Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All program icons are hidden. Programs in state menu are gone.


  • Please log in to reply
20 replies to this topic

#1 jeffw11

jeffw11

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 22 May 2012 - 05:53 PM

A buddy dropped off his laptop to me with major problems. Something has taken over the computer. The desktop picture is gone and now just black. All program icons are gone. (they show up if I go to folder options in the control panel and allow hidden files and folders to show) All of the programs in the Start menu are gone.

This all started with pop ups telling him that he needed to pay to remove viruses. He never did and now the computer is in this condition.

As of right now, I am running Malwarebytes to see if I can find anything.

If you have any suggestions, feel free to let me know as this looks like something has hijacked this laptop.

Thank you,
Jeff

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:06 AM

Posted 22 May 2012 - 06:54 PM

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

Then...

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 22 May 2012 - 09:12 PM

Here we go. The UnHide program recovered my files so that worked great.

Here are the log files you wanted:

UnHide:

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 05/22/2012 07:17:06 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 136112 files processed.

The C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Restarting Explorer.exe in order to apply changes.

Program finished at: 05/22/2012 07:22:37 PM
Execution time: 0 hours(s), 5 minute(s), and 31 seconds(s)




Security Check:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
AVG 2012
AVG Security Toolbar
AVG 2012
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware Free Edition
CCleaner
JavaFX 2.0.2
Java™ 6 Update 29
Java™ 7 Update 2
Out of date Java installed!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````



Farbar Service Scanner:

Farbar Service Scanner Version: 17-05-2012
Ran by Administrator (administrator) on 22-05-2012 at 19:52:03
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) Avgtdix(11) Gpc(3) IPSec(5) NetBT(6) PSched(7) s24trans(8) Tcpip(4)
0x0D00000005000000010000000200000003000000040000000A0000000C0000000D0000000B00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****




MiniTool Box:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Administrator (administrator) on 22-05-2012 at 19:54:30
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : darwin-aeedc1d8

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-1D-09-D6-D0-D8



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN

Physical Address. . . . . . . . . : 00-1F-3B-36-BE-3D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.135

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Tuesday, May 22, 2012 6:40:10 PM

Lease Expires . . . . . . . . . . : Wednesday, May 23, 2012 6:40:10 PM

Server: DD-WRT
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.105, 74.125.225.99, 74.125.225.104, 74.125.225.96
74.125.225.110, 74.125.225.97, 74.125.225.103, 74.125.225.100, 74.125.225.98
74.125.225.101, 74.125.225.102



Pinging google.com [74.125.225.102] with 32 bytes of data:



Reply from 74.125.225.102: bytes=32 time=33ms TTL=53

Reply from 74.125.225.102: bytes=32 time=32ms TTL=53



Ping statistics for 74.125.225.102:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 32ms, Maximum = 33ms, Average = 32ms

Server: DD-WRT
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=60ms TTL=47

Reply from 98.139.183.24: bytes=32 time=78ms TTL=46



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 60ms, Maximum = 78ms, Average = 69ms

Server: DD-WRT
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 09 d6 d0 d8 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 1f 3b 36 be 3d ...... Intel® Wireless WiFi Link 4965AGN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.135 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.135 192.168.1.135 20
192.168.1.135 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.135 192.168.1.135 20
224.0.0.0 240.0.0.0 192.168.1.135 192.168.1.135 20
255.255.255.255 255.255.255.255 192.168.1.135 2 1
255.255.255.255 255.255.255.255 192.168.1.135 192.168.1.135 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/22/2012 06:09:48 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: iTunes -- Error 1704. An installation for Microsoft .NET Framework 4 Client Profile is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (05/22/2012 05:58:17 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/22/2012 05:04:03 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/20/2012 07:57:05 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/20/2012 06:23:15 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/15/2012 04:34:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1362422

Error: (05/15/2012 04:34:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1362422

Error: (05/15/2012 04:34:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2012 04:34:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1360469

Error: (05/15/2012 04:34:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1360469


System errors:
=============
Error: (05/22/2012 06:41:41 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (05/22/2012 06:41:41 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86
Avgmfx86
Fips
intelppm
SASDIFSV
SASKUTIL

Error: (05/22/2012 06:41:41 PM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%5

Error: (05/22/2012 06:41:41 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (05/22/2012 06:41:01 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/22/2012 06:40:22 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/22/2012 06:40:19 PM) (Source: SRService) (User: )
Description: The System Restore initialization process failed.

Error: (05/22/2012 05:58:58 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (05/22/2012 05:58:58 PM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%5

Error: (05/22/2012 05:58:57 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated with service-specific error 1 (0x1).


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1784.41616)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Download Manager (Version: 1.6.2.87)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2425)
AVG 2012 (Version: 2012.0.1913)
AVG Security Toolbar (Version: 10.2.0.3)
Bing Bar (Version: 6.3.2291.0)
Bing Bar Platform (Version: 6.3.2291.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
Broadcom 440x 10/100 Integrated Controller (Version: 10.04.01)
CCleaner (Version: 3.17)
Cisco Connect (Version: 1.4.11266.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HDA D330 MDC V.92 Modem
Corel Paint Shop Pro X (Version: 10.0)
Corel Photo Album 6 (Version: 6.00)
Coupon Printer for Windows (Version: 5.0.0.0)
Dell PC Fax
Dell Photo AIO Printer 926
Dell Resource CD (Version: 1.00.0000)
Dell Webcam Center
Dell Webcam Manager
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Fax Solutions
Google Chrome (Version: 19.0.1084.46)
Google Update Helper (Version: 1.3.21.111)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HP Deskjet 2050 J510 series Basic Device Software (Version: 22.50.231.0)
iLike Sidebar (Version: 1.2.18)
iMesh (Version: 10.0.0.91228)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software (Version: 11.01.0000)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.1.5.3)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 7 Update 2 (Version: 7.0.20)
JavaFX 2.0.2 (Version: 2.0.2)
Laptop Integrated Webcam Driver (1.02.01.0612)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
mCore (Version: 9.03.0000)
mDriver (Version: 9.03.0000)
mDrWiFi (Version: 9.03.0000)
mHlpDell (Version: 9.03.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mIWA (Version: 9.03.0000)
mLogView (Version: 9.03.0000)
mMHouse (Version: 9.03.0000)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
mPfMgr (Version: 9.03.0000)
mPfWiz (Version: 9.03.0000)
mProSafe (Version: 9.00.0000)
mSCfg (Version: 9.03.0000)
mSSO (Version: 9.03.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Music Oasis (Version: 1.0.0)
mWlsSafe (Version: 9.00.0000)
mWMI (Version: 9.03.0000)
mZConfig (Version: 9.03.0000)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Picasa 3 (Version: 3.8)
QuickTime (Version: 7.71.80.42)
RealPlayer
RealUpgrade 1.0 (Version: 1.0.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Safari (Version: 5.34.54.16)
SigmaTel Audio (Version: 5.10.5102.0)
Smart Defrag 2 (Version: 2.3)
SUPERAntiSpyware Free Edition (Version: 4.37.0.1000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
VLC media player 1.0.1 (Version: 1.0.1)
VoiceOver Kit (Version: 1.42.128.0)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) (Version: 11/14/2006 6.00.01.04)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 61%
Total physical RAM: 2037.97 MB
Available physical RAM: 784.68 MB
Total Pagefile: 3934.31 MB
Available Pagefile: 2954.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.2 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:146 GB) (Free:110.62 GB) NTFS

