Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bogus Microsoft Telephone Call


  • Please log in to reply
9 replies to this topic

#1 neumannu47

neumannu47

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:50 AM

Posted 28 May 2012 - 08:28 AM

An elderly friend received a telephone call from a guy claiming to be with Microsoft. Unfortunately, not knowing any better, she did what he instructed and downloaded malware onto her computer. Once it was installed, it magically found tons of malware that could only eliminated by paying them $199. She refused, and they offered it for $99. She refused again.

I've cleaned up the computer to the best of my ability. Multiple online virus, malware, and rootkit scans show the computer is clean. However, I'm still not confident that the computer is totally clean. Therefore, I would like to ask for assistance in checking to make sure there are no remaining problems.

Windows XP SP3 with all updates
Lenovo 8143 P4 Computer with 1MB RAM
Microsoft Security Essentials AV
Malwarebytes (on demand)

Thanks very much!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:50 AM

Posted 28 May 2012 - 11:38 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 neumannu47

neumannu47
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:50 AM

Posted 28 May 2012 - 06:43 PM

17:48:47.0109 3444 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
17:48:47.0343 3444 ============================================================
17:48:47.0343 3444 Current date / time: 2012/05/28 17:48:47.0343
17:48:47.0343 3444 SystemInfo:
17:48:47.0343 3444
17:48:47.0343 3444 OS Version: 5.1.2600 ServicePack: 3.0
17:48:47.0343 3444 Product type: Workstation
17:48:47.0343 3444 ComputerName: IBM-0E887B7788B
17:48:47.0343 3444 UserName: User
17:48:47.0343 3444 Windows directory: C:\WINDOWS
17:48:47.0343 3444 System windows directory: C:\WINDOWS
17:48:47.0343 3444 Processor architecture: Intel x86
17:48:47.0343 3444 Number of processors: 2
17:48:47.0343 3444 Page size: 0x1000
17:48:47.0343 3444 Boot type: Normal boot
17:48:47.0343 3444 ============================================================
17:48:50.0296 3444 Drive \Device\Harddisk0\DR0 - Size: 0x951240000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:48:50.0296 3444 ============================================================
17:48:50.0296 3444 \Device\Harddisk0\DR0:
17:48:50.0296 3444 MBR partitions:
17:48:50.0296 3444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x440E09B
17:48:50.0296 3444 ============================================================
17:48:50.0453 3444 C: <-> \Device\Harddisk0\DR0\Partition0
17:48:50.0453 3444 ============================================================
17:48:50.0453 3444 Initialize success
17:48:50.0453 3444 ============================================================
17:49:16.0234 2836 ============================================================
17:49:16.0234 2836 Scan started
17:49:16.0234 2836 Mode: Manual; TDLFS;
17:49:16.0234 2836 ============================================================
17:49:16.0609 2836 Abiosdsk - ok
17:49:16.0671 2836 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:49:16.0671 2836 abp480n5 - ok
17:49:16.0671 2836 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
17:49:16.0671 2836 ac97intc - ok
17:49:16.0718 2836 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:49:16.0734 2836 ACPI - ok
17:49:16.0750 2836 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:49:16.0750 2836 ACPIEC - ok
17:49:16.0843 2836 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:49:16.0843 2836 AdobeFlashPlayerUpdateSvc - ok
17:49:16.0875 2836 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:49:16.0890 2836 adpu160m - ok
17:49:16.0937 2836 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys
17:49:16.0937 2836 aeaudio - ok
17:49:16.0968 2836 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:49:16.0968 2836 aec - ok
17:49:17.0031 2836 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:49:17.0031 2836 AFD - ok
17:49:17.0093 2836 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:49:17.0093 2836 agp440 - ok
17:49:17.0109 2836 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:49:17.0125 2836 agpCPQ - ok
17:49:17.0140 2836 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:49:17.0156 2836 Aha154x - ok
17:49:17.0156 2836 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:49:17.0156 2836 aic78u2 - ok
17:49:17.0171 2836 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:49:17.0171 2836 aic78xx - ok
17:49:17.0187 2836 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:49:17.0203 2836 Alerter - ok
17:49:17.0218 2836 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:49:17.0218 2836 ALG - ok
17:49:17.0281 2836 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:49:17.0281 2836 AliIde - ok
17:49:17.0296 2836 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:49:17.0296 2836 alim1541 - ok
17:49:17.0312 2836 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:49:17.0312 2836 amdagp - ok
17:49:17.0312 2836 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:49:17.0312 2836 amsint - ok
17:49:17.0343 2836 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:49:17.0343 2836 AppMgmt - ok
17:49:17.0375 2836 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:49:17.0375 2836 asc - ok
17:49:17.0375 2836 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:49:17.0375 2836 asc3350p - ok
17:49:17.0390 2836 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:49:17.0390 2836 asc3550 - ok
17:49:17.0531 2836 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:49:17.0546 2836 aspnet_state - ok
17:49:17.0593 2836 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:49:17.0593 2836 AsyncMac - ok
17:49:17.0609 2836 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:49:17.0609 2836 atapi - ok
17:49:17.0625 2836 Atdisk - ok
17:49:17.0640 2836 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:49:17.0656 2836 Atmarpc - ok
17:49:17.0703 2836 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:49:17.0718 2836 AudioSrv - ok
17:49:17.0734 2836 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:49:17.0734 2836 audstub - ok
17:49:17.0781 2836 b57w2k (9948740f9043aca23b8fddf8b9651160) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:49:17.0796 2836 b57w2k - ok
17:49:17.0843 2836 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:49:17.0843 2836 Beep - ok
17:49:17.0906 2836 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:49:17.0921 2836 BITS - ok
17:49:17.0968 2836 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:49:17.0984 2836 Browser - ok
17:49:18.0031 2836 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:49:18.0031 2836 cbidf - ok
