Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Ramsomware


  • Please log in to reply
17 replies to this topic

#1 natemr

natemr

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 19 June 2012 - 08:06 PM

Security Team,

Last week I was attacked by the FBI Ransomware. I ran Superantispyware, which found some trojans and removed them. The "lockdown" is gone now, but I am worried that there's still something that is still implanted in my machine.

Please help me in verifying that this is all it took; it seemed to easy.

Thank you.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:53 PM

Posted 19 June 2012 - 08:09 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 natemr

natemr
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 21 June 2012 - 12:07 AM

Narenxp,

Requested Lists below. Thank you!

TDSSKILLER:

21:23:19.0828 0520 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
21:23:20.0328 0520 ============================================================
21:23:20.0328 0520 Current date / time: 2012/06/20 21:23:20.0328
21:23:20.0328 0520 SystemInfo:
21:23:20.0328 0520
21:23:20.0328 0520 OS Version: 5.1.2600 ServicePack: 3.0
21:23:20.0328 0520 Product type: Workstation
21:23:20.0328 0520 ComputerName: KNRCOMP
21:23:20.0328 0520 UserName: Nathan
21:23:20.0328 0520 Windows directory: C:\WINDOWS
21:23:20.0328 0520 System windows directory: C:\WINDOWS
21:23:20.0328 0520 Processor architecture: Intel x86
21:23:20.0328 0520 Number of processors: 2
21:23:20.0328 0520 Page size: 0x1000
21:23:20.0328 0520 Boot type: Normal boot
21:23:20.0328 0520 ============================================================
21:23:22.0484 0520 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:23:22.0500 0520 ============================================================
21:23:22.0500 0520 \Device\Harddisk0\DR0:
21:23:22.0500 0520 MBR partitions:
21:23:22.0500 0520 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2F10C, BlocksNum 0xDF646B5
21:23:22.0500 0520 ============================================================
21:23:22.0531 0520 C: <-> \Device\Harddisk0\DR0\Partition0
21:23:22.0531 0520 ============================================================
21:23:22.0531 0520 Initialize success
21:23:22.0531 0520 ============================================================
21:23:47.0531 3976 ============================================================
21:23:47.0531 3976 Scan started
21:23:47.0531 3976 Mode: Manual; TDLFS;
21:23:47.0531 3976 ============================================================
21:23:48.0562 3976 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:23:48.0640 3976 !SASCORE - ok
21:23:48.0750 3976 0105241276183246mcinstcleanup - ok
21:23:48.0890 3976 Abiosdsk - ok
21:23:48.0921 3976 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:23:48.0937 3976 abp480n5 - ok
21:23:49.0015 3976 ACDaemon (61a581e5481e22a76a88490c57015105) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:23:49.0062 3976 ACDaemon - ok
21:23:49.0109 3976 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:23:49.0140 3976 ACPI - ok
21:23:49.0171 3976 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:23:49.0187 3976 ACPIEC - ok
21:23:49.0203 3976 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:23:49.0234 3976 adpu160m - ok
21:23:49.0281 3976 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:23:49.0312 3976 aec - ok
21:23:49.0359 3976 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
21:23:49.0375 3976 Afc - ok
21:23:49.0406 3976 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:23:49.0437 3976 AFD - ok
21:23:49.0468 3976 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:23:49.0484 3976 agp440 - ok
21:23:49.0484 3976 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:23:49.0500 3976 agpCPQ - ok
21:23:49.0515 3976 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:23:49.0531 3976 Aha154x - ok
21:23:49.0546 3976 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:23:49.0578 3976 aic78u2 - ok
21:23:49.0593 3976 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:23:49.0609 3976 aic78xx - ok
21:23:49.0828 3976 Akamai (6de6320ad8b8fda9e4704f2b39d3d737) c:\program files\common files\akamai/netsession_win_b427739.dll
21:23:49.0828 3976 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_b427739.dll. md5: 6de6320ad8b8fda9e4704f2b39d3d737
21:23:49.0843 3976 Akamai ( HiddenFile.Multi.Generic ) - warning
21:23:49.0843 3976 Akamai - detected HiddenFile.Multi.Generic (1)
21:23:49.0984 3976 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:23:50.0000 3976 Alerter - ok
21:23:50.0046 3976 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:23:50.0062 3976 ALG - ok
21:23:50.0093 3976 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:23:50.0109 3976 AliIde - ok
21:23:50.0125 3976 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:23:50.0140 3976 alim1541 - ok
21:23:50.0156 3976 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:23:50.0171 3976 amdagp - ok
21:23:50.0187 3976 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:23:50.0203 3976 amsint - ok
21:23:50.0234 3976 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:23:50.0250 3976 ApfiltrService - ok
21:23:50.0359 3976 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:23:50.0375 3976 Apple Mobile Device - ok
21:23:50.0421 3976 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:23:50.0453 3976 AppMgmt - ok
21:23:50.0484 3976 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:23:50.0500 3976 Arp1394 - ok
21:23:50.0546 3976 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:23:50.0562 3976 asc - ok
21:23:50.0593 3976 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:23:50.0609 3976 asc3350p - ok
21:23:50.0625 3976 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:23:50.0656 3976 asc3550 - ok
21:23:50.0671 3976 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
21:23:50.0703 3976 ASFIPmon - ok
21:23:50.0765 3976 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:23:50.0781 3976 aspnet_state - ok
21:23:50.0828 3976 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:23:50.0828 3976 AsyncMac - ok
21:23:50.0890 3976 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:23:50.0890 3976 atapi - ok
21:23:50.0890 3976 Atdisk - ok
21:23:50.0921 3976 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:23:50.0937 3976 Atmarpc - ok
21:23:50.0984 3976 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:23:51.0000 3976 AudioSrv - ok
21:23:51.0031 3976 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:23:51.0046 3976 audstub - ok
21:23:51.0109 3976 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:23:51.0125 3976 b57w2k - ok
21:23:51.0140 3976 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
21:23:51.0156 3976 BASFND - ok
21:23:51.0203 3976 bcm (54c533ae49cdf9c4630e80379a1090fe) C:\WINDOWS\system32\DRIVERS\drxvi314.sys
21:23:51.0234 3976 bcm - ok
21:23:51.0343 3976 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:23:51.0375 3976 BCM43XX - ok
21:23:51.0406 3976 bcmbusctr (44a70e32615770a4ec60e0267c0c8408) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
21:23:51.0421 3976 bcmbusctr - ok
21:23:51.0453 3976 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:23:51.0468 3976 Beep - ok
21:23:51.0531 3976 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:23:51.0640 3976 BITS - ok
21:23:51.0750 3976 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:23:51.0796 3976 Bonjour Service - ok
21:23:51.0843 3976 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:23:51.0859 3976 Browser - ok
21:23:51.0859 3976 BTCFilterService - ok
21:23:51.0890 3976 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:23:51.0921 3976 cbidf - ok
21:23:51.0921 3976 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:23:51.0921 3976 cbidf2k - ok
21:23:51.0937 3976 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:23:51.0953 3976 CCDECODE - ok
21:23:51.0984 3976 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:23:52.0000 3976 cd20xrnt - ok
21:23:52.0031 3976 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:23:52.0046 3976 Cdaudio - ok
21:23:52.0062 3976 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:23:52.0078 3976 Cdfs - ok
21:23:52.0125 3976 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:23:52.0140 3976 Cdrom - ok
21:23:52.0140 3976 cerc6 - ok
21:23:52.0140 3976 Changer - ok
21:23:52.0187 3976 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:23:52.0203 3976 CiSvc - ok
21:23:52.0203 3976 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:23:52.0234 3976 ClipSrv - ok
21:23:52.0312 3976 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:23:52.0328 3976 clr_optimization_v2.0.50727_32 - ok
21:23:52.0375 3976 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:23:52.0375 3976 CmBatt - ok
21:23:52.0406 3976 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:23:52.0421 3976 CmdIde - ok
21:23:52.0437 3976 cm_ser (33f77f7cb2c2efe34b3bc9cc716f73f3) C:\WINDOWS\system32\DRIVERS\cm_ser.sys
21:23:52.0468 3976 cm_ser - ok
21:23:52.0468 3976 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:23:52.0484 3976 Compbatt - ok
21:23:52.0484 3976 COMSysApp - ok
21:23:52.0515 3976 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:23:52.0546 3976 Cpqarray - ok
21:23:52.0578 3976 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:23:52.0593 3976 CryptSvc - ok
21:23:52.0640 3976 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:23:52.0703 3976 dac2w2k - ok
21:23:52.0718 3976 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:23:52.0734 3976 dac960nt - ok
21:23:52.0781 3976 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:23:52.0796 3976 DcomLaunch - ok
21:23:52.0890 3976 DeviceMonitorService (34c36e06891245ba38d035cdce8307e4) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
21:23:52.0906 3976 DeviceMonitorService - ok
21:23:52.0906 3976 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
21:23:52.0921 3976 dgderdrv - ok
21:23:52.0968 3976 dg_ssudbus (919f338fd36f47d860775368d0748780) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
21:23:52.0984 3976 dg_ssudbus - ok
21:23:53.0046 3976 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:23:53.0046 3976 Dhcp - ok
21:23:53.0078 3976 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:23:53.0093 3976 Disk - ok
21:23:53.0125 3976 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
21:23:53.0140 3976 DLABMFSM - ok
21:23:53.0156 3976 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
21:23:53.0171 3976 DLABOIOM - ok
21:23:53.0171 3976 DLACDBHM - ok
21:23:53.0187 3976 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
21:23:53.0203 3976 DLADResM - ok
21:23:53.0203 3976 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
21:23:53.0218 3976 DLAIFS_M - ok
21:23:53.0218 3976 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
21:23:53.0250 3976 DLAOPIOM - ok
21:23:53.0250 3976 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
21:23:53.0265 3976 DLAPoolM - ok
21:23:53.0265 3976 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
21:23:53.0281 3976 DLARTL_M - ok
21:23:53.0296 3976 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
21:23:53.0312 3976 DLAUDFAM - ok
21:23:53.0328 3976 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
21:23:53.0343 3976 DLAUDF_M - ok
21:23:53.0343 3976 dmadmin - ok
21:23:53.0734 3976 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:23:53.0781 3976 dmboot - ok
21:23:53.0812 3976 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:23:53.0843 3976 dmio - ok
21:23:53.0875 3976 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:23:53.0890 3976 dmload - ok
21:23:53.0921 3976 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:23:53.0921 3976 dmserver - ok
21:23:53.0953 3976 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:23:53.0968 3976 DMusic - ok
21:23:54.0015 3976 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:23:54.0031 3976 Dnscache - ok
21:23:54.0062 3976 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:23:54.0093 3976 Dot3svc - ok
21:23:54.0125 3976 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:23:54.0140 3976 dpti2o - ok
21:23:54.0140 3976 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:23:54.0156 3976 drmkaud - ok
21:23:54.0187 3976 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:23:54.0203 3976 DRVMCDB - ok
21:23:54.0218 3976 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:23:54.0234 3976 DRVNDDM - ok
21:23:54.0281 3976 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
21:23:54.0312 3976 DXEC01 - ok
21:23:54.0343 3976 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:23:54.0359 3976 EapHost - ok
21:23:54.0453 3976 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
21:23:54.0515 3976 EpsonBidirectionalService - ok
21:23:54.0546 3976 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:23:54.0562 3976 ERSvc - ok
21:23:54.0609 3976 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:23:54.0640 3976 Eventlog - ok
21:23:54.0687 3976 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:23:54.0703 3976 EventSystem - ok
21:23:54.0734 3976 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:23:54.0750 3976 Fastfat - ok
21:23:54.0796 3976 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:23:54.0812 3976 FastUserSwitchingCompatibility - ok
21:23:54.0843 3976 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
21:23:54.0890 3976 Fax - ok
21:23:54.0921 3976 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:23:54.0937 3976 Fdc - ok
21:23:54.0968 3976 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:23:54.0984 3976 Fips - ok
21:23:54.0984 3976 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:23:55.0000 3976 Flpydisk - ok
21:23:55.0031 3976 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:23:55.0046 3976 FltMgr - ok
21:23:55.0140 3976 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:23:55.0156 3976 FontCache3.0.0.0 - ok
21:23:55.0203 3976 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS
21:23:55.0250 3976 FsUsbExDisk - ok
21:23:55.0265 3976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:23:55.0281 3976 Fs_Rec - ok
21:23:55.0296 3976 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:23:55.0328 3976 Ftdisk - ok
21:23:55.0343 3976 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:23:55.0359 3976 GEARAspiWDM - ok
21:23:55.0375 3976 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:23:55.0390 3976 Gpc - ok