========================= Users: ========================================

User accounts for \\DARWIN-AEEDC1D8

Administrator ASPNET Darwin
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****





Malwarebytes:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.23.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: DARWIN-AEEDC1D8 [administrator]

5/22/2012 8:05:57 PM
mbam-log-2012-05-22 (20-05-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260555
Time elapsed: 18 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-22 20:35:19
-----------------------------
20:35:19.859 OS Version: Windows 5.1.2600 Service Pack 3
20:35:19.859 Number of processors: 2 586 0xF0D
20:35:19.859 ComputerName: DARWIN-AEEDC1D8 UserName: Administrator
20:35:22.593 Initialize success
20:37:32.656 AVAST engine defs: 12052201
20:38:15.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
20:38:15.593 Disk 0 Vendor: WDC_WD1600BEVS-08VAT2 14.01A14 Size: 152627MB BusType: 3
20:38:15.625 Device \Driver\atapi -> DriverStartIo 89a422c6
20:38:15.656 Disk 0 MBR read successfully
20:38:15.687 Disk 0 MBR scan
20:38:15.765 Disk 0 MBR:Alureon-M [Rtk]
20:38:15.796 Disk 0 TDL4@MBR code has been found
20:38:15.828 Disk 0 Windows XP default MBR code found via API
20:38:15.859 Disk 0 MBR hidden
20:38:15.890 Disk 0 Partition 1 00 DE Dell Utility Dell 8.1 47 MB offset 63
20:38:15.937 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149503 MB offset 96390
20:38:15.968 Disk 0 Partition - 00 0F Extended LBA 3074 MB offset 306279225
20:38:16.031 Disk 0 Partition 3 00 DD MSDOS5.0 3074 MB offset 306279288
20:38:16.078 Disk 0 MBR [TDL4] **ROOTKIT**
20:38:16.156 Disk 0 trace - called modules:
20:38:16.234 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89a4249f]<<
20:38:16.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89aebab8]
20:38:16.390 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x89aff9a0]
20:38:16.468 \Driver\atapi[0x89a5c660] -> IRP_MJ_CREATE -> 0x89a4249f
20:38:17.703 AVAST engine scan C:\WINDOWS
20:38:24.671 AVAST engine scan C:\WINDOWS\system32
20:41:10.500 AVAST engine scan C:\WINDOWS\system32\drivers
20:41:25.734 AVAST engine scan C:\Documents and Settings\Administrator
20:41:42.140 AVAST engine scan C:\Documents and Settings\All Users
20:42:35.843 Scan finished successfully
21:06:06.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
21:06:06.359 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


That is It. Let me know what you Think and what I still need to do.

Appreciate your help and time,
Jeff

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:06 AM

Posted 22 May 2012 - 09:20 PM

You're still infected.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 22 May 2012 - 09:57 PM

Here is the TDSSKiller log file:

21:49:16.0093 1464 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:49:16.0468 1464 ============================================================
21:49:16.0468 1464 Current date / time: 2012/05/22 21:49:16.0468
21:49:16.0468 1464 SystemInfo:
21:49:16.0468 1464
21:49:16.0468 1464 OS Version: 5.1.2600 ServicePack: 3.0
21:49:16.0468 1464 Product type: Workstation
21:49:16.0468 1464 ComputerName: DARWIN-AEEDC1D8
21:49:16.0468 1464 UserName: Darwin
21:49:16.0468 1464 Windows directory: C:\WINDOWS
21:49:16.0468 1464 System windows directory: C:\WINDOWS
21:49:16.0468 1464 Processor architecture: Intel x86
21:49:16.0468 1464 Number of processors: 2
21:49:16.0468 1464 Page size: 0x1000
21:49:16.0468 1464 Boot type: Safe boot with network
21:49:16.0468 1464 ============================================================
21:49:23.0437 1464 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:49:23.0437 1464 ============================================================
21:49:23.0437 1464 \Device\Harddisk0\DR0:
21:49:23.0437 1464 MBR partitions:
21:49:23.0437 1464 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x123FFAB3
21:49:23.0500 1464 ============================================================
21:49:23.0609 1464 C: <-> \Device\Harddisk0\DR0\Partition0
21:49:23.0656 1464 ============================================================
21:49:23.0656 1464 Initialize success
21:49:23.0656 1464 ============================================================
21:49:40.0593 2216 ============================================================
21:49:40.0593 2216 Scan started
21:49:40.0593 2216 Mode: Manual;
21:49:40.0593 2216 ============================================================
21:49:43.0843 2216 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:49:43.0859 2216 !SASCORE - ok
21:49:44.0156 2216 Abiosdsk - ok
21:49:44.0203 2216 abp480n5 - ok
21:49:44.0312 2216 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:49:44.0312 2216 ACPI - ok
21:49:44.0375 2216 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:49:44.0375 2216 ACPIEC - ok
21:49:44.0531 2216 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:49:44.0546 2216 AdobeFlashPlayerUpdateSvc - ok
21:49:44.0578 2216 adpu160m - ok
21:49:44.0687 2216 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:49:44.0687 2216 aec - ok
21:49:44.0750 2216 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:49:44.0750 2216 AegisP - ok
21:49:44.0812 2216 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:49:44.0812 2216 AFD - ok
21:49:44.0843 2216 Aha154x - ok
21:49:44.0906 2216 aic78u2 - ok
21:49:44.0953 2216 aic78xx - ok
21:49:45.0046 2216 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:49:45.0046 2216 Alerter - ok
21:49:45.0093 2216 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:49:45.0109 2216 ALG - ok
21:49:45.0140 2216 AliIde - ok
21:49:45.0187 2216 amsint - ok
21:49:45.0328 2216 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:49:45.0328 2216 Apple Mobile Device - ok
21:49:45.0390 2216 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:49:45.0406 2216 AppMgmt - ok
21:49:45.0500 2216 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:49:45.0500 2216 Arp1394 - ok
21:49:45.0531 2216 asc - ok
21:49:45.0578 2216 asc3350p - ok
21:49:45.0609 2216 asc3550 - ok
21:49:45.0812 2216 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:49:45.0843 2216 aspnet_state - ok
21:49:45.0890 2216 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:49:45.0890 2216 AsyncMac - ok
21:49:45.0953 2216 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:49:45.0953 2216 atapi - ok
21:49:45.0968 2216 Atdisk - ok
21:49:46.0046 2216 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:49:46.0046 2216 Atmarpc - ok
21:49:46.0109 2216 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:49:46.0109 2216 AudioSrv - ok
21:49:46.0156 2216 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:49:46.0156 2216 audstub - ok
21:49:46.0562 2216 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
21:49:46.0796 2216 AVGIDSAgent - ok
21:49:46.0953 2216 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
21:49:46.0953 2216 AVGIDSDriver - ok
21:49:47.0015 2216 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
21:49:47.0015 2216 AVGIDSEH - ok
21:49:47.0046 2216 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
21:49:47.0046 2216 AVGIDSFilter - ok
21:49:47.0109 2216 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
21:49:47.0109 2216 AVGIDSShim - ok
21:49:47.0171 2216 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:49:47.0187 2216 Avgldx86 - ok
21:49:47.0218 2216 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:49:47.0234 2216 Avgmfx86 - ok
21:49:47.0312 2216 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:49:47.0312 2216 Avgrkx86 - ok
21:49:47.0390 2216 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:49:47.0406 2216 Avgtdix - ok
21:49:47.0531 2216 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:49:47.0546 2216 avgwd - ok
21:49:47.0625 2216 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
21:49:47.0625 2216 bcm4sbxp - ok
21:49:47.0703 2216 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:49:47.0703 2216 Beep - ok
21:49:47.0781 2216 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:49:47.0875 2216 BITS - ok
21:49:47.0968 2216 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:49:47.0984 2216 Bonjour Service - ok
21:49:48.0078 2216 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:49:48.0078 2216 Browser - ok
21:49:48.0296 2216 catchme - ok
21:49:48.0375 2216 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:49:48.0375 2216 cbidf2k - ok
21:49:48.0421 2216 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:49:48.0421 2216 CCDECODE - ok
21:49:48.0453 2216 cd20xrnt - ok
21:49:48.0531 2216 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:49:48.0531 2216 Cdaudio - ok
21:49:48.0625 2216 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:49:48.0625 2216 Cdfs - ok
21:49:48.0656 2216 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:49:48.0656 2216 Cdrom - ok
21:49:48.0734 2216 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
21:49:48.0734 2216 cercsr6 - ok
21:49:48.0750 2216 Changer - ok
21:49:48.0828 2216 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:49:48.0828 2216 CiSvc - ok
21:49:48.0875 2216 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:49:48.0875 2216 ClipSrv - ok
21:49:48.0984 2216 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:49:49.0031 2216 clr_optimization_v2.0.50727_32 - ok
21:49:49.0109 2216 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:49:49.0125 2216 clr_optimization_v4.0.30319_32 - ok
21:49:49.0156 2216 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:49:49.0156 2216 CmBatt - ok
21:49:49.0171 2216 CmdIde - ok
21:49:49.0218 2216 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:49:49.0218 2216 Compbatt - ok
21:49:49.0296 2216 COMSysApp - ok
21:49:49.0359 2216 Cpqarray - ok
21:49:49.0453 2216 cpuz132 - ok
21:49:49.0546 2216 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:49:49.0546 2216 CryptSvc - ok
21:49:49.0562 2216 dac2w2k - ok
21:49:49.0625 2216 dac960nt - ok
21:49:49.0687 2216 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:49:49.0734 2216 DcomLaunch - ok
21:49:49.0781 2216 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:49:49.0796 2216 Dhcp - ok
21:49:49.0812 2216 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:49:49.0828 2216 Disk - ok
21:49:49.0875 2216 dlcx_device - ok
21:49:49.0906 2216 dmadmin - ok
21:49:50.0031 2216 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:49:50.0046 2216 dmboot - ok
21:49:50.0078 2216 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:49:50.0093 2216 dmio - ok
21:49:50.0125 2216 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:49:50.0125 2216 dmload - ok
21:49:50.0203 2216 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:49:50.0203 2216 dmserver - ok
21:49:50.0265 2216 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:49:50.0265 2216 DMusic - ok
21:49:50.0328 2216 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:49:50.0328 2216 Dnscache - ok
21:49:50.0390 2216 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:49:50.0406 2216 Dot3svc - ok
21:49:50.0437 2216 dpti2o - ok