17:49:18.0046 2836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:49:18.0046 2836 cbidf2k - ok
17:49:18.0046 2836 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:49:18.0046 2836 cd20xrnt - ok
17:49:18.0078 2836 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:49:18.0078 2836 Cdaudio - ok
17:49:18.0125 2836 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:49:18.0125 2836 Cdfs - ok
17:49:18.0140 2836 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:49:18.0140 2836 Cdrom - ok
17:49:18.0140 2836 Changer - ok
17:49:18.0187 2836 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:49:18.0187 2836 CiSvc - ok
17:49:18.0218 2836 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:49:18.0218 2836 ClipSrv - ok
17:49:18.0250 2836 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:49:18.0265 2836 clr_optimization_v2.0.50727_32 - ok
17:49:18.0375 2836 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:49:18.0421 2836 clr_optimization_v4.0.30319_32 - ok
17:49:18.0468 2836 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:49:18.0468 2836 CmdIde - ok
17:49:18.0468 2836 COMSysApp - ok
17:49:18.0500 2836 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:49:18.0500 2836 Cpqarray - ok
17:49:18.0546 2836 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:49:18.0546 2836 CryptSvc - ok
17:49:18.0578 2836 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:49:18.0578 2836 dac2w2k - ok
17:49:18.0593 2836 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:49:18.0593 2836 dac960nt - ok
17:49:18.0640 2836 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:49:18.0656 2836 DcomLaunch - ok
17:49:18.0703 2836 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:49:18.0718 2836 Dhcp - ok
17:49:18.0765 2836 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:49:18.0765 2836 Disk - ok
17:49:18.0765 2836 dmadmin - ok
17:49:18.0828 2836 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:49:18.0843 2836 dmboot - ok
17:49:18.0890 2836 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:49:18.0906 2836 dmio - ok
17:49:18.0921 2836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:49:18.0921 2836 dmload - ok
17:49:18.0953 2836 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:49:18.0968 2836 dmserver - ok
17:49:18.0984 2836 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:49:18.0984 2836 DMusic - ok
17:49:19.0031 2836 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:49:19.0031 2836 Dnscache - ok
17:49:19.0093 2836 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:49:19.0093 2836 Dot3svc - ok
17:49:19.0140 2836 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:49:19.0140 2836 dpti2o - ok
17:49:19.0187 2836 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:49:19.0187 2836 drmkaud - ok
17:49:19.0218 2836 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:49:19.0218 2836 E100B - ok
17:49:19.0265 2836 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:49:19.0265 2836 EapHost - ok
17:49:19.0312 2836 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:49:19.0328 2836 ERSvc - ok
17:49:19.0375 2836 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:49:19.0437 2836 Eventlog - ok
17:49:19.0484 2836 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:49:19.0500 2836 EventSystem - ok
17:49:19.0546 2836 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:49:19.0562 2836 Fastfat - ok
17:49:19.0609 2836 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:49:19.0625 2836 FastUserSwitchingCompatibility - ok
17:49:19.0640 2836 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:49:19.0640 2836 Fdc - ok
17:49:19.0703 2836 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:49:19.0703 2836 Fips - ok
17:49:19.0718 2836 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:49:19.0718 2836 Flpydisk - ok
17:49:19.0765 2836 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:49:19.0765 2836 FltMgr - ok
17:49:19.0890 2836 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:49:19.0890 2836 FontCache3.0.0.0 - ok
17:49:19.0937 2836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:49:19.0937 2836 Fs_Rec - ok
17:49:20.0000 2836 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:49:20.0000 2836 Ftdisk - ok
17:49:20.0046 2836 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:49:20.0046 2836 Gpc - ok
17:49:20.0156 2836 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:49:20.0171 2836 gupdate - ok
17:49:20.0171 2836 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:49:20.0171 2836 gupdatem - ok
17:49:20.0265 2836 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:49:20.0281 2836 helpsvc - ok
17:49:20.0312 2836 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:49:20.0343 2836 HidServ - ok
17:49:20.0375 2836 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:49:20.0375 2836 HidUsb - ok
17:49:20.0437 2836 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:49:20.0437 2836 hkmsvc - ok
17:49:20.0484 2836 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:49:20.0484 2836 hpn - ok
17:49:20.0609 2836 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:49:20.0625 2836 hpqcxs08 - ok
17:49:20.0640 2836 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:49:20.0656 2836 hpqddsvc - ok
17:49:20.0718 2836 HPSLPSVC (568e44f6dcfa173f3670172b69379891) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:49:20.0750 2836 HPSLPSVC - ok
17:49:20.0796 2836 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:49:20.0796 2836 HPZid412 - ok
17:49:20.0796 2836 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:49:20.0796 2836 HPZipr12 - ok
17:49:20.0843 2836 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:49:20.0843 2836 HPZius12 - ok
17:49:20.0906 2836 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:49:20.0921 2836 HTTP - ok
17:49:20.0968 2836 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:49:20.0984 2836 HTTPFilter - ok
17:49:21.0031 2836 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:49:21.0031 2836 i2omgmt - ok
17:49:21.0093 2836 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:49:21.0093 2836 i2omp - ok
17:49:21.0109 2836 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:49:21.0109 2836 i8042prt - ok
17:49:21.0187 2836 ialm (0c7b8efc2b1ac4cd62f4e7eafc864b95) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:49:21.0203 2836 ialm - ok
17:49:21.0359 2836 IBM Rapid Restore Ultra Service (697a25e6c57ebcaae6984f8134b906b5) C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
17:49:21.0390 2836 IBM Rapid Restore Ultra Service - ok
17:49:21.0500 2836 ibmfilter (6603a96f2ee0f88f53651adc4fcd7468) C:\WINDOWS\system32\drivers\ibmfilter.sys
17:49:21.0500 2836 ibmfilter - ok