21:23:55.0406 3976 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
21:23:55.0421 3976 guardian2 - ok
21:23:55.0562 3976 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:23:55.0562 3976 gupdate - ok
21:23:55.0562 3976 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:23:55.0578 3976 gupdatem - ok
21:23:55.0625 3976 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:23:55.0640 3976 HDAudBus - ok
21:23:55.0734 3976 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:23:55.0750 3976 helpsvc - ok
21:23:55.0781 3976 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:23:55.0796 3976 HidServ - ok
21:23:55.0828 3976 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:23:55.0828 3976 hidusb - ok
21:23:55.0859 3976 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:23:55.0875 3976 hkmsvc - ok
21:23:55.0890 3976 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:23:55.0906 3976 hpn - ok
21:23:55.0953 3976 HSFHWAZL (7290fb97535c317a237d4c73149c7e2c) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:23:55.0984 3976 HSFHWAZL - ok
21:23:56.0046 3976 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:23:56.0125 3976 HSF_DPV - ok
21:23:56.0171 3976 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:23:56.0187 3976 HTTP - ok
21:23:56.0234 3976 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:23:56.0265 3976 HTTPFilter - ok
21:23:56.0281 3976 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:23:56.0296 3976 i2omgmt - ok
21:23:56.0312 3976 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:23:56.0328 3976 i2omp - ok
21:23:56.0359 3976 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:23:56.0375 3976 i8042prt - ok
21:23:56.0734 3976 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:23:57.0062 3976 ialm - ok
21:23:57.0500 3976 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:23:57.0546 3976 idsvc - ok
21:23:57.0640 3976 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:23:57.0671 3976 Imapi - ok
21:23:57.0718 3976 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:23:57.0718 3976 ImapiService - ok
21:23:57.0750 3976 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:23:57.0765 3976 ini910u - ok
21:23:57.0796 3976 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:23:57.0812 3976 IntelIde - ok
21:23:57.0843 3976 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:23:57.0859 3976 intelppm - ok
21:23:57.0906 3976 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:23:57.0921 3976 Ip6Fw - ok
21:23:57.0953 3976 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:23:57.0968 3976 IpFilterDriver - ok
21:23:57.0984 3976 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:23:58.0000 3976 IpInIp - ok
21:23:58.0031 3976 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:23:58.0062 3976 IpNat - ok
21:23:58.0203 3976 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
21:23:58.0250 3976 iPod Service - ok
21:23:58.0296 3976 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:23:58.0312 3976 IPSec - ok
21:23:58.0328 3976 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:23:58.0343 3976 IRENUM - ok
21:23:58.0390 3976 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:23:58.0421 3976 isapnp - ok
21:23:58.0531 3976 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
21:23:58.0546 3976 JavaQuickStarterService - ok
21:23:58.0593 3976 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:23:58.0625 3976 Kbdclass - ok
21:23:58.0671 3976 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:23:58.0703 3976 kbdhid - ok
21:23:58.0765 3976 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:23:58.0812 3976 kmixer - ok
21:23:58.0843 3976 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:23:58.0890 3976 KSecDD - ok
21:23:58.0921 3976 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:23:58.0968 3976 LanmanServer - ok
21:23:59.0015 3976 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:23:59.0062 3976 lanmanworkstation - ok
21:23:59.0078 3976 Lbd - ok
21:23:59.0078 3976 lbrtfdc - ok
21:23:59.0546 3976 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
21:23:59.0828 3976 LeapFrog Connect Device Service - ok
21:24:00.0015 3976 Leapfrog-USBLAN (5cffda921fe0c9e9ebde3150d3c81594) C:\WINDOWS\system32\DRIVERS\btblan.sys
21:24:00.0046 3976 Leapfrog-USBLAN - ok
21:24:00.0078 3976 libusb0 (34d6730e198a5b0fce0790a6b4769ef2) C:\WINDOWS\system32\DRIVERS\libusb0.sys
21:24:00.0093 3976 libusb0 - ok
21:24:00.0156 3976 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:24:00.0171 3976 LmHosts - ok
21:24:00.0265 3976 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:24:00.0328 3976 MDM - ok
21:24:00.0343 3976 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:24:00.0359 3976 mdmxsdk - ok
21:24:00.0390 3976 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:24:00.0421 3976 Messenger - ok
21:24:00.0437 3976 MfeAVFK (32bcd2aec12cee766b2488731a78127c) C:\WINDOWS\system32\drivers\MfeAVFK.sys
21:24:00.0468 3976 MfeAVFK - ok
21:24:00.0484 3976 MfeBOPK (963abf1a4d3a19206f7b059e5a1a190b) C:\WINDOWS\system32\drivers\MfeBOPK.sys
21:24:00.0515 3976 MfeBOPK - ok
21:24:00.0562 3976 mfehidk (586a07b1fa933c340d990419d6894d7a) C:\WINDOWS\system32\drivers\mfehidk.sys
21:24:00.0593 3976 mfehidk - ok
21:24:00.0625 3976 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\WINDOWS\system32\drivers\MfeRKDK.sys
21:24:00.0656 3976 MfeRKDK - ok
21:24:00.0671 3976 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\WINDOWS\system32\drivers\mfetdik.sys
21:24:00.0703 3976 mfetdik - ok
21:24:00.0734 3976 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:24:00.0765 3976 mnmdd - ok
21:24:00.0796 3976 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:24:00.0828 3976 mnmsrvc - ok
21:24:00.0875 3976 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:24:00.0890 3976 Modem - ok
21:24:00.0906 3976 motccgp - ok
21:24:00.0906 3976 motccgpfl - ok
21:24:00.0906 3976 motmodem - ok
21:24:00.0984 3976 MotoHelper (98a10ac4257a3ba48c9611338544ee49) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
21:24:01.0046 3976 MotoHelper - ok
21:24:01.0046 3976 MotoSwitchService - ok
21:24:01.0062 3976 Motousbnet - ok
21:24:01.0078 3976 motusbdevice - ok
21:24:01.0093 3976 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:24:01.0125 3976 Mouclass - ok
21:24:01.0156 3976 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:24:01.0187 3976 mouhid - ok
21:24:01.0218 3976 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:24:01.0250 3976 MountMgr - ok
21:24:01.0281 3976 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:24:01.0312 3976 mraid35x - ok
21:24:01.0343 3976 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:24:01.0390 3976 MRxDAV - ok
21:24:01.0484 3976 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:24:01.0593 3976 MRxSmb - ok
21:24:01.0625 3976 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:24:01.0640 3976 MSDTC - ok
21:24:01.0656 3976 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:24:01.0671 3976 Msfs - ok
21:24:01.0671 3976 MSIServer - ok
21:24:01.0703 3976 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:24:01.0718 3976 MSKSSRV - ok
21:24:01.0734 3976 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:24:01.0750 3976 MSPCLOCK - ok
21:24:01.0765 3976 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:24:01.0781 3976 MSPQM - ok
21:24:01.0812 3976 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:24:01.0828 3976 mssmbios - ok
21:24:01.0843 3976 MSSQL$NR2007 - ok
21:24:01.0906 3976 MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:24:01.0921 3976 MSSQLServerADHelper - ok
21:24:01.0984 3976 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:24:02.0000 3976 MSTEE - ok
21:24:02.0015 3976 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:24:02.0046 3976 Mup - ok
21:24:02.0078 3976 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:24:02.0125 3976 NABTSFEC - ok
21:24:02.0437 3976 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:24:02.0468 3976 napagent - ok
21:24:02.0515 3976 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:24:02.0531 3976 NDIS - ok
21:24:02.0562 3976 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:24:02.0578 3976 NdisIP - ok
21:24:02.0609 3976 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:24:02.0625 3976 NdisTapi - ok
21:24:02.0625 3976 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:24:02.0640 3976 Ndisuio - ok
21:24:02.0656 3976 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:24:02.0671 3976 NdisWan - ok
21:24:02.0718 3976 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:24:02.0734 3976 NDProxy - ok
21:24:02.0750 3976 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:24:02.0765 3976 NetBIOS - ok
21:24:02.0812 3976 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:24:02.0828 3976 NetBT - ok
21:24:02.0859 3976 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:24:02.0890 3976 NetDDE - ok
21:24:02.0890 3976 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:24:02.0906 3976 NetDDEdsdm - ok
21:24:02.0921 3976 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:24:02.0937 3976 Netlogon - ok
21:24:03.0000 3976 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:24:03.0000 3976 Netman - ok
21:24:03.0125 3976 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:24:03.0156 3976 NetTcpPortSharing - ok
21:24:03.0171 3976 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:24:03.0203 3976 NIC1394 - ok
21:24:03.0250 3976 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:24:03.0250 3976 Nla - ok
21:24:03.0250 3976 Nmea - ok
21:24:03.0312 3976 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:24:03.0328 3976 Npfs - ok
21:24:03.0406 3976 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:24:03.0453 3976 Ntfs - ok
21:24:03.0453 3976 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:24:03.0453 3976 NtLmSsp - ok
21:24:03.0515 3976 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:24:03.0562 3976 NtmsSvc - ok
21:24:03.0593 3976 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:24:03.0609 3976 Null - ok
21:24:03.0671 3976 NWADI (93213c7ec08e01e37a935bf144e75df6) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
21:24:03.0718 3976 NWADI - ok
21:24:03.0750 3976 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:24:03.0781 3976 NwlnkFlt - ok
21:24:03.0796 3976 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:24:03.0828 3976 NwlnkFwd - ok
21:24:04.0046 3976 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:24:04.0140 3976 odserv - ok
21:24:04.0203 3976 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:24:04.0234 3976 ohci1394 - ok
21:24:04.0312 3976 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:24:04.0328 3976 ose - ok
21:24:04.0375 3976 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:24:04.0390 3976 Parport - ok
21:24:04.0421 3976 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:24:04.0437 3976 PartMgr - ok
21:24:04.0453 3976 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:24:04.0468 3976 ParVdm - ok
21:24:04.0484 3976 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
21:24:04.0500 3976 PBADRV - ok
21:24:04.0500 3976 PCASp50 - ok
21:24:04.0515 3976 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:24:04.0531 3976 PCI - ok
21:24:04.0531 3976 PCIDump - ok
21:24:04.0562 3976 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:24:04.0578 3976 PCIIde - ok
21:24:04.0593 3976 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:24:04.0609 3976 Pcmcia - ok
21:24:04.0625 3976 PCTINDIS5 - ok
21:24:04.0625 3976 PDCOMP - ok
21:24:04.0625 3976 PDFRAME - ok
21:24:04.0625 3976 PDRELI - ok
21:24:04.0640 3976 PDRFRAME - ok
21:24:04.0671 3976 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:24:04.0703 3976 perc2 - ok
21:24:04.0703 3976 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:24:04.0718 3976 perc2hib - ok
21:24:04.0781 3976 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:24:04.0781 3976 PlugPlay - ok
21:24:04.0796 3976 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:24:04.0812 3976 PolicyAgent - ok
21:24:04.0828 3976 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:24:04.0843 3976 PptpMiniport - ok
21:24:04.0859 3976 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:24:04.0859 3976 ProtectedStorage - ok
21:24:04.0859 3976 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:24:04.0890 3976 PSched - ok
21:24:04.0921 3976 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
21:24:04.0937 3976 PSI - ok
21:24:04.0937 3976 PTDCBus - ok
21:24:04.0937 3976 PTDCMdm - ok
21:24:04.0953 3976 PTDCVsp - ok
21:24:04.0968 3976 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:24:04.0984 3976 Ptilink - ok
21:24:05.0000 3976 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:24:05.0015 3976 PxHelp20 - ok
21:24:05.0046 3976 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:24:05.0078 3976 ql1080 - ok
21:24:05.0109 3976 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:24:05.0140 3976 Ql10wnt - ok
21:24:05.0140 3976 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:24:05.0171 3976 ql12160 - ok
21:24:05.0203 3976 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:24:05.0234 3976 ql1240 - ok
21:24:05.0234 3976 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:24:05.0265 3976 ql1280 - ok
21:24:05.0296 3976 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:24:05.0312 3976 RasAcd - ok
21:24:05.0359 3976 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:24:05.0375 3976 RasAuto - ok
21:24:05.0421 3976 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:24:05.0437 3976 Rasl2tp - ok
21:24:05.0500 3976 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:24:05.0531 3976 RasMan - ok
21:24:05.0546 3976 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:24:05.0578 3976 RasPppoe - ok
21:24:05.0578 3976 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:24:05.0593 3976 Raspti - ok
21:24:05.0640 3976 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:24:05.0671 3976 Rdbss - ok
21:24:05.0671 3976 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:24:05.0687 3976 RDPCDD - ok
21:24:05.0703 3976 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:24:05.0734 3976 rdpdr - ok
21:24:05.0796 3976 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:24:05.0812 3976 RDPWD - ok