21:49:50.0515 2216 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:49:50.0515 2216 drmkaud - ok
21:49:50.0593 2216 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:49:50.0593 2216 EapHost - ok
21:49:50.0625 2216 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:49:50.0625 2216 ERSvc - ok
21:49:50.0703 2216 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:49:50.0718 2216 Eventlog - ok
21:49:50.0828 2216 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:49:50.0843 2216 EventSystem - ok
21:49:51.0062 2216 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
21:49:51.0093 2216 EvtEng - ok
21:49:51.0156 2216 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:49:51.0187 2216 Fastfat - ok
21:49:51.0281 2216 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:49:51.0296 2216 FastUserSwitchingCompatibility - ok
21:49:51.0343 2216 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:49:51.0343 2216 Fdc - ok
21:49:51.0406 2216 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:49:51.0406 2216 Fips - ok
21:49:51.0437 2216 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:49:51.0437 2216 Flpydisk - ok
21:49:51.0562 2216 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:49:51.0578 2216 FltMgr - ok
21:49:51.0859 2216 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:49:51.0890 2216 FontCache3.0.0.0 - ok
21:49:51.0921 2216 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:49:51.0921 2216 Fs_Rec - ok
21:49:52.0046 2216 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:49:52.0046 2216 Ftdisk - ok
21:49:52.0140 2216 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:49:52.0187 2216 GEARAspiWDM - ok
21:49:52.0234 2216 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:49:52.0234 2216 Gpc - ok
21:49:52.0484 2216 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:49:52.0500 2216 gupdate - ok
21:49:52.0578 2216 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:49:52.0578 2216 gupdatem - ok
21:49:52.0781 2216 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:49:52.0796 2216 gusvc - ok
21:49:52.0890 2216 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:49:52.0890 2216 HDAudBus - ok
21:49:52.0968 2216 helpsvc - ok
21:49:52.0984 2216 HidServ - ok
21:49:53.0125 2216 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:49:53.0125 2216 HidUsb - ok
21:49:53.0265 2216 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:49:53.0265 2216 hkmsvc - ok
21:49:53.0296 2216 hpn - ok
21:49:53.0406 2216 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:49:53.0421 2216 HSFHWAZL - ok
21:49:53.0562 2216 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:49:53.0609 2216 HSF_DPV - ok
21:49:53.0671 2216 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:49:53.0703 2216 HTTP - ok
21:49:53.0765 2216 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:49:53.0812 2216 HTTPFilter - ok
21:49:53.0828 2216 i2omgmt - ok
21:49:53.0875 2216 i2omp - ok
21:49:53.0953 2216 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:49:53.0953 2216 i8042prt - ok
21:49:54.0515 2216 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:49:54.0703 2216 ialm - ok
21:49:55.0000 2216 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:49:55.0031 2216 idsvc - ok
21:49:55.0125 2216 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:49:55.0140 2216 Imapi - ok
21:49:55.0187 2216 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:49:55.0203 2216 ImapiService - ok
21:49:55.0265 2216 ini910u - ok
21:49:55.0312 2216 IntelIde - ok
21:49:55.0453 2216 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:49:55.0453 2216 intelppm - ok
21:49:55.0500 2216 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:49:55.0500 2216 Ip6Fw - ok
21:49:55.0546 2216 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:49:55.0562 2216 IpFilterDriver - ok
21:49:55.0640 2216 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:49:55.0640 2216 IpInIp - ok
21:49:55.0703 2216 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:49:55.0703 2216 IpNat - ok
21:49:56.0015 2216 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:49:56.0046 2216 iPod Service - ok
21:49:56.0093 2216 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:49:56.0093 2216 IPSec - ok
21:49:56.0156 2216 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:49:56.0156 2216 IRENUM - ok
21:49:56.0234 2216 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:49:56.0234 2216 isapnp - ok
21:49:56.0359 2216 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
21:49:56.0375 2216 JavaQuickStarterService - ok
21:49:56.0437 2216 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:49:56.0437 2216 Kbdclass - ok
21:49:56.0593 2216 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:49:56.0593 2216 kmixer - ok
21:49:56.0640 2216 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:49:56.0640 2216 KSecDD - ok
21:49:56.0718 2216 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:49:56.0718 2216 lanmanserver - ok
21:49:56.0890 2216 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:49:56.0921 2216 lanmanworkstation - ok
21:49:56.0953 2216 lbrtfdc - ok
21:49:57.0078 2216 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:49:57.0078 2216 LmHosts - ok
21:49:57.0125 2216 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:49:57.0125 2216 mdmxsdk - ok
21:49:57.0187 2216 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:49:57.0187 2216 Messenger - ok
21:49:57.0250 2216 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:49:57.0250 2216 mnmdd - ok
21:49:57.0343 2216 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:49:57.0343 2216 mnmsrvc - ok
21:49:57.0437 2216 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:49:57.0437 2216 Modem - ok
21:49:57.0500 2216 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:49:57.0515 2216 Mouclass - ok
21:49:57.0593 2216 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:49:57.0593 2216 mouhid - ok
21:49:57.0671 2216 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:49:57.0671 2216 MountMgr - ok
21:49:57.0765 2216 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:49:57.0765 2216 MozillaMaintenance - ok
21:49:57.0796 2216 mraid35x - ok
21:49:57.0859 2216 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:49:57.0859 2216 MRxDAV - ok
21:49:58.0000 2216 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:49:58.0031 2216 MRxSmb - ok
21:49:58.0093 2216 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:49:58.0093 2216 MSDTC - ok
21:49:58.0218 2216 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:49:58.0218 2216 Msfs - ok
21:49:58.0265 2216 MSIServer - ok
21:49:58.0328 2216 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:49:58.0328 2216 MSKSSRV - ok
21:49:58.0375 2216 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:49:58.0375 2216 MSPCLOCK - ok
21:49:58.0421 2216 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:49:58.0421 2216 MSPQM - ok
21:49:58.0515 2216 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:49:58.0515 2216 mssmbios - ok
21:49:58.0609 2216 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:49:58.0609 2216 MSTEE - ok
21:49:58.0656 2216 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:49:58.0671 2216 Mup - ok
21:49:58.0718 2216 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:49:58.0734 2216 NABTSFEC - ok
21:49:58.0859 2216 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:49:58.0890 2216 napagent - ok
21:49:58.0937 2216 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:49:58.0953 2216 NDIS - ok
21:49:58.0984 2216 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:49:59.0000 2216 NdisIP - ok
21:49:59.0046 2216 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:49:59.0046 2216 NdisTapi - ok
21:49:59.0078 2216 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:49:59.0078 2216 Ndisuio - ok
21:49:59.0140 2216 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:49:59.0140 2216 NdisWan - ok
21:49:59.0218 2216 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:49:59.0218 2216 NDProxy - ok
21:49:59.0281 2216 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:49:59.0281 2216 NetBIOS - ok
21:49:59.0359 2216 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:49:59.0375 2216 NetBT - ok
21:49:59.0484 2216 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:49:59.0484 2216 NetDDE - ok