17:49:21.0640 2836 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:49:21.0671 2836 idsvc - ok
17:49:21.0718 2836 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:49:21.0718 2836 Imapi - ok
17:49:21.0781 2836 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:49:21.0781 2836 ImapiService - ok
17:49:21.0828 2836 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:49:21.0828 2836 ini910u - ok
17:49:21.0843 2836 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:49:21.0843 2836 IntelIde - ok
17:49:21.0890 2836 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:49:21.0890 2836 intelppm - ok
17:49:21.0890 2836 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:49:21.0890 2836 Ip6Fw - ok
17:49:21.0921 2836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:49:21.0921 2836 IpFilterDriver - ok
17:49:21.0953 2836 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:49:21.0953 2836 IpInIp - ok
17:49:22.0000 2836 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:49:22.0000 2836 IpNat - ok
17:49:22.0015 2836 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:49:22.0015 2836 IPSec - ok
17:49:22.0046 2836 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:49:22.0046 2836 IRENUM - ok
17:49:22.0093 2836 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:49:22.0093 2836 isapnp - ok
17:49:22.0234 2836 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
17:49:22.0234 2836 JavaQuickStarterService - ok
17:49:22.0250 2836 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:49:22.0250 2836 Kbdclass - ok
17:49:22.0250 2836 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:49:22.0265 2836 kbdhid - ok
17:49:22.0281 2836 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:49:22.0281 2836 kmixer - ok
17:49:22.0328 2836 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:49:22.0328 2836 KSecDD - ok
17:49:22.0390 2836 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:49:22.0484 2836 lanmanserver - ok
17:49:22.0546 2836 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:49:22.0562 2836 lanmanworkstation - ok
17:49:22.0562 2836 lbrtfdc - ok
17:49:22.0625 2836 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:49:22.0625 2836 LmHosts - ok
17:49:22.0656 2836 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:49:22.0656 2836 Messenger - ok
17:49:22.0718 2836 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
17:49:22.0734 2836 MidiSyn - ok
17:49:22.0781 2836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:49:22.0781 2836 mnmdd - ok
17:49:22.0828 2836 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:49:22.0828 2836 mnmsrvc - ok
17:49:22.0875 2836 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:49:22.0875 2836 Modem - ok
17:49:22.0921 2836 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:49:22.0921 2836 Mouclass - ok
17:49:22.0968 2836 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:49:22.0968 2836 mouhid - ok
17:49:22.0984 2836 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:49:22.0984 2836 MountMgr - ok
17:49:23.0015 2836 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:49:23.0046 2836 MpFilter - ok
17:49:23.0156 2836 MpKsl0f2a0273 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CBFC7FDB-82B8-4089-94F6-1AC90618B4DF}\MpKsl0f2a0273.sys
17:49:23.0156 2836 MpKsl0f2a0273 - ok
17:49:23.0203 2836 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:49:23.0203 2836 mraid35x - ok
17:49:23.0234 2836 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:49:23.0234 2836 MRxDAV - ok
17:49:23.0296 2836 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:49:23.0312 2836 MRxSmb - ok
17:49:23.0359 2836 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:49:23.0359 2836 MSDTC - ok
17:49:23.0468 2836 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:49:23.0468 2836 Msfs - ok
17:49:23.0468 2836 MSIServer - ok
17:49:23.0500 2836 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:49:23.0500 2836 MSKSSRV - ok
17:49:23.0625 2836 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:49:23.0625 2836 MsMpSvc - ok
17:49:23.0656 2836 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:49:23.0656 2836 MSPCLOCK - ok
17:49:23.0687 2836 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:49:23.0687 2836 MSPQM - ok
17:49:23.0734 2836 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:49:23.0734 2836 mssmbios - ok
17:49:23.0781 2836 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:49:23.0796 2836 Mup - ok
17:49:23.0843 2836 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:49:23.0859 2836 napagent - ok
17:49:23.0890 2836 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:49:23.0890 2836 NDIS - ok
17:49:23.0937 2836 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:49:23.0937 2836 NdisTapi - ok
17:49:23.0984 2836 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:49:23.0984 2836 Ndisuio - ok
17:49:24.0000 2836 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:49:24.0000 2836 NdisWan - ok
17:49:24.0062 2836 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:49:24.0062 2836 NDProxy - ok
17:49:24.0109 2836 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
17:49:24.0125 2836 Net Driver HPZ12 - ok
17:49:24.0140 2836 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:49:24.0140 2836 NetBIOS - ok
17:49:24.0187 2836 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:49:24.0187 2836 NetBT - ok
17:49:24.0250 2836 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:49:24.0250 2836 NetDDE - ok
17:49:24.0250 2836 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:49:24.0265 2836 NetDDEdsdm - ok
17:49:24.0312 2836 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:49:24.0312 2836 Netlogon - ok
17:49:24.0328 2836 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:49:24.0343 2836 Netman - ok
17:49:24.0546 2836 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:49:24.0562 2836 NetTcpPortSharing - ok
17:49:24.0625 2836 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:49:24.0640 2836 Nla - ok
17:49:24.0656 2836 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:49:24.0656 2836 Npfs - ok
17:49:24.0718 2836 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:49:24.0750 2836 Ntfs - ok
17:49:24.0750 2836 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:49:24.0750 2836 NtLmSsp - ok
17:49:24.0812 2836 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:49:24.0828 2836 NtmsSvc - ok
17:49:24.0875 2836 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:49:24.0875 2836 Null - ok
17:49:24.0968 2836 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:49:25.0031 2836 nv - ok
17:49:25.0140 2836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:49:25.0140 2836 NwlnkFlt - ok
17:49:25.0156 2836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:49:25.0156 2836 NwlnkFwd - ok
