Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

fradulent emails


  • Please log in to reply
6 replies to this topic

#1 kaygie

kaygie

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:baltimore, maryland
  • Local time:08:33 PM

Posted 22 June 2012 - 08:41 AM

ystrdy i began to have trouble with my pc running slower then usual and at times not responding at all. this A.M. while gaming a friend told me that he had received 2 emails from me-trouble is i have not emailed anybody in over 2 days. my system (optiplex gx280) is not the newest but it is reliable. Im still using XP and have not used half of my storage space. my friend said that the email that he received was sending him to a "work from your home" site. he knew that the email was a fake and did not use the link. my grans who are 4 and 9 have been online since school ended watching videos and playing games. there is nothing else out of the ordinary happening. i didnt get an error message my pc just refused to respond. i turned it off, let it sit all night...this morning i ran superanti spyware and Norton as well as Microsoft Security Essentials. Can you please give me some advise? tyvm in advance for your time and help!
K.

The difference is too nice - Where ends the virtue or begins the vice.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:33 AM

Posted 23 June 2012 - 01:26 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

Step 1

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Step 2

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 3

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step 4

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 kaygie

kaygie
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:baltimore, maryland
  • Local time:08:33 PM

Posted 23 June 2012 - 09:07 PM

Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
N
o
r
t
o
n
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
S
u
i
t
e
ECHO is off.
M
i
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
E
s
e
n
t
i
a
l
s
ECHO is off.
M
i
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
E
s
e
n
t
i
a
l
s
ECHO is off.
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
SUPERAntiSpyware
HijackThis 2.0.2
CCleaner
Java™ 6 Update 32
Java version out of Date!
Adobe Flash Player 11.3.300.262
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (for.)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````



Ran by tayona (administrator) on 23-06-2012 at 21:09:46
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : administrator

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.md.comcast.net.

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-0F-1F-E3-B6-F2

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 69.251.43.85

Subnet Mask . . . . . . . . . . . : 255.255.248.0

Default Gateway . . . . . . . . . : 69.251.40.1

DHCP Server . . . . . . . . . . . : 68.87.73.15

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

Lease Obtained. . . . . . . . . . : Friday, June 22, 2012 12:04:26 PM

Lease Expires . . . . . . . . . . : Monday, June 25, 2012 7:03:21 PM

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.228.69, 74.125.228.65, 74.125.228.73, 74.125.228.64
74.125.228.71, 74.125.228.68, 74.125.228.70, 74.125.228.72, 74.125.228.78
74.125.228.66, 74.125.228.67



Pinging google.com [74.125.228.3] with 32 bytes of data:



Reply from 74.125.228.3: bytes=32 time=17ms TTL=55

Reply from 74.125.228.3: bytes=32 time=16ms TTL=55



Ping statistics for 74.125.228.3:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 17ms, Average = 16ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=86ms TTL=49

Reply from 72.30.38.140: bytes=32 time=86ms TTL=49



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 86ms, Maximum = 86ms, Average = 86ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f 1f e3 b6 f2 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 69.251.40.1 69.251.43.85 20
69.251.40.0 255.255.248.0 69.251.43.85 69.251.43.85 20
69.251.43.85 255.255.255.255 127.0.0.1 127.0.0.1 20
69.255.255.255 255.255.255.255 69.251.43.85 69.251.43.85 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 69.251.43.85 69.251.43.85 20
255.255.255.255 255.255.255.255 69.251.43.85 69.251.43.85 1
Default Gateway: 69.251.40.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/23/2012 08:59:30 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/23/2012 08:59:30 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/23/2012 07:00:08 PM) (Source: Application Error) (User: )
Description: Faulting application stdrt.exe, version 5.9.0.0, faulting module stdrt.exe, version 5.9.0.0, fault address 0x00034bf8.
Processing media-specific event for [stdrt.exe!ws!]

Error: (06/23/2012 06:43:18 PM) (Source: Application Error) (User: )
Description: Faulting application stdrt.exe, version 5.9.0.0, faulting module stdrt.exe, version 5.9.0.0, fault address 0x00034bf8.
Processing media-specific event for [stdrt.exe!ws!]

Error: (06/22/2012 09:15:22 AM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.8502.0, P3 1.129.241.0, P4 1.129.241.0, P5 0000055572ad0e0a_5a087c1a63582f568a5f9230adc0b443d97a3ae6, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (06/17/2012 02:34:56 PM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.8403.0, P3 1.127.2148.0, P4 1.127.2148.0, P5 0000055572ad0e0a_5a087c1a63582f568a5f9230adc0b443d97a3ae6, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (06/16/2012 01:10:55 PM) (Source: Application Error) (User: )
Description: Faulting application stdrt.exe, version 5.9.0.0, faulting module stdrt.exe, version 5.9.0.0, fault address 0x00034c1e.
Processing media-specific event for [stdrt.exe!ws!]

Error: (06/14/2012 02:02:00 PM) (Source: Application Error) (User: )
Description: Faulting application stdrt.exe, version 5.9.0.0, faulting module stdrt.exe, version 5.9.0.0, fault address 0x00034bf8.
Processing media-specific event for [stdrt.exe!ws!]