21:49:59.0515 2216 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:49:59.0515 2216 NetDDEdsdm - ok
21:49:59.0593 2216 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:49:59.0593 2216 Netlogon - ok
21:49:59.0656 2216 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:49:59.0671 2216 Netman - ok
21:49:59.0859 2216 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:49:59.0859 2216 NetTcpPortSharing - ok
21:50:00.0078 2216 NETw4x32 (12b0d99865434387f784268b70e23360) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
21:50:00.0218 2216 NETw4x32 - ok
21:50:00.0328 2216 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:50:00.0343 2216 NIC1394 - ok
21:50:00.0421 2216 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:50:00.0484 2216 Nla - ok
21:50:00.0656 2216 nosGetPlusHelper (eb900c136e660a8deb657be134c3bcd9) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
21:50:00.0671 2216 nosGetPlusHelper - ok
21:50:00.0734 2216 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:50:00.0734 2216 Npfs - ok
21:50:00.0796 2216 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:50:00.0812 2216 Ntfs - ok
21:50:00.0875 2216 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:50:00.0875 2216 NtLmSsp - ok
21:50:00.0968 2216 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:50:00.0984 2216 NtmsSvc - ok
21:50:01.0046 2216 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:50:01.0046 2216 Null - ok
21:50:01.0093 2216 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:50:01.0093 2216 NwlnkFlt - ok
21:50:01.0156 2216 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:50:01.0156 2216 NwlnkFwd - ok
21:50:01.0312 2216 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:50:01.0328 2216 odserv - ok
21:50:01.0375 2216 OEM02Dev (f95440e0780826417624e66a9171bfb7) C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys
21:50:01.0375 2216 OEM02Dev - ok
21:50:01.0406 2216 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys
21:50:01.0406 2216 OEM02Vfx - ok
21:50:01.0468 2216 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:50:01.0484 2216 ohci1394 - ok
21:50:01.0531 2216 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:50:01.0546 2216 ose - ok
21:50:01.0609 2216 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:50:01.0625 2216 Parport - ok
21:50:01.0671 2216 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:50:01.0671 2216 PartMgr - ok
21:50:01.0734 2216 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:50:01.0734 2216 ParVdm - ok
21:50:01.0765 2216 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:50:01.0781 2216 PCI - ok
21:50:01.0828 2216 PCIDump - ok
21:50:01.0890 2216 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:50:01.0921 2216 PCIIde - ok
21:50:01.0968 2216 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:50:01.0984 2216 Pcmcia - ok
21:50:02.0000 2216 PDCOMP - ok
21:50:02.0046 2216 PDFRAME - ok
21:50:02.0109 2216 PDRELI - ok
21:50:02.0140 2216 PDRFRAME - ok
21:50:02.0203 2216 perc2 - ok
21:50:02.0250 2216 perc2hib - ok
21:50:02.0437 2216 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:50:02.0437 2216 PlugPlay - ok
21:50:02.0468 2216 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:50:02.0468 2216 PolicyAgent - ok
21:50:02.0546 2216 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:50:02.0546 2216 PptpMiniport - ok
21:50:02.0593 2216 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:50:02.0593 2216 ProtectedStorage - ok
21:50:02.0640 2216 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:50:02.0640 2216 PSched - ok
21:50:02.0703 2216 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:50:02.0703 2216 Ptilink - ok
21:50:02.0750 2216 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:50:02.0750 2216 PxHelp20 - ok
21:50:02.0796 2216 ql1080 - ok
21:50:02.0843 2216 Ql10wnt - ok
21:50:02.0906 2216 ql12160 - ok
21:50:02.0921 2216 ql1240 - ok
21:50:02.0968 2216 ql1280 - ok
21:50:03.0062 2216 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:50:03.0062 2216 RasAcd - ok
21:50:03.0109 2216 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:50:03.0125 2216 RasAuto - ok
21:50:03.0171 2216 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:50:03.0171 2216 Rasl2tp - ok
21:50:03.0281 2216 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:50:03.0281 2216 RasMan - ok
21:50:03.0312 2216 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:50:03.0312 2216 RasPppoe - ok
21:50:03.0359 2216 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:50:03.0359 2216 Raspti - ok
21:50:03.0468 2216 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:50:03.0484 2216 Rdbss - ok
21:50:03.0531 2216 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:50:03.0531 2216 RDPCDD - ok
21:50:03.0593 2216 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:50:03.0609 2216 rdpdr - ok
21:50:03.0671 2216 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:50:03.0687 2216 RDPWD - ok
21:50:03.0750 2216 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:50:03.0765 2216 RDSessMgr - ok
21:50:03.0828 2216 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:50:03.0828 2216 redbook - ok
21:50:04.0015 2216 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
21:50:04.0031 2216 RegSrvc - ok
21:50:04.0078 2216 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:50:04.0078 2216 RemoteAccess - ok
21:50:04.0125 2216 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:50:04.0125 2216 RemoteRegistry - ok
21:50:04.0187 2216 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
21:50:04.0187 2216 rimmptsk - ok
21:50:04.0218 2216 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
21:50:04.0218 2216 rimsptsk - ok
21:50:04.0265 2216 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
21:50:04.0265 2216 rismxdp - ok
21:50:04.0343 2216 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:50:04.0343 2216 RpcLocator - ok
21:50:04.0468 2216 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:50:04.0484 2216 RpcSs - ok
21:50:04.0531 2216 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:50:04.0546 2216 RSVP - ok
21:50:04.0765 2216 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
21:50:04.0828 2216 S24EventMonitor - ok
21:50:04.0859 2216 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:50:04.0859 2216 s24trans - ok
21:50:04.0937 2216 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:50:04.0937 2216 SamSs - ok
21:50:05.0078 2216 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:50:05.0078 2216 SASDIFSV - ok
21:50:05.0125 2216 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:50:05.0125 2216 SASKUTIL - ok
21:50:05.0218 2216 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:50:05.0218 2216 SCardSvr - ok
21:50:05.0281 2216 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:50:05.0296 2216 Schedule - ok
21:50:05.0375 2216 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:50:05.0375 2216 sdbus - ok
21:50:05.0421 2216 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:50:05.0437 2216 Secdrv - ok
21:50:05.0500 2216 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:50:05.0500 2216 seclogon - ok
21:50:05.0531 2216 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:50:05.0531 2216 SENS - ok
21:50:05.0625 2216 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:50:05.0625 2216 Serial - ok
21:50:05.0843 2216 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
21:50:05.0843 2216 sffdisk - ok
21:50:05.0875 2216 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
21:50:05.0875 2216 sffp_sd - ok
21:50:05.0953 2216 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:50:05.0953 2216 Sfloppy - ok
21:50:06.0062 2216 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:50:06.0062 2216 ShellHWDetection - ok
21:50:06.0093 2216 Simbad - ok
21:50:06.0156 2216 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:50:06.0156 2216 SLIP - ok
21:50:06.0296 2216 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
21:50:06.0296 2216 SmartDefragDriver - ok
21:50:06.0359 2216 Sparrow - ok
21:50:06.0453 2216 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:50:06.0453 2216 splitter - ok
21:50:06.0546 2216 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:50:06.0562 2216 Spooler - ok
21:50:06.0593 2216 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:50:06.0593 2216 sr - ok