17:49:25.0203 2836 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:49:25.0203 2836 Parport - ok
17:49:25.0218 2836 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:49:25.0218 2836 PartMgr - ok
17:49:25.0250 2836 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:49:25.0250 2836 ParVdm - ok
17:49:25.0265 2836 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:49:25.0265 2836 PCI - ok
17:49:25.0265 2836 PCIDump - ok
17:49:25.0281 2836 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:49:25.0296 2836 PCIIde - ok
17:49:25.0312 2836 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:49:25.0312 2836 Pcmcia - ok
17:49:25.0328 2836 PDCOMP - ok
17:49:25.0328 2836 PDFRAME - ok
17:49:25.0328 2836 PDRELI - ok
17:49:25.0343 2836 PDRFRAME - ok
17:49:25.0375 2836 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:49:25.0375 2836 perc2 - ok
17:49:25.0406 2836 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:49:25.0406 2836 perc2hib - ok
17:49:25.0500 2836 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:49:25.0500 2836 PlugPlay - ok
17:49:25.0562 2836 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
17:49:25.0562 2836 PMEM - ok
17:49:25.0609 2836 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
17:49:25.0625 2836 Pml Driver HPZ12 - ok
17:49:25.0671 2836 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:49:25.0671 2836 PolicyAgent - ok
17:49:25.0718 2836 portio (a15f8012b1bb59f5c5abf1aa1158cd43) C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
17:49:25.0718 2836 portio - ok
17:49:25.0765 2836 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:49:25.0765 2836 PptpMiniport - ok
17:49:25.0781 2836 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:49:25.0781 2836 Processor - ok
17:49:25.0781 2836 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:49:25.0796 2836 ProtectedStorage - ok
17:49:25.0843 2836 psadd (fd5f021e63671f0d7e16e858f1b2d4ce) C:\WINDOWS\system32\Drivers\psadd.sys
17:49:25.0843 2836 psadd - ok
17:49:25.0859 2836 PsaSrv - ok
17:49:25.0890 2836 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:49:25.0890 2836 PSched - ok
17:49:25.0921 2836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:49:25.0921 2836 Ptilink - ok
17:49:25.0953 2836 PxHelp20 (338a770f9ab04e5b2104d2d6e04cba2c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:49:25.0953 2836 PxHelp20 - ok
17:49:25.0984 2836 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:49:25.0984 2836 ql1080 - ok
17:49:26.0015 2836 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:49:26.0015 2836 Ql10wnt - ok
17:49:26.0031 2836 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:49:26.0031 2836 ql12160 - ok
17:49:26.0031 2836 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:49:26.0031 2836 ql1240 - ok
17:49:26.0046 2836 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:49:26.0046 2836 ql1280 - ok
17:49:26.0109 2836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:49:26.0109 2836 RasAcd - ok
17:49:26.0156 2836 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:49:26.0156 2836 RasAuto - ok
17:49:26.0187 2836 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:49:26.0187 2836 Rasl2tp - ok
17:49:26.0250 2836 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:49:26.0265 2836 RasMan - ok
17:49:26.0265 2836 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:49:26.0265 2836 RasPppoe - ok
17:49:26.0281 2836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:49:26.0296 2836 Raspti - ok
17:49:26.0296 2836 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:49:26.0312 2836 Rdbss - ok
17:49:26.0359 2836 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:49:26.0359 2836 RDPCDD - ok
17:49:26.0375 2836 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:49:26.0406 2836 rdpdr - ok
17:49:26.0468 2836 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:49:26.0515 2836 RDPWD - ok
17:49:26.0562 2836 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:49:26.0562 2836 RDSessMgr - ok
17:49:26.0609 2836 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:49:26.0609 2836 redbook - ok
17:49:26.0671 2836 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:49:26.0671 2836 RemoteAccess - ok
17:49:26.0734 2836 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:49:26.0750 2836 RemoteRegistry - ok
17:49:26.0796 2836 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:49:26.0796 2836 RpcLocator - ok
17:49:26.0859 2836 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:49:26.0859 2836 RpcSs - ok
17:49:26.0890 2836 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:49:26.0890 2836 RSVP - ok
17:49:26.0921 2836 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:49:26.0937 2836 SamSs - ok
17:49:26.0968 2836 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:49:26.0968 2836 SCardSvr - ok
17:49:27.0015 2836 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:49:27.0015 2836 Schedule - ok
17:49:27.0078 2836 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:49:27.0078 2836 Secdrv - ok
17:49:27.0125 2836 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:49:27.0140 2836 seclogon - ok
17:49:27.0203 2836 senfilt (e3a8d5ef17b540fc42465051a34a04eb) C:\WINDOWS\system32\drivers\senfilt.sys
17:49:27.0218 2836 senfilt - ok
17:49:27.0265 2836 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:49:27.0265 2836 SENS - ok
17:49:27.0281 2836 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:49:27.0281 2836 serenum - ok
17:49:27.0296 2836 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:49:27.0296 2836 Serial - ok
17:49:27.0375 2836 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:49:27.0375 2836 Sfloppy - ok
17:49:27.0500 2836 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:49:27.0515 2836 SharedAccess - ok
17:49:27.0578 2836 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:49:27.0578 2836 ShellHWDetection - ok
17:49:27.0578 2836 Simbad - ok
17:49:27.0625 2836 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:49:27.0625 2836 sisagp - ok
17:49:27.0671 2836 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINDOWS\system32\drivers\smwdm.sys
17:49:27.0687 2836 smwdm - ok
17:49:27.0781 2836 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
17:49:27.0781 2836 SoundMAX Agent Service (default) - ok
17:49:27.0828 2836 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:49:27.0828 2836 Sparrow - ok
17:49:27.0875 2836 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:49:27.0875 2836 splitter - ok
17:49:27.0921 2836 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:49:27.0921 2836 Spooler - ok
17:49:27.0937 2836 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:49:27.0937 2836 sr - ok