Error: (06/11/2012 01:48:08 PM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 12.0.0.4493, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [firefox.exe!ws!]

Error: (06/11/2012 08:51:57 AM) (Source: Application Error) (User: )
Description: Faulting application stdrt.exe, version 5.9.0.0, faulting module stdrt.exe, version 5.9.0.0, fault address 0x00034bf8.
Processing media-specific event for [stdrt.exe!ws!]


System errors:
=============
Error: (06/22/2012 09:30:33 AM) (Source: 0) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:

Error: (06/22/2012 06:39:18 AM) (Source: 0) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:

Error: (06/21/2012 01:56:47 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:

Error: (06/21/2012 01:56:21 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:

Error: (06/20/2012 00:49:33 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:

Error: (06/17/2012 01:28:44 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:

Error: (06/13/2012 09:27:46 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:

Error: (06/12/2012 02:50:21 PM) (Source: 0) (User: )
Description:

Error: (06/11/2012 01:49:57 PM) (Source: 0) (User: )
Description: \Device\LanmanServer

Error: (06/11/2012 01:47:58 PM) (Source: 0) (User: )
Description: 0xC0000044c6df5158-c .. 1621bd.dmpHarddiskVolume1


Microsoft Office Sessions:
=========================
Error: (06/23/2012 08:59:30 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/23/2012 08:59:30 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/23/2012 07:00:08 PM) (Source: Application Error)(User: )
Description: stdrt.exe5.9.0.0stdrt.exe5.9.0.000034bf8

Error: (06/23/2012 06:43:18 PM) (Source: Application Error)(User: )
Description: stdrt.exe5.9.0.0stdrt.exe5.9.0.000034bf8

Error: (06/22/2012 09:15:22 AM) (Source: MPSampleSubmission)(User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.8502.01.129.241.01.129.241.00000055572ad0e0a_5a087c1a63582f568a5f9230adc0b443d97a3ae6NILNILNILNILNIL

Error: (06/17/2012 02:34:56 PM) (Source: MPSampleSubmission)(User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.8403.01.127.2148.01.127.2148.00000055572ad0e0a_5a087c1a63582f568a5f9230adc0b443d97a3ae6NILNILNILNILNIL

Error: (06/16/2012 01:10:55 PM) (Source: Application Error)(User: )
Description: stdrt.exe5.9.0.0stdrt.exe5.9.0.000034c1e

Error: (06/14/2012 02:02:00 PM) (Source: Application Error)(User: )
Description: stdrt.exe5.9.0.0stdrt.exe5.9.0.000034bf8

Error: (06/11/2012 01:48:08 PM) (Source: Application Error)(User: )
Description: firefox.exe12.0.0.44930.0.0.000000000

Error: (06/11/2012 08:51:57 AM) (Source: Application Error)(User: )
Description: stdrt.exe5.9.0.0stdrt.exe5.9.0.000034bf8


=========================== Installed Programs ============================

184635 (Version: 1.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader 9.5.1 (Version: 9.5.1)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Broadcom Advanced Control Suite 2 (Version: 7.58.01)
Broadcom Gigabit Integrated Controller (Version: 9.02.06)
CCleaner (Version: 3.06)
Dell Driver Download Manager (Version: 2.1.0.0)
Dirty Split (remove only)
Game Booster 3 (Version: 3.3.1)
Google Chrome (Version: 19.0.1084.56)
Google Toolbar for Firefox (Version: 7.1.20110512)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
HijackThis 2.0.2 (Version: 2.0.2)
Icy Tower v1.5
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
ImgBurn (Version: 2.5.0.0)
IObit Toolbar v5.9 (Version: 5.9)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 32 (Version: 6.0.320)
Kids Cam Sticker Factory (Version: )
Kidzui
Macromedia Flash Player 8 (Version: 8.0.22.0)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework Client Profile (Version: 3.5)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
Mummy Maze Deluxe 1.1
Norton Security Suite (Version: 5.2.1.3)
NVIDIA Control Panel 266.58 (Version: 266.58)
NVIDIA Graphics Driver 266.58 (Version: 266.58)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA nView 135.50 (Version: 135.50)
NVIDIA nView Desktop Manager (Version: 6.14.10.13550)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
OpenOffice.org 3.2 (Version: 3.2.9483)
Pacman Online
Smart Defrag 2 (Version: 2.1)
SoundMAX (Version: 5.12.01.7000)
SpeedFan (remove only)
SUPERAntiSpyware (Version: 4.45.1000)
swMSM (Version: 12.0.0.1)
System Requirements Lab
System Requirements Lab CYRI (Version: 4.3.1.0)
Uninstall Dual Mode Camera
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Ventrilo Client (Version: 3.0.8)
VLC media player 1.0.5 (Version: 1.0.5)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.623 )
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
winpcap-nmap 4.11
Wizard101 (Version: 1.0.0)
World of Warcraft (Version: 4.3.4.15595)
World of Warcraft Public Test (Version: 0.0.0.0)
Yontoo 1.10.02 (Version: 1.10.02)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 1022.07 MB
Available physical RAM: 519.57 MB
Total Pagefile: 2459.9 MB
Available Pagefile: 1757.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.5 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.76 GB) (Free:401.87 GB) NTFS

