.0744 4428 Rdbss - ok
21:51:31.0760 4428 RDID1007 - ok
21:51:31.0775 4428 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:51:31.0775 4428 RDPCDD - ok
21:51:31.0791 4428 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:51:31.0791 4428 rdpdr - ok
21:51:31.0822 4428 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:51:31.0822 4428 RDPWD - ok
21:51:31.0854 4428 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:51:31.0869 4428 RDSessMgr - ok
21:51:31.0885 4428 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:51:31.0885 4428 redbook - ok
21:51:31.0994 4428 RegSrvc (1b2857ef12d79a9f9adba14b0637cbf8) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
21:51:31.0994 4428 RegSrvc - ok
21:51:32.0025 4428 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:51:32.0025 4428 RemoteAccess - ok
21:51:32.0041 4428 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:51:32.0057 4428 RemoteRegistry - ok
21:51:32.0072 4428 RimSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:51:32.0072 4428 RimSerPort - ok
21:51:32.0072 4428 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:51:32.0072 4428 RimVSerPort - ok
21:51:32.0104 4428 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:51:32.0104 4428 ROOTMODEM - ok
21:51:32.0135 4428 rpcapd (67c607857ccd6ebffe768dad5b2ca239) C:\Program Files\WinPcap\rpcapd.exe
21:51:32.0135 4428 rpcapd - ok
21:51:32.0166 4428 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:51:32.0182 4428 RpcLocator - ok
21:51:32.0229 4428 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:51:32.0229 4428 RpcSs - ok
21:51:32.0244 4428 rpcsvr4x - ok
21:51:32.0291 4428 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:51:32.0291 4428 RSVP - ok
21:51:32.0291 4428 s125bus - ok
21:51:32.0354 4428 S24EventMonitor (6c5155cc0e805c7be6028bff7ac14524) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
21:51:32.0369 4428 S24EventMonitor - ok
21:51:32.0447 4428 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:51:32.0447 4428 s24trans - ok
21:51:32.0463 4428 s616mgmt - ok
21:51:32.0463 4428 s616nd5 - ok
21:51:32.0525 4428 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:51:32.0525 4428 SamSs - ok
21:51:32.0572 4428 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:51:32.0572 4428 SASDIFSV - ok
21:51:32.0588 4428 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:51:32.0588 4428 SASKUTIL - ok
21:51:32.0635 4428 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:51:32.0635 4428 SCardSvr - ok
21:51:32.0713 4428 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:51:32.0713 4428 Schedule - ok
21:51:32.0760 4428 scrswi (7d35f3c9d06602bf37ce478c84c9850a) C:\WINDOWS\system32\DRIVERS\scrswi.sys
21:51:32.0760 4428 scrswi - ok
21:51:32.0791 4428 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:51:32.0791 4428 sdbus - ok
21:51:32.0791 4428 SE2Cobex - ok
21:51:32.0807 4428 SE2Emgmt - ok
21:51:32.0900 4428 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:51:32.0900 4428 SeaPort - ok
21:51:32.0947 4428 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:51:32.0947 4428 Secdrv - ok
21:51:32.0963 4428 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:51:32.0979 4428 seclogon - ok
21:51:32.0994 4428 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:51:32.0994 4428 SENS - ok
21:51:32.0994 4428 serenum - ok
21:51:33.0057 4428 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:51:33.0057 4428 Serial - ok
21:51:33.0088 4428 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
21:51:33.0088 4428 sffdisk - ok
21:51:33.0119 4428 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
21:51:33.0119 4428 sffp_sd - ok
21:51:33.0182 4428 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
21:51:33.0182 4428 Sfloppy - ok
21:51:33.0182 4428 SGHIDI - ok
21:51:33.0244 4428 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:51:33.0260 4428 SharedAccess - ok
21:51:33.0291 4428 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:51:33.0307 4428 ShellHWDetection - ok
21:51:33.0307 4428 Simbad - ok