21:50:06.0671 2216 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:50:06.0687 2216 srservice - ok
21:50:06.0765 2216 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:50:06.0828 2216 Srv - ok
21:50:06.0890 2216 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:50:06.0890 2216 SSDPSRV - ok
21:50:07.0078 2216 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys
21:50:07.0125 2216 STHDA - ok
21:50:07.0218 2216 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:50:07.0234 2216 stisvc - ok
21:50:07.0359 2216 stllssvr (7489520e98a119b5a9a00857f4f87d16) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:50:07.0359 2216 stllssvr - ok
21:50:07.0437 2216 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:50:07.0437 2216 streamip - ok
21:50:07.0500 2216 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:50:07.0500 2216 swenum - ok
21:50:07.0562 2216 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:50:07.0562 2216 swmidi - ok
21:50:07.0593 2216 SwPrv - ok
21:50:07.0671 2216 symc810 - ok
21:50:07.0718 2216 symc8xx - ok
21:50:07.0750 2216 sym_hi - ok
21:50:07.0796 2216 sym_u3 - ok
21:50:07.0875 2216 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:50:07.0875 2216 sysaudio - ok
21:50:07.0937 2216 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:50:07.0937 2216 SysmonLog - ok
21:50:08.0046 2216 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:50:08.0062 2216 TapiSrv - ok
21:50:08.0156 2216 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:50:08.0171 2216 Tcpip - ok
21:50:08.0203 2216 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:50:08.0203 2216 TDPIPE - ok
21:50:08.0296 2216 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:50:08.0296 2216 TDTCP - ok
21:50:08.0343 2216 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:50:08.0343 2216 TermDD - ok
21:50:08.0453 2216 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:50:08.0468 2216 TermService - ok
21:50:08.0515 2216 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:50:08.0515 2216 Themes - ok
21:50:08.0593 2216 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:50:08.0609 2216 TlntSvr - ok
21:50:08.0625 2216 TosIde - ok
21:50:08.0703 2216 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:50:08.0703 2216 TrkWks - ok
21:50:08.0781 2216 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:50:08.0781 2216 Udfs - ok
21:50:08.0875 2216 UIUSys - ok
21:50:08.0921 2216 ultra - ok
21:50:09.0078 2216 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:50:09.0093 2216 Update - ok
21:50:09.0171 2216 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:50:09.0171 2216 upnphost - ok
21:50:09.0234 2216 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:50:09.0250 2216 UPS - ok
21:50:09.0406 2216 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:50:09.0406 2216 USBAAPL - ok
21:50:09.0484 2216 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:50:09.0484 2216 usbccgp - ok
21:50:09.0531 2216 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:50:09.0531 2216 usbehci - ok
21:50:09.0562 2216 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:50:09.0578 2216 usbhub - ok
21:50:09.0687 2216 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:50:09.0687 2216 usbprint - ok
21:50:09.0781 2216 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:50:09.0781 2216 usbscan - ok
21:50:09.0890 2216 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:50:09.0890 2216 USBSTOR - ok
21:50:09.0953 2216 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:50:09.0953 2216 usbuhci - ok
21:50:10.0000 2216 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:50:10.0031 2216 usbvideo - ok
21:50:10.0078 2216 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:50:10.0078 2216 VgaSave - ok
21:50:10.0125 2216 ViaIde - ok
21:50:10.0187 2216 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:50:10.0203 2216 VolSnap - ok
21:50:10.0281 2216 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:50:10.0312 2216 VSS - ok
21:50:10.0593 2216 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
21:50:10.0671 2216 vToolbarUpdater10.2.0 - ok
21:50:10.0765 2216 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:50:10.0812 2216 W32Time - ok
21:50:10.0875 2216 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:50:10.0875 2216 Wanarp - ok
21:50:10.0906 2216 WDICA - ok
21:50:10.0953 2216 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:50:10.0968 2216 wdmaud - ok
21:50:11.0046 2216 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:50:11.0062 2216 WebClient - ok
21:50:11.0171 2216 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:50:11.0187 2216 winachsf - ok
21:50:11.0359 2216 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:50:11.0375 2216 winmgmt - ok
21:50:11.0531 2216 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
21:50:11.0640 2216 WinRM - ok
21:50:11.0875 2216 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
21:50:11.0921 2216 WLANKEEPER - ok
21:50:12.0109 2216 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:50:12.0125 2216 WmdmPmSN - ok
21:50:12.0234 2216 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:50:12.0250 2216 Wmi - ok
21:50:12.0328 2216 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:50:12.0328 2216 WmiAcpi - ok
21:50:12.0453 2216 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:50:12.0453 2216 WmiApSrv - ok
21:50:12.0625 2216 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:50:12.0687 2216 WMPNetworkSvc - ok
21:50:12.0906 2216 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:50:12.0937 2216 WPFFontCache_v0400 - ok
21:50:13.0093 2216 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:50:13.0093 2216 WS2IFSL - ok
21:50:13.0109 2216 WSearch - ok
21:50:13.0250 2216 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:50:13.0250 2216 WSTCODEC - ok
21:50:13.0296 2216 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:50:13.0312 2216 wuauserv - ok
21:50:13.0453 2216 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:50:13.0468 2216 WudfPf - ok
21:50:13.0515 2216 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:50:13.0531 2216 WudfRd - ok
21:50:13.0609 2216 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:50:13.0625 2216 WudfSvc - ok
21:50:13.0750 2216 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:50:13.0765 2216 WZCSVC - ok
21:50:13.0859 2216 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:50:13.0875 2216 xmlprov - ok
21:50:14.0015 2216 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
21:50:14.0046 2216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:50:14.0046 2216 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:50:14.0093 2216 Boot (0x1200) (c0f043e6db66f0087ab98b27f9bd4d41) \Device\Harddisk0\DR0\Partition0
21:50:14.0093 2216 \Device\Harddisk0\DR0\Partition0 - ok
21:50:14.0093 2216 ============================================================
21:50:14.0093 2216 Scan finished
21:50:14.0093 2216 ============================================================
21:50:14.0140 2208 Detected object count: 1
21:50:14.0140 2208 Actual detected object count: 1
21:52:22.0296 2208 \Device\Harddisk0\DR0\# - copied to quarantine
21:52:22.0296 2208 \Device\Harddisk0\DR0 - copied to quarantine
21:52:22.0437 2208 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
21:52:22.0453 2208 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:52:22.0453 2208 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
21:52:22.0468 2208 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
21:52:22.0484 2208 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
21:52:22.0484 2208 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
21:52:22.0484 2208 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
21:52:22.0531 2208 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
21:52:22.0531 2208 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
21:52:22.0531 2208 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
21:52:22.0531 2208 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:52:22.0531 2208 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:52:22.0578 2208 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:52:22.0578 2208 \Device\Harddisk0\DR0 - ok
21:52:22.0578 2208 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:52:32.0671 1436 Deinitialize success