21:24:05.0843 3976 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:24:05.0890 3976 RDSessMgr - ok
21:24:05.0921 3976 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:24:05.0937 3976 redbook - ok
21:24:05.0968 3976 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:24:05.0984 3976 RemoteAccess - ok
21:24:06.0015 3976 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:24:06.0031 3976 RemoteRegistry - ok
21:24:06.0078 3976 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:24:06.0093 3976 RpcLocator - ok
21:24:06.0156 3976 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:24:06.0156 3976 RpcSs - ok
21:24:06.0203 3976 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:24:06.0234 3976 RSVP - ok
21:24:06.0296 3976 RT73 (da4980fad2b7d86d6ed8e35e3874f65e) C:\WINDOWS\system32\DRIVERS\rt73.sys
21:24:06.0390 3976 RT73 - ok
21:24:06.0421 3976 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:24:06.0421 3976 SamSs - ok
21:24:06.0531 3976 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:24:06.0546 3976 SASDIFSV - ok
21:24:06.0656 3976 SASENUM - ok
21:24:06.0671 3976 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:24:06.0687 3976 SASKUTIL - ok
21:24:06.0750 3976 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:24:06.0781 3976 SCardSvr - ok
21:24:06.0796 3976 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:24:06.0828 3976 Schedule - ok
21:24:06.0843 3976 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:24:06.0859 3976 Secdrv - ok
21:24:06.0890 3976 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:24:06.0906 3976 seclogon - ok
21:24:07.0046 3976 Secunia PSI Agent (456b0b5844575714db0370742cbb7a88) C:\Program Files\Secunia\PSI\PSIA.exe
21:24:07.0140 3976 Secunia PSI Agent - ok
21:24:07.0187 3976 Secunia Update Agent (e5c9695967b022317bb1d96bc15cfda0) C:\Program Files\Secunia\PSI\sua.exe
21:24:07.0265 3976 Secunia Update Agent - ok
21:24:07.0375 3976 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
21:24:07.0453 3976 SecureStorageService - ok
21:24:07.0625 3976 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:24:07.0640 3976 SENS - ok
21:24:07.0687 3976 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:24:07.0703 3976 Serenum - ok
21:24:07.0718 3976 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:24:07.0734 3976 Serial - ok
21:24:07.0875 3976 SfCtlCom (58c52cf9dd452817b9f4ba0781014836) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
21:24:07.0906 3976 SfCtlCom - ok
21:24:07.0921 3976 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:24:07.0937 3976 Sfloppy - ok
21:24:07.0968 3976 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:24:07.0968 3976 ShellHWDetection - ok
21:24:07.0984 3976 Simbad - ok
21:24:08.0000 3976 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:24:08.0015 3976 sisagp - ok
21:24:08.0062 3976 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:24:08.0078 3976 SLIP - ok
21:24:08.0093 3976 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:24:08.0109 3976 SONYPVU1 - ok
21:24:08.0125 3976 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:24:08.0140 3976 Sparrow - ok
21:24:08.0187 3976 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:24:08.0187 3976 splitter - ok
21:24:08.0218 3976 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:24:08.0250 3976 Spooler - ok
21:24:08.0343 3976 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:24:08.0359 3976 SQLBrowser - ok
21:24:08.0406 3976 SQLWriter (d2f4f32b59440011174b4f8137af4e0c) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:24:08.0421 3976 SQLWriter - ok
21:24:08.0453 3976 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:24:08.0468 3976 sr - ok
21:24:08.0531 3976 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:24:08.0562 3976 srservice - ok
21:24:08.0593 3976 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:24:08.0640 3976 Srv - ok
21:24:08.0671 3976 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:24:08.0687 3976 SSDPSRV - ok
21:24:08.0750 3976 ssudmdm (8f299012ef58246f1c98de7b7e48dbf0) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
21:24:08.0765 3976 ssudmdm - ok
21:24:08.0812 3976 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\WINDOWS\system32\StacSV.exe
21:24:08.0859 3976 STacSV - ok
21:24:08.0984 3976 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
21:24:08.0984 3976 STHDA - ok
21:24:09.0031 3976 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:24:09.0062 3976 stisvc - ok
21:24:09.0109 3976 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:24:09.0140 3976 stllssvr - ok
21:24:09.0234 3976 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:24:09.0250 3976 streamip - ok
21:24:09.0265 3976 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:24:09.0265 3976 swenum - ok
21:24:09.0312 3976 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:24:09.0328 3976 swmidi - ok
21:24:09.0375 3976 swmsflt (150ab4fa272130ec55b2a4faebdf47f9) C:\WINDOWS\System32\drivers\swmsflt.sys
21:24:09.0390 3976 swmsflt - ok
21:24:09.0437 3976 swmx00 (af88ae62b84d016eb5bdc12ddf1005a3) C:\WINDOWS\system32\DRIVERS\swmx00.sys
21:24:09.0468 3976 swmx00 - ok
21:24:09.0515 3976 SWNC5E00 (24bce62e4da07c6488e3a7ff37a6b6ae) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
21:24:09.0578 3976 SWNC5E00 - ok
21:24:09.0578 3976 SwPrv - ok
21:24:09.0640 3976 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:24:09.0671 3976 symc810 - ok
21:24:09.0687 3976 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:24:09.0703 3976 symc8xx - ok
21:24:09.0718 3976 SymIM - ok
21:24:09.0718 3976 SymIMMP - ok
21:24:09.0750 3976 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:24:09.0765 3976 sym_hi - ok
21:24:09.0796 3976 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:24:09.0812 3976 sym_u3 - ok
21:24:09.0843 3976 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:24:09.0859 3976 sysaudio - ok
21:24:09.0890 3976 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:24:09.0921 3976 SysmonLog - ok
21:24:09.0968 3976 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:24:10.0000 3976 TapiSrv - ok
21:24:10.0062 3976 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:24:10.0093 3976 Tcpip - ok
21:24:10.0312 3976 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
21:24:10.0421 3976 tcsd_win32.exe - ok
21:24:10.0578 3976 TdmService (a27d803b21f24a5cfb775944ea4cb130) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
21:24:10.0625 3976 TdmService - ok
21:24:10.0781 3976 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:24:10.0796 3976 TDPIPE - ok
21:24:10.0796 3976 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:24:10.0812 3976 TDTCP - ok
21:24:10.0843 3976 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:24:10.0859 3976 TermDD - ok
21:24:10.0906 3976 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:24:10.0921 3976 TermService - ok
21:24:10.0968 3976 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:24:10.0968 3976 Themes - ok
21:24:11.0000 3976 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:24:11.0031 3976 TlntSvr - ok
21:24:11.0062 3976 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\WINDOWS\system32\drivers\tmactmon.sys
21:24:11.0078 3976 tmactmon - ok
21:24:11.0218 3976 TMBMServer (b365e817e398ff2ac5706eab232ef6c1) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
21:24:11.0250 3976 TMBMServer - ok
21:24:11.0296 3976 tmcfw (fcfa40e475ff5549f5cd335f4046aba4) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
21:24:11.0343 3976 tmcfw - ok
21:24:11.0390 3976 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\WINDOWS\system32\drivers\tmcomm.sys
21:24:11.0406 3976 tmcomm - ok
21:24:11.0437 3976 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\WINDOWS\system32\drivers\tmevtmgr.sys
21:24:11.0453 3976 tmevtmgr - ok
21:24:11.0515 3976 TmPfw (255328cf08d602368b69ff1f55ebd93e) C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
21:24:11.0546 3976 TmPfw - ok
21:24:11.0593 3976 tmpreflt (379c4f99994a56b66e11d1e32bb22a1c) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
21:24:11.0609 3976 tmpreflt - ok
21:24:11.0671 3976 TmProxy (0fec6c50b2be07c57651573cdd1c721f) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
21:24:11.0718 3976 TmProxy - ok
21:24:11.0734 3976 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
21:24:11.0750 3976 tmtdi - ok
21:24:11.0781 3976 tmxpflt (717e406972bbc07f8fb2a989416cab73) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
21:24:11.0828 3976 tmxpflt - ok
21:24:11.0859 3976 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:24:11.0875 3976 TosIde - ok
21:24:11.0906 3976 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:24:11.0921 3976 TrkWks - ok
21:24:11.0968 3976 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:24:11.0984 3976 Udfs - ok
21:24:12.0015 3976 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:24:12.0031 3976 ultra - ok
21:24:12.0078 3976 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:24:12.0125 3976 Update - ok
21:24:12.0156 3976 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:24:12.0171 3976 upnphost - ok
21:24:12.0203 3976 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:24:12.0218 3976 UPS - ok
21:24:12.0218 3976 USBAAPL - ok
21:24:12.0250 3976 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:24:12.0265 3976 usbccgp - ok
21:24:12.0312 3976 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:24:12.0328 3976 usbehci - ok
21:24:12.0375 3976 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:24:12.0390 3976 usbhub - ok
21:24:12.0421 3976 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:24:12.0437 3976 usbohci - ok
21:24:12.0468 3976 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:24:12.0484 3976 usbprint - ok
21:24:12.0515 3976 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:24:12.0531 3976 usbscan - ok
21:24:12.0578 3976 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:24:12.0593 3976 USBSTOR - ok
21:24:12.0640 3976 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:24:12.0656 3976 usbuhci - ok
21:24:12.0687 3976 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:24:12.0703 3976 VgaSave - ok
21:24:12.0750 3976 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:24:12.0765 3976 viaagp - ok
21:24:12.0781 3976 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:24:12.0796 3976 ViaIde - ok
21:24:12.0812 3976 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:24:12.0843 3976 VolSnap - ok
21:24:12.0968 3976 vsapint (642eb152cb980ad9181b2161066be629) C:\WINDOWS\system32\DRIVERS\vsapint.sys
21:24:12.0984 3976 vsapint - ok
21:24:13.0156 3976 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:24:13.0187 3976 VSS - ok
21:24:13.0250 3976 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:24:13.0265 3976 w32time - ok
21:24:13.0312 3976 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:24:13.0328 3976 Wanarp - ok
21:24:13.0343 3976 Wave UCSPlus - ok
21:24:13.0500 3976 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
21:24:13.0546 3976 WaveEnrollmentService - ok
21:24:13.0625 3976 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
21:24:13.0640 3976 WaveFDE - ok
21:24:13.0687 3976 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
21:24:13.0718 3976 WavxDMgr - ok
21:24:13.0765 3976 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:24:13.0828 3976 Wdf01000 - ok
21:24:13.0843 3976 WDICA - ok
21:24:13.0875 3976 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:24:13.0890 3976 wdmaud - ok
21:24:13.0937 3976 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:24:13.0953 3976 WebClient - ok
21:24:14.0046 3976 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:24:14.0125 3976 winachsf - ok
21:24:14.0187 3976 WinDriver6 (097a8291df541f9b9af2c500797cdcaa) C:\WINDOWS\system32\drivers\windrvr6.sys
21:24:14.0250 3976 WinDriver6 - ok
21:24:14.0328 3976 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:24:14.0343 3976 winmgmt - ok
21:24:14.0390 3976 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
21:24:14.0406 3976 WinUSB - ok
21:24:14.0437 3976 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:24:14.0453 3976 WmdmPmSN - ok
21:24:14.0515 3976 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:24:14.0531 3976 Wmi - ok
21:24:14.0562 3976 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:24:14.0578 3976 WmiAcpi - ok
21:24:14.0609 3976 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:24:14.0640 3976 WmiApSrv - ok
21:24:14.0828 3976 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:24:14.0906 3976 WMPNetworkSvc - ok
21:24:14.0953 3976 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:24:14.0968 3976 WpdUsb - ok
21:24:15.0000 3976 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:24:15.0015 3976 wscsvc - ok
21:24:15.0062 3976 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:24:15.0078 3976 WSTCODEC - ok
21:24:15.0109 3976 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:24:15.0125 3976 wuauserv - ok
21:24:15.0156 3976 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:24:15.0187 3976 WudfPf - ok
21:24:15.0187 3976 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:24:15.0203 3976 WudfRd - ok
21:24:15.0218 3976 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:24:15.0234 3976 WudfSvc - ok
21:24:15.0296 3976 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:24:15.0312 3976 WZCSVC - ok
21:24:15.0359 3976 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:24:15.0390 3976 xmlprov - ok
21:24:15.0453 3976 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:24:15.0859 3976 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:24:15.0859 3976 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:24:15.0859 3976 Boot (0x1200) (fc4de82817e8d219b1a528b4d6c30c22) \Device\Harddisk0\DR0\Partition0
21:24:15.0859 3976 \Device\Harddisk0\DR0\Partition0 - ok
21:24:15.0859 3976 ============================================================
21:24:15.0859 3976 Scan finished
21:24:15.0859 3976 ============================================================
21:24:15.0875 0108 Detected object count: 2
21:24:15.0875 0108 Actual detected object count: 2
21:24:52.0937 0108 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:24:52.0937 0108 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
21:24:52.0937 0108 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:24:52.0937 0108 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:26:06.0250 0720 Deinitialize success


aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-20 21:26:59
-----------------------------
21:26:59.453 OS Version: Windows 5.1.2600 Service Pack 3
21:26:59.453 Number of processors: 2 586 0xF0D
21:26:59.453 ComputerName: KNRCOMP UserName: Nathan
21:27:07.875 Initialize success
21:28:07.109 AVAST engine defs: 12062001
21:28:32.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
21:28:32.031 Disk 0 Vendor: WDC_WD1200BEVT-75ZCT2 11.01A11 Size: 114473MB BusType: 3
21:28:32.093 Disk 0 MBR read successfully
21:28:32.093 Disk 0 MBR scan
21:28:32.140 Disk 0 Windows VISTA default MBR code
21:28:32.140 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 94 MB offset 63
21:28:32.171 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114376 MB offset 192780
21:28:32.187 Disk 0 scanning sectors +234436545
21:28:32.281 Disk 0 scanning C:\WINDOWS\system32\drivers
21:28:57.500 Service scanning
21:29:32.015 Modules scanning
21:30:06.312 Disk 0 trace - called modules:
21:30:06.375 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
21:30:06.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4ddab8]
21:30:06.390 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a5cfd98]
21:30:07.046 AVAST engine scan C:\WINDOWS
21:30:14.781 AVAST engine scan C:\WINDOWS\system32
21:35:41.500 AVAST engine scan C:\WINDOWS\system32\drivers
21:36:07.468 AVAST engine scan C:\Documents and Settings\Nathan.KNRCOMP
21:41:28.890 AVAST engine scan C:\Documents and Settings\All Users
21:44:28.468 Scan finished successfully
21:45:13.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nathan.KNRCOMP\Desktop\MBR.dat"
21:45:13.687 The log file has been saved successfully to "C:\Documents and Settings\Nathan.KNRCOMP\Desktop\aswMBR.txt"