17:49:28.0000 2836 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:49:28.0015 2836 srservice - ok
17:49:28.0078 2836 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:49:28.0109 2836 Srv - ok
17:49:28.0156 2836 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:49:28.0156 2836 SSDPSRV - ok
17:49:28.0203 2836 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:49:28.0218 2836 stisvc - ok
17:49:28.0281 2836 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:49:28.0281 2836 swenum - ok
17:49:28.0296 2836 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:49:28.0296 2836 swmidi - ok
17:49:28.0296 2836 SwPrv - ok
17:49:28.0343 2836 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:49:28.0343 2836 symc810 - ok
17:49:28.0359 2836 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:49:28.0375 2836 symc8xx - ok
17:49:28.0375 2836 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:49:28.0375 2836 sym_hi - ok
17:49:28.0484 2836 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:49:28.0484 2836 sym_u3 - ok
17:49:28.0531 2836 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:49:28.0546 2836 sysaudio - ok
17:49:28.0593 2836 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:49:28.0593 2836 SysmonLog - ok
17:49:28.0609 2836 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:49:28.0625 2836 TapiSrv - ok
17:49:28.0687 2836 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:49:28.0703 2836 Tcpip - ok
17:49:28.0750 2836 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:49:28.0750 2836 TDPIPE - ok
17:49:28.0781 2836 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:49:28.0781 2836 TDTCP - ok
17:49:28.0875 2836 TeamViewer5 (2a96c8fa665c02e6ad596c321b583112) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
17:49:28.0890 2836 TeamViewer5 - ok
17:49:28.0937 2836 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:49:28.0937 2836 TermDD - ok
17:49:29.0000 2836 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:49:29.0015 2836 TermService - ok
17:49:29.0062 2836 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:49:29.0062 2836 Themes - ok
17:49:29.0109 2836 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:49:29.0125 2836 TlntSvr - ok
17:49:29.0156 2836 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:49:29.0171 2836 TosIde - ok
17:49:29.0203 2836 TPM (317b746b6069a10d635fdbdf48723845) C:\WINDOWS\system32\DRIVERS\tpm.sys
17:49:29.0203 2836 TPM - ok
17:49:29.0265 2836 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:49:29.0281 2836 TrkWks - ok
17:49:29.0328 2836 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:49:29.0328 2836 Udfs - ok
17:49:29.0359 2836 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:49:29.0359 2836 ultra - ok
17:49:29.0484 2836 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:49:29.0500 2836 Update - ok
17:49:29.0531 2836 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:49:29.0546 2836 upnphost - ok
17:49:29.0593 2836 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:49:29.0593 2836 UPS - ok
17:49:29.0640 2836 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:49:29.0640 2836 usbccgp - ok
17:49:29.0687 2836 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:49:29.0687 2836 usbehci - ok
17:49:29.0734 2836 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:49:29.0750 2836 usbhub - ok
17:49:29.0796 2836 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:49:29.0796 2836 usbprint - ok
17:49:29.0812 2836 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:49:29.0812 2836 usbscan - ok
17:49:29.0843 2836 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:49:29.0843 2836 USBSTOR - ok
17:49:29.0875 2836 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:49:29.0875 2836 usbuhci - ok
17:49:29.0890 2836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:49:29.0890 2836 VgaSave - ok
17:49:29.0937 2836 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:49:29.0937 2836 viaagp - ok
17:49:29.0953 2836 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:49:29.0953 2836 ViaIde - ok
17:49:30.0000 2836 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:49:30.0000 2836 VolSnap - ok
17:49:30.0015 2836 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:49:30.0031 2836 VSS - ok
17:49:30.0046 2836 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:49:30.0062 2836 W32Time - ok
17:49:30.0109 2836 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:49:30.0109 2836 Wanarp - ok
17:49:30.0125 2836 WDICA - ok
17:49:30.0140 2836 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:49:30.0140 2836 wdmaud - ok
17:49:30.0187 2836 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:49:30.0203 2836 WebClient - ok
17:49:30.0296 2836 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:49:30.0312 2836 winmgmt - ok
17:49:30.0375 2836 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:49:30.0375 2836 WmdmPmSN - ok
17:49:30.0500 2836 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:49:30.0531 2836 Wmi - ok
17:49:30.0578 2836 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:49:30.0656 2836 WmiApSrv - ok
17:49:30.0828 2836 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:49:30.0828 2836 WMPNetworkSvc - ok
17:49:31.0000 2836 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:49:31.0015 2836 WPFFontCache_v0400 - ok
17:49:31.0093 2836 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:49:31.0093 2836 WS2IFSL - ok
17:49:31.0125 2836 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:49:31.0140 2836 wscsvc - ok
17:49:31.0156 2836 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:49:31.0156 2836 wuauserv - ok
17:49:31.0218 2836 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:49:31.0218 2836 WudfPf - ok
17:49:31.0250 2836 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:49:31.0250 2836 WudfRd - ok
17:49:31.0281 2836 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:49:31.0281 2836 WudfSvc - ok
17:49:31.0328 2836 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:49:31.0390 2836 WZCSVC - ok
17:49:31.0468 2836 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:49:31.0468 2836 xmlprov - ok
17:49:31.0500 2836 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:49:32.0484 2836 \Device\Harddisk0\DR0 - ok
17:49:32.0484 2836 Boot (0x1200) (b7d05c0e537762917c04db5f47d4d26b) \Device\Harddisk0\DR0\Partition0
17:49:32.0484 2836 \Device\Harddisk0\DR0\Partition0 - ok
17:49:32.0484 2836 ============================================================
17:49:32.0484 2836 Scan finished
17:49:32.0484 2836 ============================================================
17:49:32.0500 3440 Detected object count: 0
17:49:32.0500 3440 Actual detected object count: 0
17:49:40.0906 2820 Deinitialize success