21:51:33.0322 4428 siside - ok
21:51:33.0322 4428 smartwiservice - ok
21:51:33.0338 4428 smbios - ok
21:51:33.0354 4428 sndsrvc - ok
21:51:33.0354 4428 snoopfree - ok
21:51:33.0385 4428 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:51:33.0385 4428 SONYPVU1 - ok
21:51:33.0385 4428 sonytvc - ok
21:51:33.0400 4428 Sparrow - ok
21:51:33.0416 4428 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:51:33.0416 4428 splitter - ok
21:51:33.0463 4428 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:51:33.0463 4428 Spooler - ok
21:51:33.0463 4428 SprintPort - ok
21:51:33.0479 4428 sqlserveragent - ok
21:51:33.0525 4428 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:51:33.0525 4428 sr - ok
21:51:33.0557 4428 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:51:33.0572 4428 srservice - ok
21:51:33.0650 4428 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:51:33.0650 4428 Srv - ok
21:51:33.0760 4428 SR_Service (addd489e5eea2f725cb13cebb36a042d) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
21:51:33.0760 4428 SR_Service - ok
21:51:33.0775 4428 SR_Watchdog (342e76ead7561675c67540750b5fda49) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
21:51:33.0775 4428 SR_Watchdog - ok
21:51:33.0791 4428 sscdmdfl - ok
21:51:33.0807 4428 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:51:33.0807 4428 SSDPSRV - ok
21:51:33.0854 4428 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:51:33.0854 4428 StillCam - ok
21:51:33.0885 4428 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:51:33.0916 4428 stisvc - ok
21:51:33.0963 4428 Stuffit Archive Name Service (e45eaded6f771a6fb1b5303a657b6f27) C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
21:51:33.0979 4428 Stuffit Archive Name Service - ok
21:51:33.0994 4428 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:51:33.0994 4428 swenum - ok
21:51:34.0025 4428 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:51:34.0025 4428 swmidi - ok
21:51:34.0057 4428 swmsflt (e6c797b33a454840245c0c96e7f08b0a) C:\WINDOWS\System32\drivers\swmsflt.sys
21:51:34.0057 4428 swmsflt - ok
21:51:34.0104 4428 swmx00 (5d3c9f767eaded3e14fa4ce6cf9f7725) C:\WINDOWS\system32\DRIVERS\swmx00.sys
21:51:34.0104 4428 swmx00 - ok
21:51:34.0135 4428 SWNC5E00 (e0919389fb29ed5c03b0b664236abe50) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
21:51:34.0135 4428 SWNC5E00 - ok
21:51:34.0166 4428 SWNC8U56 (2f6f8b7f821c994de3d1caf399bf9cd3) C:\WINDOWS\system32\DRIVERS\swnc8u56.sys
21:51:34.0166 4428 SWNC8U56 - ok
21:51:34.0182 4428 SwPrv - ok
21:51:34.0197 4428 SWUMX56 (903a5e596a3910cebfa33f3bd7d9c174) C:\WINDOWS\system32\DRIVERS\swumx56.sys
21:51:34.0197 4428 SWUMX56 - ok
21:51:34.0260 4428 Swupdtmr (486a64aabd88e4e174681e89e9736bc9) c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
21:51:34.0260 4428 Swupdtmr - ok
21:51:34.0260 4428 symc810 - ok
21:51:34.0275 4428 symc8xx - ok
21:51:34.0275 4428 sym_hi - ok
21:51:34.0291 4428 sym_u3 - ok
21:51:34.0354 4428 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:51:34.0354 4428 SynTP - ok
21:51:34.0369 4428 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:51:34.0369 4428 sysaudio - ok
21:51:34.0416 4428 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:51:34.0416 4428 SysmonLog - ok
21:51:34.0463 4428 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:51:34.0479 4428 TapiSrv - ok
21:51:34.0604 4428 TAPPSRV (90861642fd6d8fafb1408ee26fa93cb4) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
21:51:34.0604 4428 TAPPSRV - ok
21:51:34.0635 4428 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
21:51:34.0635 4428 tbiosdrv - ok
21:51:34.0713 4428 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:51:34.0713 4428 Tcpip - ok
21:51:34.0744 4428 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:51:34.0744 4428 TDPIPE - ok
21:51:34.0744 4428 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:51:34.0760 4428 TDTCP - ok
21:51:34.0775 4428 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:51:34.0775 4428 TermDD - ok