ESET:

C:\Documents and Settings\Kate.KNRCOMP\Application Data\Sun\Java\Deployment\cache\6.0\25\4edcaf59-345f1b4e a variant of Java/Exploit.CVE-2012-0507.BO trojan deleted - quarantined
C:\Documents and Settings\Nathan.KNRCOMP\Application Data\Sun\Java\Deployment\cache\6.0\1\509e0f41-717b471a a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Nathan.KNRCOMP\Application Data\Sun\Java\Deployment\cache\6.0\44\2cc02aac-78e46bcd a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Nathan.KNRCOMP\Application Data\Sun\Java\Deployment\cache\6.0\44\6446cc6c-365cadb5 Java/Exploit.CVE-2012-0507.BO trojan deleted - quarantined
C:\Documents and Settings\Nathan.KNRCOMP\Application Data\Sun\Java\Deployment\cache\6.0\52\d012bf4-3fb78e3a multiple threats deleted - quarantined
C:\Documents and Settings\Nathan.KNRCOMP\Desktop\DooMLoRD_v4_ROOT-zergRush-busybox-su.zip Android/Exploit.Lotoor.AN trojan deleted - quarantined
C:\Documents and Settings\Nathan.KNRCOMP\Desktop\Root Phone\files\zergRush Android/Exploit.Lotoor.AN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Nathan.KNRCOMP\Local Settings\Application Data\{d6487bb5-aa26-126a-ab74-39b952960af6}\n Win32/Sirefef.EV trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Nathan.KNRCOMP\Local Settings\Temp\NOD7EFA.tmp Win32/Sirefef.EV trojan cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\Installer\{d6487bb5-aa26-126a-ab74-39b952960af6}\n Win32/Sirefef.EV trojan cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\Installer\{d6487bb5-aa26-126a-ab74-39b952960af6}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{d6487bb5-aa26-126a-ab74-39b952960af6}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
Operating memory multiple threats

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:53 PM

Posted 21 June 2012 - 09:58 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

MiniToolBox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.


Download

System look

COpy this script and paste it in search BOX

:filefind
services.exe
:folderfind
{d6487bb5-aa26-126a-ab74-39b952960af6}


Click on LOOK,post the generated log

Edited by narenxp, 23 June 2012 - 12:45 AM.


#5 natemr

natemr
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 22 June 2012 - 10:08 PM

1. Ran Malwarebytes (in regular mode), selected and removed infections. Rebooted in regular mode, ran it again and had a clean log. Your instructions didn't include to post these logs, so please let me know if I need to do that.

2. MiniToolBox Log:

MiniToolBox by Farbar Version: 09-06-2012
Ran by Nathan (administrator) on 22-06-2012 at 21:46:23
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 13967 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : KNRCOMP

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-21-70-D1-49-D9

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.78.72

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-23-4E-CD-BF-47

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.122

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Friday, June 22, 2012 5:08:13 PM

Lease Expires . . . . . . . . . . : Saturday, June 23, 2012 5:08:13 PM

Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.227.128, 74.125.227.129, 74.125.227.130, 74.125.227.131
74.125.227.132, 74.125.227.133, 74.125.227.134, 74.125.227.135, 74.125.227.136
74.125.227.137, 74.125.227.142



Pinging google.com [74.125.227.131] with 32 bytes of data:



Reply from 74.125.227.131: bytes=32 time=34ms TTL=51

Reply from 74.125.227.131: bytes=32 time=35ms TTL=49



Ping statistics for 74.125.227.131:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 34ms, Maximum = 35ms, Average = 34ms

Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=86ms TTL=47

Reply from 72.30.38.140: bytes=32 time=85ms TTL=47



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 85ms, Maximum = 86ms, Average = 85ms

Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 70 d1 49 d9 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 23 4e cd bf 47 ...... Dell Wireless 1395 WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.122 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.78.72 169.254.78.72 10
169.254.78.72 255.255.255.255 127.0.0.1 127.0.0.1 10
169.254.255.255 255.255.255.255 169.254.78.72 169.254.78.72 10
192.168.0.0 255.255.255.0 192.168.0.122 192.168.0.122 25
192.168.0.122 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.122 192.168.0.122 25
224.0.0.0 240.0.0.0 169.254.78.72 169.254.78.72 10
224.0.0.0 240.0.0.0 192.168.0.122 192.168.0.122 25
255.255.255.255 255.255.255.255 169.254.78.72 169.254.78.72 1
255.255.255.255 255.255.255.255 192.168.0.122 192.168.0.122 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\System32\mswsock.dll

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
Catalog9 30 mswsock.dll [File Not found] ()
Catalog9 31 mswsock.dll [File Not found] ()
Catalog9 32 mswsock.dll [File Not found] ()
Catalog9 33 mswsock.dll [File Not found] ()
Catalog9 34 mswsock.dll [File Not found] ()
Catalog9 35 mswsock.dll [File Not found] ()
Catalog9 36 mswsock.dll [File Not found] ()
Catalog9 37 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/21/2012 06:31:57 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/21/2012 11:54:45 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/18/2012 10:31:52 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (06/22/2012 08:06:57 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%2

Error: (06/22/2012 08:06:47 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%2

Error: (06/22/2012 08:06:46 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%2

Error: (06/22/2012 08:06:21 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%2

Error: (06/21/2012 10:50:04 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%2

Error: (06/21/2012 10:49:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (06/21/2012 10:49:49 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (06/21/2012 10:49:49 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%2