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-28 19:16:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6E040T0 rev.NAN51680
Running: vvc2fvxw[1].exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\fwnorpow.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9C74A00]
? C:\DOCUME~1\User\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1172] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1172] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1172] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1172] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1172] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1172] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1172] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1172] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1172] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1172] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1172] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1172] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4080] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1172] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A6D42D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\RRUbackups\Documents and Settings 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2640775136-2036599230-3372990344-500 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2640775136-2036599230-3372990344-500\8e07ab04-3a12-4f51-8d1e-bcbc3c4da258 388 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2640775136-2036599230-3372990344-500\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\Default User 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2640775136-2036599230-3372990344-500 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2640775136-2036599230-3372990344-500\8e07ab04-3a12-4f51-8d1e-bcbc3c4da258 388 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2640775136-2036599230-3372990344-500\Preferred 24 bytes
File C:\RRUbackups\hints.dat 8192 bytes
File C:\RRUbackups\pu.dat 224 bytes
File C:\RRUbackups\SAM 262144 bytes
File C:\RRUbackups\system 2359296 bytes
File C:\RRUbackups\system.dat 12288 bytes

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-28 19:23:36
-----------------------------
19:23:36.906 OS Version: Windows 5.1.2600 Service Pack 3
19:23:36.906 Number of processors: 2 586 0x401
19:23:36.906 ComputerName: IBM-0E887B7788B UserName: User
19:23:39.031 Initialize success
19:24:14.812 AVAST engine defs: 12052800
19:24:28.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:24:28.609 Disk 0 Vendor: Maxtor_6E040T0 NAN51680 Size: 38162MB BusType: 3
19:24:28.640 Disk 0 MBR read successfully
19:24:28.640 Disk 0 MBR scan
19:24:28.718 Disk 0 Windows XP default MBR code
19:24:28.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 34844 MB offset 63
19:24:28.765 Disk 0 Partition 2 00 12 Compaq diag MSWIN4.1 3318 MB offset 71360730
19:24:28.796 Disk 0 scanning sectors +78156225
19:24:28.875 Disk 0 scanning C:\WINDOWS\system32\drivers
19:24:55.921 Service scanning
19:25:19.453 Service MpKsl81c9976c c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CBFC7FDB-82B8-4089-94F6-1AC90618B4DF}\MpKsl81c9976c.sys **LOCKED** 32
19:25:47.281 Modules scanning
19:26:07.812 Disk 0 trace - called modules:
19:26:07.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
19:26:07.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2a9ab8]
19:26:07.843 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005d[0x8a343510]
19:26:07.843 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a342940]
19:26:08.515 AVAST engine scan C:\WINDOWS
19:26:36.296 AVAST engine scan C:\WINDOWS\system32
19:34:41.828 AVAST engine scan C:\WINDOWS\system32\drivers
19:35:09.484 AVAST engine scan C:\Documents and Settings\User
19:36:47.468 AVAST engine scan C:\Documents and Settings\All Users
19:37:48.796 Scan finished successfully
19:38:01.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
19:38:01.843 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:50 AM