21:51:34.0838 4428 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:51:34.0854 4428 TermService - ok
21:51:34.0900 4428 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:51:34.0900 4428 Themes - ok
21:51:34.0932 4428 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
21:51:34.0932 4428 tifm21 - ok
21:51:34.0994 4428 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:51:34.0994 4428 TlntSvr - ok
21:51:35.0010 4428 TosIde - ok
21:51:35.0025 4428 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
21:51:35.0025 4428 tosrfec - ok
21:51:35.0057 4428 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:51:35.0057 4428 TrkWks - ok
21:51:35.0104 4428 TuneUp.Defrag (233fcd3443cfbbaa27e7e463dccbc528) C:\WINDOWS\System32\TuneUpDefragService.exe
21:51:35.0119 4428 TuneUp.Defrag - ok
21:51:35.0166 4428 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
21:51:35.0166 4428 TVALD - ok
21:51:35.0182 4428 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
21:51:35.0182 4428 Tvs - ok
21:51:35.0197 4428 twotrack - ok
21:51:35.0197 4428 U81xbus - ok
21:51:35.0260 4428 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:51:35.0275 4428 Udfs - ok
21:51:35.0275 4428 ultra - ok
21:51:35.0354 4428 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:51:35.0354 4428 Update - ok
21:51:35.0416 4428 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:51:35.0432 4428 upnphost - ok
21:51:35.0447 4428 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:51:35.0447 4428 UPS - ok
21:51:35.0463 4428 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:51:35.0479 4428 usbaudio - ok
21:51:35.0525 4428 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:51:35.0525 4428 usbccgp - ok
21:51:35.0541 4428 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:51:35.0541 4428 usbehci - ok
21:51:35.0572 4428 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:51:35.0572 4428 usbhub - ok
21:51:35.0572 4428 usbio - ok
21:51:35.0604 4428 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:51:35.0604 4428 usbohci - ok
21:51:35.0619 4428 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:51:35.0635 4428 usbprint - ok
21:51:35.0650 4428 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:51:35.0650 4428 usbscan - ok
21:51:35.0666 4428 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
21:51:35.0666 4428 usbser - ok
21:51:35.0697 4428 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:51:35.0697 4428 USBSTOR - ok
21:51:35.0729 4428 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:51:35.0729 4428 usbuhci - ok
21:51:35.0744 4428 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
21:51:35.0744 4428 usb_rndisx - ok
21:51:35.0760 4428 useraccess7 - ok
21:51:35.0760 4428 VAIOMediaPlatform-PhotoServer-HTTP - ok
21:51:35.0838 4428 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:51:35.0838 4428 VgaSave - ok
21:51:35.0838 4428 ViaIde - ok
21:51:35.0916 4428 VideoAcceleratorService - ok
21:51:35.0947 4428 VNASC (5fb77241b22bfbdc2fdef011696701b2) C:\WINDOWS\system32\DRIVERS\vnasc.sys
21:51:35.0947 4428 VNASC - ok
21:51:35.0963 4428 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:51:35.0963 4428 VolSnap - ok
21:51:36.0010 4428 VPN-1 (f93742fa61f8b204d9a70d2d4b333782) C:\WINDOWS\System32\drivers\vpn.sys
21:51:36.0025 4428 VPN-1 - ok
21:51:36.0072 4428 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:51:36.0072 4428 VSS - ok
21:51:36.0104 4428 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:51:36.0104 4428 W32Time - ok
21:51:36.0275 4428 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
21:51:36.0275 4428 w39n51 - ok
21:51:36.0400 4428 w800mdm - ok
21:51:36.0400 4428 w810bus - ok
21:51:36.0447 4428 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:51:36.0447 4428 Wanarp - ok
21:51:36.0510 4428 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
21:51:36.0510 4428 wanatw - ok
21:51:36.0588 4428 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:51:36.0588 4428 Wdf01000 - ok
21:51:36.0604 4428 WDICA - ok