Error: (06/21/2012 10:48:14 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (06/21/2012 00:02:18 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Akamai NetSession Interface Service
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoImpression 5
ArcSoft Print Creations - Brochure
ArcSoft Print Creations - Photo Calendar
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.8.1.0)
biolsp patch (Version: 01.00.02.0005)
Bonjour (Version: 3.0.0.10)
Broadcom ASF Management Applications (Version: 10.13.02)
Broadcom Management Programs (Version: 10.15.01)
CCleaner (Version: 3.19)
Cisco Connect (Version: 1.4.11299.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HDA D330 MDC V.92 Modem (Version: 7.74.00)
Coupon Printer for Windows (Version: 4.0)
Coupon Printer for Windows (Version: 5.0.0.0)
Dell Drivers MSI (Version: 01.00.00.0010)
Dell Embassy Trust Suite by Wave Systems (Version: 02.01.00.026)
Dell Resource CD (Version: 1.00.0000)
Dell Touchpad (Version: Version 7.1.101.6)
Digital Line Detect (Version: 1.21)
Document Manager Lite (Version: 06.06.00.066)
Epson Event Manager (Version: 2.00.00)
EPSON Print CD (Version: 1.50.000)
EPSON Printer Software
EPSON Scan
EPSON Stylus Photo RX580 Scanner Driver Update
EPSON Stylus Photo RX580 User's Guide
EPSON WorkForce 600 Series Printer Uninstall
EpsonNet Config V3 (Version: 3.0b)
EpsonNet Print (Version: 2.4h)
ESC Home Page Plugin (Version: 03.01.00.018)
ESET Online Scanner v3
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) (Version: 9.3.4053)
Gemalto (Version: 01.00.00.0010)
GemSafe Standard Edition 5.1 (Version: 5.10.000.007)
Google Talk Plugin (Version: 2.9.10.7526)
Google Update Helper (Version: 1.3.21.111)
InstallVC90Support (Version: 1.01.0000)
IntelliSonic Speech Enhancement (Version: 2.1.37)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
LeapFrog Connect (Version: 3.2.19.13664)
LeapFrog Leapster Explorer Plugin (Version: 3.2.22.13714)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Project Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (NR2007) (Version: 9.3.4035.00)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft WinUsb 1.0
Modem Diagnostic Tool (Version: 1.0.24.0)
MotoHelper 2.0.53 Driver 5.2.0 (Version: 2.0.53)
MotoHelper MergeModules (Version: 1.2.0)
MOTOROLA MEDIA LINK (Version: 1.5.4090.2)
Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
NetWaiting (Version: 2.5.53)
NTRU TCG Software Stack (Version: 2.1.25)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PowerDVD (Version: 8.1)
Preboot Manager (Version: 2.0.1.2)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
Private Information Manager (Version: 06.01.00.023)
progeCAD 2009 Smart! ENG
Quicken 2012 (Version: 21.1.5.33)
QuickTime (Version: 7.71.80.42)
Revo Uninstaller 1.92 (Version: 1.92)
Rhapsody
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator BDAV Plugin (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Samsung Kies (Version: 2.0.3.11082_152)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0)
Secunia PSI (2.0.0.2001)
Secure Update (Version: 05.04.00.010)
Security Wizards (Version: 01.04.00.014)
Shutterfly Express Uploader (Version: 1.1.0)
Shutterfly Express Uploader (Version: 1.1.0.0)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
SUPERAntiSpyware (Version: 5.1.1002)
Trend Micro Internet Security Pro (Version: 17.50)
Trusted Drive Manager (Version: 2.1.1.2)
tsp patch (Version: 01.00.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
upekmsi (Version: 02.00.03.0000)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual C++ 8.0 x86 Runtime Setup Package (Version: 1.0.0.0)
Wave Infrastructure Installer (Version: 05.00.01.0050)
Wave Support Software (Version: 05.07.00.026)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
WinPatrol (Version: 19.3.2010.5)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 2037.89 MB
Available physical RAM: 1314.45 MB
Total Pagefile: 3930.63 MB
Available Pagefile: 3405.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.56 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:111.7 GB) (Free:76.22 GB) NTFS

========================= Users: ========================================

User accounts for \\KNRCOMP

Administrator Guest HelpAssistant
Kate Nathan SUPPORT_388945a0


**** End of log ****


3. SystemLook Log:

SystemLook 30.07.11 by jpshortstuff
Log created at 21:54 on 22/06/2012 by Nathan
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe --a---- 110592 bytes [13:54 17/04/2009] [11:06 06/02/2009] 020CEAAEDC8EB655B6506B8C70D53BB6
C:\WINDOWS\$NtUninstallKB956572$\services.exe -----c- 108544 bytes [16:11 12/06/2010] [12:00 14/04/2008] 0E776ED5F7CC9F94299E70461B7B8185
C:\WINDOWS\system32\services.exe --a---- 110592 bytes [12:00 14/04/2008] [11:11 06/02/2009] 65DF52F5B8B6E9BBD183505225C37315
C:\WINDOWS\system32\dllcache\services.exe --a--c- 110592 bytes [12:00 14/04/2008] [11:11 06/02/2009] 65DF52F5B8B6E9BBD183505225C37315

Invalid Context: foldeerfind

No Context: {d6487bb5-aa26-126a-ab74-39b952960af6}

-= EOF =-



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:53 PM

Posted 23 June 2012 - 12:46 AM

Can you re run system look.There was an error in the script which i edited now.

#7 Adirondack

Adirondack

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 23 June 2012 - 09:10 AM

I too was recently infected by the same FBI Ransomware. I used a combination of (1) FixNCR.reg; (2)MalwareBytes in SafeMode;(3) a system restor to take back control of my PC. I also updated Malwarebytes and MS Security Essentials and ran full scans. Malwarebytes did remove a ransomware item. Based on the characteristics of Citadel, I am also concerned about the possibiity of ongoing data collection on my computer. I request support to walk me through the process of ensuring I am running fully clean

Link to Maleware description:
http://www.ic3.gov/media/2012/120530.aspx

Thanks,

#8 natemr

natemr
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 23 June 2012 - 09:14 AM

Done. Thanks!

SystemLook 30.07.11 by jpshortstuff
Log created at 09:10 on 23/06/2012 by Nathan
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe --a---- 110592 bytes [13:54 17/04/2009] [11:06 06/02/2009] 020CEAAEDC8EB655B6506B8C70D53BB6
C:\WINDOWS\$NtUninstallKB956572$\services.exe -----c- 108544 bytes [16:11 12/06/2010] [12:00 14/04/2008] 0E776ED5F7CC9F94299E70461B7B8185
C:\WINDOWS\system32\services.exe --a---- 110592 bytes [12:00 14/04/2008] [11:11 06/02/2009] 65DF52F5B8B6E9BBD183505225C37315
C:\WINDOWS\system32\dllcache\services.exe --a--c- 110592 bytes [12:00 14/04/2008] [11:11 06/02/2009] 65DF52F5B8B6E9BBD183505225C37315

========== folderfind ==========

Searching for "{d6487bb5-aa26-126a-ab74-39b952960af6}"
C:\Documents and Settings\Nathan.KNRCOMP\Local Settings\Application Data\{d6487bb5-aa26-126a-ab74-39b952960af6} d--hs-- [12:00 14/04/2008]
C:\WINDOWS\Installer\{d6487bb5-aa26-126a-ab74-39b952960af6} d--hs-- [12:00 14/04/2008]

-= EOF =-

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:53 PM

Posted 23 June 2012 - 10:42 AM

Open your C drive

On top,click on TOOLS-FOLDER OPTIONS

Click on view tab and scroll down

Checkmark show hidden files
Uncheck Hide operating system files

CLick ok

Delete both these folders

C:\Documents and Settings\Nathan.KNRCOMP\Local Settings\Application Data\{d6487bb5-aa26-126a-ab74-39b952960af6}
C:\WINDOWS\Installer\{d6487bb5-aa26-126a-ab74-39b952960af6}

Now re run system look and post the log

Press Windows+R key and type

cmd and click ok and run this command

netsh winsock reset

Press ENTER

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections


Checkmark Restart System When Finished option
click the Start button

Restart the PC

Download

Farbar Service Scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

What are the current issues you face?

Edited by narenxp, 23 June 2012 - 10:43 AM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:53 PM

Posted 23 June 2012 - 10:43 AM

Adirondack

Create a new topic

Thanks

#11 natemr

natemr
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 24 June 2012 - 09:25 PM

1. Deleted Files and ran SystemLook. Log:
SystemLook 30.07.11 by jpshortstuff
Log created at 21:01 on 24/06/2012 by Nathan
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe --a---- 110592 bytes [13:54 17/04/2009] [11:06 06/02/2009] 020CEAAEDC8EB655B6506B8C70D53BB6
C:\WINDOWS\$NtUninstallKB956572$\services.exe -----c- 108544 bytes [16:11 12/06/2010] [12:00 14/04/2008] 0E776ED5F7CC9F94299E70461B7B8185
C:\WINDOWS\system32\services.exe --a---- 110592 bytes [12:00 14/04/2008] [11:11 06/02/2009] 65DF52F5B8B6E9BBD183505225C37315
C:\WINDOWS\system32\dllcache\services.exe --a--c- 110592 bytes [12:00 14/04/2008] [11:11 06/02/2009] 65DF52F5B8B6E9BBD183505225C37315

========== folderfind ==========

Searching for "{d6487bb5-aa26-126a-ab74-39b952960af6}"
No folders found.

-= EOF =-

2. Ran cmd noted
3. Ran Windows Repair Tool. Not sure is this creates a log.
4. Ran Farbar Service Scanner. Log:
Farbar Service Scanner Version: 24-06-2012 01
Ran by Nathan (administrator) on 24-06-2012 at 21:20:20
Running from "C:\Documents and Settings\Nathan.KNRCOMP\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:53 PM

Posted 25 June 2012 - 12:09 AM

That looks good

Download HOSTS fix

http://go.microsoft.com/?linkid=9668866

Run it


Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#13 natemr

natemr
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 27 June 2012 - 09:40 PM

Thanks for the last post and reminder to update java. However, I don't think I'm out of the woods yet.

One thing is that whenever I start up my computer I get a window labeled RUNDLL, and says: Error loading C:\DOCUME~1\USER\LOCALS~1\Temp\tpl_0_c.exe

Another is that services seem to be running more that normal when idle, as well as when I use CCleaner it cleans out a lot more temporary internet files that normal.