Posted 29 May 2012 - 01:51 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 neumannu47

neumannu47
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:50 AM

Posted 29 May 2012 - 06:52 AM

ESET did not find any threats, and I never saw an opportunity to export a list.

MiniToolBox by Farbar Version: 14-01-2012
Ran by User (administrator) on 29-05-2012 at 07:51:23
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : IBM-0E887B7788B

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-11-25-55-36-5B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.115

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Tuesday, May 29, 2012 6:44:24 AM

Lease Expires . . . . . . . . . . : Wednesday, May 30, 2012 6:44:24 AM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.37.38, 173.194.37.39, 173.194.37.40, 173.194.37.41
173.194.37.46, 173.194.37.32, 173.194.37.33, 173.194.37.34, 173.194.37.35
173.194.37.36, 173.194.37.37



Pinging google.com [74.125.134.139] with 32 bytes of data:



Reply from 74.125.134.139: bytes=32 time=32ms TTL=48

Reply from 74.125.134.139: bytes=32 time=30ms TTL=48



Ping statistics for 74.125.134.139:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 30ms, Maximum = 32ms, Average = 31ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=177ms TTL=52

Reply from 72.30.38.140: bytes=32 time=106ms TTL=52



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 106ms, Maximum = 177ms, Average = 141ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 25 55 36 5b ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.115 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.115 192.168.1.115 20
192.168.1.115 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.115 192.168.1.115 20
224.0.0.0 240.0.0.0 192.168.1.115 192.168.1.115 20
255.255.255.255 255.255.255.255 192.168.1.115 192.168.1.115 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/28/2012 05:48:41 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/28/2012 05:48:41 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/25/2012 02:16:22 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.0.1526.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (05/25/2012 11:24:27 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module shdocvw.dll, version 6.0.2900.5969, fault address 0x00018004.
Processing media-specific event for [explorer.exe!ws!]