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:06 AM

Posted 22 May 2012 - 10:21 PM

Good job :)
Please post new aswMBR log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 23 May 2012 - 07:00 AM

here is the new log file. I am now running the computer in normal mode instead of safemode as everything is now showing up in normal mode:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-23 06:26:04
-----------------------------
06:26:04.562 OS Version: Windows 5.1.2600 Service Pack 3
06:26:04.562 Number of processors: 2 586 0xF0D
06:26:04.578 ComputerName: DARWIN-AEEDC1D8 UserName: Darwin
06:26:11.125 Initialize success
06:27:48.890 AVAST engine defs: 12052300
06:28:07.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
06:28:07.265 Disk 0 Vendor: WDC_WD1600BEVS-08VAT2 14.01A14 Size: 152627MB BusType: 3
06:28:07.296 Disk 0 MBR read successfully
06:28:07.296 Disk 0 MBR scan
06:28:07.359 Disk 0 Windows XP default MBR code
06:28:07.359 Disk 0 Partition 1 00 DE Dell Utility Dell 8.1 47 MB offset 63
06:28:07.390 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149503 MB offset 96390
06:28:07.390 Disk 0 Partition - 00 0F Extended LBA 3074 MB offset 306279225
06:28:07.421 Disk 0 Partition 3 00 DD MSDOS5.0 3074 MB offset 306279288
06:28:07.421 Disk 0 scanning sectors +312576705
06:28:07.515 Disk 0 scanning C:\WINDOWS\system32\drivers
06:28:26.546 Service scanning
06:28:53.609 Modules scanning
06:29:03.906 Disk 0 trace - called modules:
06:29:03.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
06:29:03.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e37ab8]
06:29:03.968 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x89dacd98]
06:29:05.812 AVAST engine scan C:\WINDOWS
06:29:49.078 AVAST engine scan C:\WINDOWS\system32
06:40:02.156 AVAST engine scan C:\WINDOWS\system32\drivers
06:40:43.562 AVAST engine scan C:\Documents and Settings\Darwin
06:49:45.796 AVAST engine scan C:\Documents and Settings\All Users
06:52:03.265 Scan finished successfully
06:58:23.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Darwin\Desktop\MBR.dat"
06:58:23.593 The log file has been saved successfully to "C:\Documents and Settings\Darwin\Desktop\aswMBR.txt"

Hows it looking?

Thanks again,
Jeff

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:06 AM

Posted 23 May 2012 - 06:35 PM

Looks good :)

How is computer doing/

Couple more steps....

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 24 May 2012 - 06:17 AM

I let the scan run over night and this morning the computer was froze up so I had to do a forced reboot. So all I have is the scan log file.