I reran ESET and it found another trojan, and I can't find where ESET saved that log at, whic is frustrating. Any suggestions as to what to do next?

Thanks.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:53 PM

Posted 27 June 2012 - 09:43 PM

Press Windows+R key and type

%HOMEPATH%\Start Menu\Programs\Startup

click ok

Delete CTFMON.LNK file from the folder

Restart the PC and let me know if you have the error pop up

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Copy the contents of text file here

Can you re run ESET online scanner and post the log?

Edited by narenxp, 27 June 2012 - 09:46 PM.


#15 natemr

natemr
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 02 July 2012 - 10:49 PM

It took me a while to run ESET and find the log, but I found it. First, I did delete the LNK file and I do not get that same error, thank you!

I ran Autoruns...file:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\apoint\apoint.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "UfSeAgnt.exe" "Trend Micro Server Agent" "Trend Micro Inc." "c:\program files\trend micro\internet security\ufseagnt.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ProgeSOFT JPG Wizard" "SSCoInst" "SS" "c:\documents and settings\nathan.knrcomp\local settings\application data\progesoft jpg wizard\qjlujric.dll"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EncryptDocMgr" "ContextMenuItem Module" "Wave Systems Corp." "c:\program files\wave systems corp\services manager\docmgr\bin\contextmenuitem.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "TMD Shell Extension" "Tmdshell Dynamic Link Library" "Trend Micro Inc." "c:\program files\trend micro\internet security\tmdshell.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "VBPropSheet" "VBProp Dynamic Link Library" "Trend Micro Inc." "c:\program files\trend micro\internet security\vbprop.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EncryptDocMgr" "ContextMenuItem Module" "Wave Systems Corp." "c:\program files\wave systems corp\services manager\docmgr\bin\contextmenuitem.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "Roxio DragToDisc Shell Extension" "DirectCD Shell Extention DLL" "Roxio" "c:\program files\roxio\drag-to-disc\shellex.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "PIDirectoryHook" "" "" "c:\program files\arcsoft\photoimpression 5\share\pihook.dll"
+ "Roxio DragToDisc Shell Extension" "DirectCD Shell Extention DLL" "Roxio" "c:\program files\roxio\drag-to-disc\shellex.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "TMD Shell Extension" "Tmdshell Dynamic Link Library" "Trend Micro Inc." "c:\program files\trend micro\internet security\tmdshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-2811323974-1893285444-1937199883-1007Core.job" "Google Installer" "Google Inc." "c:\documents and settings\nathan.knrcomp\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-2811323974-1893285444-1937199883-1007UA.job" "Google Installer" "Google Inc." "c:\documents and settings\nathan.knrcomp\local settings\application data\google\update\googleupdate.exe"
+ "MotoHelper MUM.job" "MotoHelperUpdate" "" "c:\program files\motorola\motohelper\motohelperupdate.exe"
+ "MotoHelper Routing.job" "MotoHelperUpdate" "" "c:\program files\motorola\motohelper\motohelperupdate.exe"
+ "MotoHelper Update.job" "MotoHelperUpdate" "" "c:\program files\motorola\motohelper\motohelperupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "DeviceMonitorService" "This service supports to NGP for getting device information" "Nero AG" "c:\program files\motorola media link\lite\nserviceentry.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jqs.exe"
+ "LeapFrog Connect Device Service" "Manages LeapFrog Connect devices." "LeapFrog Enterprises, Inc." "c:\program files\leapfrog\leapfrog connect\commandservice.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "SfCtlCom" "Manages all components of Trend Micro Internet Security." "Trend Micro Inc." "c:\program files\trend micro\internet security\sfctlcom.exe"
+ "TMBMServer" "Manages the Trend Micro unauthorized change prevention feature" "Trend Micro Inc." "c:\program files\trend micro\bm\tmbmsrv.exe"
+ "TmPfw" "Manages the Trend Micro Personal Firewall." "Trend Micro Inc." "c:\program files\trend micro\internet security\tmpfw.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Afc" "Arcsoft® ASPI Shell" "Arcsoft, Inc." "c:\windows\system32\drivers\afc.sys"
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys"
+ "BASFND" "Broadcom NetDetect Driver." "Broadcom Corporation" "c:\program files\broadcom\asfipmon\basfnd.sys"
+ "bcm" "Beceem Communications Inc. WiMAX driver" "Beceem communications pvt ltd." "c:\windows\system32\drivers\drxvi314.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl5.sys"
+ "bcmbusctr" "Beceem Communications Inc. WiMAX driver" "Beceem communications pvt ltd." "c:\windows\system32\drivers\bcmbusctr.sys"
+ "BTCFilterService" "" "" "File not found: system32\DRIVERS\motfilt.sys"
+ "cerc6" "" "" "File not found: C:\WINDOWS\System32\Drivers\cerc6.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "cm_ser" "USB Modem/Serial Device Driver" "C-motech Co.,Ltd." "c:\windows\system32\drivers\cm_ser.sys"
+ "dg_ssudbus" "SAMSUNG USB Composite Device Driver (MSS Ver.3)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudbus.sys"
+ "dgderdrv" "Device Error Recovery SDK(x86)" "Devguru Co., Ltd" "c:\windows\system32\drivers\dgderdrv.sys"
+ "DLABMFSM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlabmfsm.sys"
+ "DLABOIOM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlaboiom.sys"
+ "DLACDBHM" "" "" "File not found: C:\WINDOWS\System32\Drivers\DLACDBHM.sys"
+ "DLADResM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dladresm.sys"
+ "DLAIFS_M" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlaifs_m.sys"
+ "DLAOPIOM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlaopiom.sys"
+ "DLAPoolM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlapoolm.sys"
+ "DLARTL_M" "Shared Driver Component" "Roxio" "c:\windows\system32\drivers\dlartl_m.sys"
+ "DLAUDF_M" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlaudf_m.sys"
+ "DLAUDFAM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlaudfam.sys"
+ "DRVMCDB" "Device Driver" "Sonic Solutions" "c:\windows\system32\drivers\drvmcdb.sys"
+ "DRVNDDM" "Device Driver Manager" "Roxio" "c:\windows\system32\drivers\drvnddm.sys"
+ "DXEC01" "dxec01.sys" "Knowles Acoustics" "c:\windows\system32\drivers\dxec01.sys"
+ "FsUsbExDisk" "" "" "c:\windows\system32\fsusbexdisk.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "guardian2" "O2Micro USB CCID SmartCard Reader" "O2Micro" "c:\windows\system32\drivers\oz776.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dpv.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwazl.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\igxpmp32.sys"
+ "Lbd" "Ad-Aware mini-filter driver" "" "File not found: system32\DRIVERS\Lbd.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "Leapfrog-USBLAN" "Windows USBLAN Host Driver" "Belcarra Technologies" "c:\windows\system32\drivers\btblan.sys"
+ "libusb0" "LibUSB-Win32 - Kernel Driver" "http://libusb-win32.sourceforge.net" "c:\windows\system32\drivers\libusb0.sys"
+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "MfeAVFK" "Anti-Virus File System Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeavfk.sys"
+ "MfeBOPK" "Buffer Overflow Protection Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfebopk.sys"
+ "mfehidk" "Host Intrusion Detection Link Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfehidk.sys"
+ "MfeRKDK" "VSCore Code Analysis Driver" "McAfee, Inc." "c:\windows\system32\drivers\mferkdk.sys"
+ "mfetdik" "Anti-Virus Mini-Firewall Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfetdik.sys"
+ "motccgp" "" "" "File not found: system32\DRIVERS\motccgp.sys"
+ "motccgpfl" "" "" "File not found: system32\DRIVERS\motccgpfl.sys"
+ "motmodem" "" "" "File not found: system32\DRIVERS\motmodem.sys"
+ "MotoSwitchService" "" "" "File not found: system32\DRIVERS\motswch.sys"
+ "Motousbnet" "" "" "File not found: system32\DRIVERS\Motousbnet.sys"
+ "motusbdevice" "" "" "File not found: system32\DRIVERS\motusbdevice.sys"
+ "Nmea" "" "" "File not found: system32\DRIVERS\pctnullport.sys"
+ "NWADI" "NWADI Interface Bus Enumerator" "Novatel Wireless Inc" "c:\windows\system32\drivers\nwadienum.sys"
+ "PBADRV" "PBADRV" "Dell Inc" "c:\windows\system32\drivers\pbadrv.sys"
+ "PCASp50" "" "" "File not found: System32\Drivers\PCASp50.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PCTINDIS5" "" "" "File not found: C:\WINDOWS\system32\PCTINDIS5.SYS"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "PSI" "PSI mini-filter driver" "Secunia" "c:\windows\system32\drivers\psi_mf.sys"
+ "PTDCBus" "" "" "File not found: system32\DRIVERS\PTDCBus.sys"
+ "PTDCMdm" "PANTECH PC Card Drivers (UDP)" "" "File not found: system32\DRIVERS\PTDCMdm.sys"
+ "PTDCVsp" "PANTECH PC Card Diagnostic Serial Port (UDP)" "" "File not found: system32\DRIVERS\PTDCVsp.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RT73" "Ralink 802.11 USB Wireless Adapter Driver" "Ralink Technology, Corp." "c:\windows\system32\drivers\rt73.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASENUM" "" "" "File not found: C:\DOCUME~1\KATE~1.KNR\LOCALS~1\Temp\Temporary Directory 1 for ZZ[1].zip\SUPERAntiSpyware\SASENUM.SYS"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SONYPVU1" "Sony USB Lower Filter driver" "Sony Corporation" "c:\windows\system32\drivers\sonypvu1.sys"
+ "ssudmdm" "SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudmdm.sys"
+ "STHDA" "NDRC" "SigmaTel, Inc." "c:\windows\system32\drivers\sthda.sys"
+ "swmsflt" "Sierra Wireless Filter Driver" "" "c:\windows\system32\drivers\swmsflt.sys"
+ "swmx00" "Sierra Wireless USB MUX Driver" "Sierra Wireless Inc." "c:\windows\system32\drivers\swmx00.sys"
+ "SWNC5E00" "Sierra Wireless NDIS Driver" "Sierra Wireless Inc." "c:\windows\system32\drivers\swnc5e00.sys"
+ "SymIM" "" "" "File not found: system32\DRIVERS\SymIM.sys"
+ "SymIMMP" "" "" "File not found: system32\DRIVERS\SymIM.sys"
+ "tmactmon" "Trend Micro Activity Monitor Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmactmon.sys"
+ "tmcfw" "Trend Micro NDIS 5.0 Intermedia Driver (i386-fre)" "Trend Micro Inc." "c:\windows\system32\drivers\tm_cfw.sys"
+ "tmcomm" "Trend Micro Common Engine Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmcomm.sys"
+ "tmevtmgr" "Trend Micro Event Manager Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmevtmgr.sys"
+ "tmpreflt" "Trend Filter Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmpreflt.sys"
+ "tmtdi" "Trend Micro TDI Driver (i386-fre)" "Trend Micro Inc." "c:\windows\system32\drivers\tmtdi.sys"
+ "tmxpflt" "Trend Functionality Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmxpflt.sys"
+ "USBAAPL" "" "" "File not found: System32\Drivers\usbaapl.sys"
+ "vsapint" "Trend Virus ScanEngine" "Trend Micro Inc." "c:\windows\system32\drivers\vsapint.sys"
+ "WaveFDE" "WaveFDE Device Driver" "Windows ® Codename Longhorn DDK provider" "c:\windows\system32\drivers\wavefde.sys"
+ "WavxDMgr" "Document Manager Driver" "Wave Systems Corp." "c:\windows\system32\drivers\wavxdmgr.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
+ "WinDriver6" "WinDriver Device Driver 8.11" "Jungo" "c:\windows\system32\drivers\windrvr6.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo Video ® 5.1 Progressive Download Source" "Intel Indeo® video IVF Source Filter 5.10" "Intel Corporation" "c:\windows\system32\ivfsrc.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MACSReaderMP3 Filter" "MACSReaderMP3 Filter" "" "c:\program files\samsung\kies\external\mediamodules\macsreaderavi.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "MusicCity MPEG Splitter" "PCube MPEG Splitter Filter" "© MusicCity" "c:\windows\system32\muzmpgsp.ax"
+ "MusicCity OGG Splitter" "OGG Splitter" "© PeeringPortal" "c:\windows\system32\muzoggsp.ax"
+ "NEDFilter4Samsung Filter" "MACSReaderMP3 Filter" "L544™ Technology" "c:\program files\samsung\kies\external\mediamodules\nedfilter4samsung.ax"
+ "P3Audio" "PCube Audio Decoder Filter" "© MusicCity" "c:\windows\system32\muzdecode.ax"
+ "P3AudioEffect" "P3AudioEffect Filter" "© MUSICCITY" "c:\windows\system32\muzeffect.ax"
+ "P3MP4Splitter" "P3MP4Splitter Filter" "© MusicCity" "c:\windows\system32\muzmp4sp.ax"
+ "P3Sourcer" "AOD Sourcer Filter" "Musiccity Co.Ltd." "c:\windows\system32\muzaf1.dll"
+ "P3WMTSplitter" "P3WMTSplitter Filter" " © MusicCity" "c:\windows\system32\muzwmts.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Render Dib" "Special Effects Sample" "ArcSoft" "c:\program files\arcsoft\photoimpression 5\modules\browser\ezrgb24.ax"
+ "SelfMusicVideo Dump Filter" "SelfMusicVideo Dump Filter (DShow)" "ENJsoft Corporation" "c:\program files\samsung\kies\external\transmodules\tg_dump0708.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Snapshot" "Arcsoft Snapshot Filter 1.0" "Arcsoft Corporation" "c:\program files\common files\arcsoft\mpeg engine\arcsnap.ax"
+ "Sonic Cinemaster® Audio Decoder 4.2 (No Dolby)" "SonicHDAudio" "Sonic Solutions" "c:\program files\common files\sonic shared\cinemasteraudiond.dll"
+ "Sonic Cinemaster® VideoDecoder 4.2" "CinemasterVideo" "Sonic Solutions" "c:\program files\common files\sonic shared\cinemastervideo.dll"
+ "Sonic HD Demuxer" "Sonic HD Demuxer" "" "c:\program files\common files\sonic shared\sonichddemuxer.dll"
+ "Sonic HD Nav" "SonicHDNav" "" "c:\program files\common files\sonic shared\sonichdnav.dll"
+ "SpatialStereo Filter" "" "" "c:\windows\system32\3daudio.ax"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "SUPERAntiSpyware WinLogon Processor" "SUPERAntiSpyware.com" "c:\program files\superantispyware\saswinlo.dll"
+ "gemsafe" "Dynamic Link Library " "Gemplus" "c:\program files\gemplus\gemsafe libraries\bin\wleventnotify.dll"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "EPSON Stylus Photo RX580 Series 32MonitorBA" "EPSON Bi-directional Monitor" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbbpa.dll"
+ "EPSON WorkForce 600 Series 32MonitorBA" "EPSON Bi-directional Monitor x86" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbeka.dll"
+ "EpsonNet Print Port" "EpsonNet Print Port Monitor DLL" "SEIKO EPSON CORPORATION" "c:\windows\system32\enppmon.dll"
+ "PrimoMon" "" "" "c:\windows\system32\primomonnt.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages" "" "" ""
+ "wvauth" "Authentication Package" "Wave Systems Corp." "c:\windows\system32\wvauth.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
+ ":\WINDOWS\syste" "" "" "File not found: :\WINDOWS\syste"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "BCMLogon" "Dell Wireless WLAN Card Logon Provider" "" "File not found: C:\WINDOWS\System32\BCMLogon.dll"