Error: (05/18/2012 07:32:40 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/18/2012 07:07:47 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (05/18/2012 07:07:24 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/18/2012 06:45:32 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/18/2012 06:41:19 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (05/18/2012 06:41:02 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (05/29/2012 07:16:31 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/29/2012 07:16:25 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (05/29/2012 07:16:16 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/29/2012 07:16:07 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/29/2012 07:15:58 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/29/2012 07:15:49 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/29/2012 07:15:44 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/29/2012 07:15:34 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/29/2012 07:15:30 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/29/2012 07:15:25 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D


Microsoft Office Sessions:
=========================
Error: (05/28/2012 05:48:41 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/28/2012 05:48:41 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/25/2012 02:16:22 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile4.0.1526.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (05/25/2012 11:24:27 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512shdocvw.dll6.0.2900.596900018004

Error: (05/18/2012 07:32:40 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/18/2012 07:07:47 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (05/18/2012 07:07:24 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/18/2012 06:45:32 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/18/2012 06:41:19 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (05/18/2012 06:41:02 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
4500_G510gm_Help (Version: 000.0.439.000)
4500G510gm (Version: 000.0.423.000)
4500G510gm_Software_Min (Version: 000.0.423.000)
Adobe Acrobat 6.0 Standard (Version: 006.000.000)
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Reader 9.5.1 (Version: 9.5.1)
BufferChm (Version: 130.0.331.000)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
ESET Online Scanner v3
Everything 1.2.1.371
Fax (Version: 130.0.418.000)
Google Update Helper (Version: 1.3.21.111)
GPBaseService2 (Version: 130.0.371.000)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510g-m (Version: 13.0)
HP Product Detection (Version: 11.14.0001)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPProductAssistant (Version: 130.0.371.000)
IBM 32-bit Runtime Environment for Java 2, v1.4.2 (Version: 1.4.2)
IBM Rescue and Recovery with Rapid Restore (Version: 2.02.0178)
IBM Themes (Version: 1.00.0000)
IBM ThinkVantage Technologies Welcome Message (Version: 1.05)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 32 (Version: 6.0.320)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mouse Suite
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 130.0.374.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
PC-Doctor for Windows
Scan (Version: 13.0.0.0)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Sophos Virus Removal Tool (Version: 2.0)
SoundMAX (Version: 5.12.01.5240)
Status (Version: 130.0.373.000)
TeamViewer 5 (Version: 5.0.8421 )
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Wallpapers (Version: 2.0)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 130.0.132.017)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 1526.48 MB
Available physical RAM: 1002.63 MB
Total Pagefile: 2135.99 MB
Available Pagefile: 1772.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.75 MB

========================= Partitions: =====================================

2 Drive c: (IBM_PRELOAD) (Fixed) (Total:34.03 GB) (Free:21.51 GB) NTFS

========================= Users: ========================================

User accounts for \\IBM-0E887B7788B

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 User


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:50 AM

Posted 29 May 2012 - 07:24 AM

I can see symptoms of harddrive failure in your event viewer logs.

You can check this topic on testing your HDD

http://www.bleepingcomputer.com/forums/topic28744.html

It is recommended to back up your data before HDD crashes.

If you still want to continue with our cleaning procedure, post the malwarebytes log :thumbup2:

Edited by narenxp, 29 May 2012 - 07:25 AM.


#7 neumannu47

neumannu47
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:50 AM

Posted 29 May 2012 - 01:01 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.29.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: IBM-0E887B7788B [administrator]

5/29/2012 10:16:15 AM
mbam-log-2012-05-29 (10-16-15).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245715
Time elapsed: 1 hour(s), 53 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:50 AM

Posted 29 May 2012 - 01:54 PM

Looks like you are ok with HDD failure?


Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 neumannu47

neumannu47
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:50 AM

Posted 29 May 2012 - 02:06 PM

No, the hard drive has to be replaced. Thanks for catching that message in the error logs. I missed it.

I will take the additional steps you recommend. Thanks VERY much for your assistance. It is very kind of you to take the time!

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:50 AM

Posted 29 May 2012 - 03:51 PM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users