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c011be1400980d4889fae4658898c42a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-09 04:14:08
# local_time=2012-04-08 11:14:08 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777191 100 0 4299707 4299707 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=78806
# found=23
# cleaned=22
# scan_time=5269
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\23\33141117-785dcdd0 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\25\d189d59-317342c1 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\28\3e90c6dc-29b3067b multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\29\8f389dd-5f56535f a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\30\81bedde-7872f3c8 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\33\53784821-60195655 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\34\214f6fe2-3463eb14 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\36\1ae524e4-5a3dbd67 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\36\70190024-305f05fd a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\43\58630b2b-47dde643 Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\43\e5a51ab-14ee9887 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\47\2dc8efef-7378e84b a variant of Java/TrojanDownloader.OpenStream.NCM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\47\be97b6f-1a93a9b0 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\53\37c40ef5-4e6ac639 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\56\71dc40b8-797086f6 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\58\5340ebba-4a78c5c0 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\Application Data\Sun\Java\Deployment\cache\6.0\60\7cbaf5bc-54a92221 a variant of Java/TrojanDownloader.OpenStream.NAZ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\My Documents\Downloads\MediaPlayer_Setup.exe a variant of Win32/SweetIM.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\My Documents\Downloads\PhotoContestSetup.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\My Documents\Downloads\VideoPlayerSetup.exe a variant of Win32/SweetIM.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c011be1400980d4889fae4658898c42a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-09 03:28:05
# local_time=2012-04-09 10:28:05 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=79624
# found=3
# cleaned=2
# scan_time=4786
C:\Documents and Settings\Darwin\My Documents\Downloads\frostwire-4.20.6.windows.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\My Documents\Downloads\frostwire-4.20.9.windows.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c011be1400980d4889fae4658898c42a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-09 05:46:08
# local_time=2012-04-09 12:46:08 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777191 100 0 4349277 4349277 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=79886
# found=8
# cleaned=8
# scan_time=4423
C:\TDSSKiller_Quarantine\09.04.2012_11.22.47\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\09.04.2012_11.22.47\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\09.04.2012_11.22.47\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\09.04.2012_11.22.47\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\09.04.2012_11.22.47\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\09.04.2012_11.22.47\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\09.04.2012_11.22.47\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\09.04.2012_11.22.47\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c011be1400980d4889fae4658898c42a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-09 11:27:30
# local_time=2012-04-09 06:27:30 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777191 100 0 4371866 4371866 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=67219
# found=0
# cleaned=0
# scan_time=2317
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c011be1400980d4889fae4658898c42a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-24 04:02:51
# local_time=2012-05-23 11:02:51 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=76482
# found=21
# cleaned=21
# scan_time=4612
C:\Documents and Settings\Darwin\Application Data\Mozilla\Firefox\Profiles\kepdbnoy.default\extensions\xjoyetlkpo@xjoyetlkpo.org.xpi JS/Redirector.NBX trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Darwin\My Documents\Downloads\musicoasis_467.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\w1l1f853.default\extensions\xjoyetlkpo@xjoyetlkpo.org.xpi JS/Redirector.NBX trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A9F8BC77-062E-49D1-9AC2-96402235B4AD}\RP42\A0009579.exe a variant of Win32/Kryptik.AEGW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A9F8BC77-062E-49D1-9AC2-96402235B4AD}\RP42\A0009580.exe a variant of Win32/Kryptik.AEGW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A9F8BC77-062E-49D1-9AC2-96402235B4AD}\RP42\A0011373.exe a variant of Win32/Kryptik.AEGW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A9F8BC77-062E-49D1-9AC2-96402235B4AD}\RP42\A0011405.exe a variant of Win32/Kryptik.AEGW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A9F8BC77-062E-49D1-9AC2-96402235B4AD}\RP42\A0011406.exe a variant of Win32/Kryptik.AEGW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A9F8BC77-062E-49D1-9AC2-96402235B4AD}\RP42\A0012371.exe a variant of Win32/Kryptik.AEGW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A9F8BC77-062E-49D1-9AC2-96402235B4AD}\RP42\A0012398.exe a variant of Win32/Kryptik.AEGW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A9F8BC77-062E-49D1-9AC2-96402235B4AD}\RP42\A0012450.exe a variant of Win32/Kryptik.AEGW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A9F8BC77-062E-49D1-9AC2-96402235B4AD}\RP42\A0012490.exe a variant of Win32/Kryptik.AFVR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A9F8BC77-062E-49D1-9AC2-96402235B4AD}\RP42\A0012491.exe a variant of Win32/Kryptik.AEGW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A9F8BC77-062E-49D1-9AC2-96402235B4AD}\RP42\A0012492.exe a variant of Win32/Kryptik.AFVR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\22.05.2012_21.49.16\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AXZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\22.05.2012_21.49.16\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\22.05.2012_21.49.16\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\22.05.2012_21.49.16\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\22.05.2012_21.49.16\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\22.05.2012_21.49.16\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.X trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Installer\{9c32fc42-3097-ad37-c151-cb96c370be95}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:06 AM

Posted 24 May 2012 - 07:02 PM

Very good.

Now we seem to have some registry keys missing.

Please let me know if you can turn Windows firewall on and if you can access Security Center.

Also...

Uninstall:
JavaFX 2.0.2
Java™ 6 Update 29


Update Java to the current Version 7 Update 4: http://java.com/en/download/manual.jsp

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 24 May 2012 - 09:07 PM

Took care of uninstalling JavaFX 2.0.2 and Java 6 update 29. Installed java 7 update 4.

As for the security center, I can access it but when I try and go to the Windows Firewall, I get "Due to an unidentified problem, Windows cannot display Windows Firewall settings."

Again, thank you for your time and effort.
Jeff

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:06 AM

Posted 24 May 2012 - 09:22 PM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/




Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Registry Editor will open.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.
Download XP.zip file from here: http://www.bleepstatic.com/fhost/uploads/1/xp.zip
Unzip downloaded file.
You'll find several files inside.
Double-click LEGACY_WSCSVC.reg and confirm the prompt.
Double-click wscsvc.reg and confirm the prompt.
Double-click SharedAccess.reg and confirm the prompt.
Double-click LEGACY_SHAREDACCESS.reg and confirm the prompt.
Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
Restart computer.
Post new FSS log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 24 May 2012 - 09:44 PM

system restore is not in Accessories/system tools. The only thing there is "internet explore (No Add-ons)

Should I go ahead anyway without setting a new restore point?

Jeff

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:06 AM

Posted 24 May 2012 - 09:48 PM

Go Start>Run and paste this:
rstrui.exe
Click OK.
Will system restore start?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 24 May 2012 - 10:06 PM

Here is the FSS Log:

Farbar Service Scanner Version: 17-05-2012
Ran by Darwin (administrator) on 24-05-2012 at 22:03:15
Running from "C:\Documents and Settings\Darwin\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) Avgtdix(11) Gpc(3) IPSec(5) NetBT(6) PSched(7) s24trans(8) Tcpip(4)
0x0D00000005000000010000000200000003000000040000000A0000000C0000000D0000000B00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****






As for the "rstrui.exe" I get an error that Windows can not find rstrui.exe.

Jeff




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users