ESET Log:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d25fa26fa5ca6b4ab24746af59c99bdd
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-21 04:48:37
# local_time=2012-06-20 11:48:37 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=516 16774502 100 100 0 74839160 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=97017
# found=13
# cleaned=12
# scan_time=5324
C:\Documents and Settings\Kate.KNRCOMP\Application Data\Sun\Java\Deployment\cache\6.0\25\4edcaf59-345f1b4e a variant of Java/Exploit.CVE-2012-0507.BO trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Nathan.KNRCOMP\Application Data\Sun\Java\Deployment\cache\6.0\1\509e0f41-717b471a a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Nathan.KNRCOMP\Application Data\Sun\Java\Deployment\cache\6.0\44\2cc02aac-78e46bcd a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Nathan.KNRCOMP\Application Data\Sun\Java\Deployment\cache\6.0\44\6446cc6c-365cadb5 Java/Exploit.CVE-2012-0507.BO trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Nathan.KNRCOMP\Application Data\Sun\Java\Deployment\cache\6.0\52\d012bf4-3fb78e3a multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Nathan.KNRCOMP\Desktop\DooMLoRD_v4_ROOT-zergRush-busybox-su.zip Android/Exploit.Lotoor.AN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Nathan.KNRCOMP\Desktop\Root Phone\files\zergRush Android/Exploit.Lotoor.AN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Nathan.KNRCOMP\Local Settings\Application Data\{d6487bb5-aa26-126a-ab74-39b952960af6}\n Win32/Sirefef.EV trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Nathan.KNRCOMP\Local Settings\Temp\NOD7EFA.tmp Win32/Sirefef.EV trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Installer\{d6487bb5-aa26-126a-ab74-39b952960af6}\n Win32/Sirefef.EV trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Installer\{d6487bb5-aa26-126a-ab74-39b952960af6}\U\80000000.@ a variant of Win32/Sirefef.FA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Installer\{d6487bb5-aa26-126a-ab74-39b952960af6}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} multiple threats 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d25fa26fa5ca6b4ab24746af59c99bdd
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-26 04:24:32
# local_time=2012-06-25 11:24:32 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=516 16774502 100 100 0 75270943 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=75331
# found=1
# cleaned=1
# scan_time=4097
C:\Documents and Settings\Nathan.KNRCOMP\My Documents\Downloads\InternationalPrimoPDF.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d25fa26fa5ca6b4ab24746af59c99bdd
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-02 03:14:17
# local_time=2012-07-01 10:14:17 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=516 16774485 100 100 0 75779740 0 0
# compatibility_mode=8192 67108863 100 0 20973 20973 0 0
# scanned=77130
# found=0
# cleaned=0
# scan_time=9485
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d25fa26fa5ca6b4ab24746af59c99bdd
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-03 03:26:09
# local_time=2012-07-02 10:26:09 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=516 16774502 100 100 0 75872244 0 0
# compatibility_mode=8192 67108863 100 0 113477 113477 0 0
# scanned=77650
# found=0
# cleaned=0
# scan_time=4094
ESETSmartInstaller@High as downloader log:
all ok

H




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users