21:51:36.0619 4428 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:51:36.0619 4428 wdmaud - ok
21:51:36.0650 4428 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:51:36.0650 4428 WebClient - ok
21:51:36.0666 4428 WinFl32 - ok
21:51:36.0729 4428 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:51:36.0729 4428 winmgmt - ok
21:51:36.0760 4428 winsshd - ok
21:51:36.0791 4428 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
21:51:36.0791 4428 WinUSB - ok
21:51:37.0025 4428 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:51:37.0088 4428 wlidsvc - ok
21:51:37.0213 4428 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:51:37.0213 4428 WmdmPmSN - ok
21:51:37.0275 4428 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:51:37.0307 4428 Wmi - ok
21:51:37.0385 4428 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:51:37.0385 4428 WmiApSrv - ok
21:51:37.0557 4428 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:51:37.0604 4428 WMPNetworkSvc - ok
21:51:37.0650 4428 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:51:37.0666 4428 WpdUsb - ok
21:51:37.0713 4428 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:51:37.0713 4428 WS2IFSL - ok
21:51:37.0744 4428 WsAudioDevice_383 (85ece26f326c2d07ba77a60343468272) C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys
21:51:37.0744 4428 WsAudioDevice_383 - ok
21:51:37.0744 4428 wscsvc - ok
21:51:37.0775 4428 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:51:37.0775 4428 wuauserv - ok
21:51:37.0807 4428 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:51:37.0807 4428 WudfPf - ok
21:51:37.0854 4428 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:51:37.0854 4428 WudfRd - ok
21:51:37.0869 4428 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:51:37.0885 4428 WudfSvc - ok
21:51:38.0025 4428 wwEngineSvc (be0b3774113713059527fcf071ccdbfe) C:\Program Files\Webroot\Washer\WasherSvc.exe
21:51:38.0025 4428 wwEngineSvc - ok
21:51:38.0088 4428 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:51:38.0119 4428 WZCSVC - ok
21:51:38.0150 4428 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:51:38.0150 4428 xmlprov - ok
21:51:38.0260 4428 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
21:51:38.0416 4428 \Device\Harddisk0\DR0 - ok
21:51:38.0432 4428 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR6
21:51:38.0432 4428 \Device\Harddisk1\DR6 - ok
21:51:38.0432 4428 Boot (0x1200) (484eb9758b1052865e2c7936059c091b) \Device\Harddisk0\DR0\Partition0
21:51:38.0432 4428 \Device\Harddisk0\DR0\Partition0 - ok
21:51:38.0463 4428 Boot (0x1200) (748e960fe5ae0e94476ba965dd5e7222) \Device\Harddisk0\DR0\Partition1
21:51:38.0463 4428 \Device\Harddisk0\DR0\Partition1 - ok
21:51:38.0479 4428 Boot (0x1200) (1ec5aac5d1caf8e33e231dce4f9b8219) \Device\Harddisk1\DR6\Partition0
21:51:38.0479 4428 \Device\Harddisk1\DR6\Partition0 - ok
21:51:38.0479 4428 ============================================================
21:51:38.0479 4428 Scan finished
21:51:38.0479 4428 ============================================================
21:51:38.0494 4204 Detected object count: 0
21:51:38.0494 4204 Actual detected object count: 0

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:49 PM

Posted 23 April 2012 - 09:22 PM

The very last section of GMER log indicates an infection being present but it looks like more advanced tools will be needed.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 markp

markp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 24 April 2012 - 04:05 PM

I think I was confused when I posted the reply to your last instructions. I don't know if I started a topic in the correct forum or if I should go back and open the topic where you said to post "HERE". I don't know if that opens my new data in a new forum, or if I did my new post correctly. If you can see that I need to do it differently , please tell me. thanks so much!!

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:49 PM

Posted 24 April 2012 - 08:22 PM

You did fine :)

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users