========================= Users: ========================================

User accounts for \\ADMINISTRATOR

Administrator Guest HelpAssistant
karen KidviewAdministrator pretty
SUPPORT_388945a0 tayona

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

11-06-2012 17:49:20 Software Distribution Service 3.0
12-06-2012 00:37:36 Norton Security Suite Registry
12-06-2012 02:38:08 System Checkpoint
12-06-2012 13:28:00 Software Distribution Service 3.0
13-06-2012 13:46:11 System Checkpoint
14-06-2012 08:39:01 Software Distribution Service 3.0
15-06-2012 01:33:38 Software Distribution Service 3.0
15-06-2012 15:38:53 Software Distribution Service 3.0
16-06-2012 15:56:50 Software Distribution Service 3.0
17-06-2012 11:01:56 Installed Windows Media Format Runtime
17-06-2012 20:57:59 Software Distribution Service 3.0
18-06-2012 21:44:51 System Checkpoint
19-06-2012 00:44:53 Software Distribution Service 3.0
19-06-2012 07:44:36 Software Distribution Service 3.0
20-06-2012 08:33:43 Software Distribution Service 3.0
21-06-2012 12:34:44 System Checkpoint
21-06-2012 23:21:09 Software Distribution Service 3.0
23-06-2012 03:01:09 System Checkpoint
23-06-2012 09:16:29 Software Distribution Service 3.0
23-06-2012 22:06:04 Removed Follow The Dragon

**** End of log ****
TDSS rootkit

20:59:38.0312 0404 Current date / time: 2012/06/23 20:59:38.0312
20:59:38.0312 0404 SystemInfo:
20:59:38.0312 0404
20:59:38.0312 0404 OS Version: 5.1.2600 ServicePack: 3.0
20:59:38.0312 0404 Product type: Workstation
20:59:38.0312 0404 ComputerName: ADMINISTRATOR
20:59:38.0328 0404 UserName: tayona
20:59:38.0328 0404 Windows directory: C:\WINDOWS
20:59:38.0328 0404 System windows directory: C:\WINDOWS
20:59:38.0328 0404 Processor architecture: Intel x86
20:59:38.0328 0404 Number of processors: 1
20:59:38.0328 0404 Page size: 0x1000
20:59:38.0328 0404 Boot type: Normal boot
20:59:38.0328 0404 ============================================================
20:59:41.0953 0404 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:59:42.0312 0404 ============================================================
20:59:42.0312 0404 \Device\Harddisk0\DR0:
20:59:42.0312 0404 MBR partitions:
20:59:42.0312 0404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
20:59:42.0312 0404 ============================================================
20:59:42.0359 0404 C: <-> \Device\Harddisk0\DR0\Partition0
20:59:42.0359 0404 ============================================================
20:59:42.0359 0404 Initialize success
20:59:42.0359 0404 ============================================================
21:00:19.0031 3788 ============================================================
21:00:19.0031 3788 Scan started
21:00:19.0031 3788 Mode: Manual;
21:00:19.0031 3788 ============================================================
21:00:19.0250 3788 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:00:19.0265 3788 !SASCORE - ok
21:00:19.0375 3788 Abiosdsk - ok
21:00:19.0375 3788 abp480n5 - ok
21:00:19.0421 3788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:00:19.0437 3788 ACPI - ok
21:00:19.0468 3788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:00:19.0468 3788 ACPIEC - ok
21:00:19.0593 3788 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:00:19.0671 3788 AdobeFlashPlayerUpdateSvc - ok
21:00:19.0687 3788 adpu160m - ok
21:00:19.0765 3788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:00:19.0796 3788 aec - ok
21:00:19.0921 3788 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:00:19.0968 3788 AFD - ok
21:00:19.0984 3788 Aha154x - ok
21:00:19.0984 3788 aic78u2 - ok
21:00:20.0000 3788 aic78xx - ok
21:00:20.0031 3788 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:00:20.0046 3788 Alerter - ok
21:00:20.0093 3788 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:00:20.0125 3788 ALG - ok
21:00:20.0140 3788 AliIde - ok
21:00:20.0140 3788 amsint - ok
21:00:20.0375 3788 Application Updater (592f7ae254995274e166eec95c28f551) C:\Program Files\Application Updater\ApplicationUpdater.exe
21:00:20.0406 3788 Application Updater - ok
21:00:20.0437 3788 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:00:20.0453 3788 AppMgmt - ok
21:00:20.0453 3788 asc - ok
21:00:20.0468 3788 asc3350p - ok
21:00:20.0484 3788 asc3550 - ok
21:00:20.0546 3788 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:00:20.0578 3788 aspnet_state - ok
21:00:20.0593 3788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:00:20.0609 3788 AsyncMac - ok
21:00:20.0640 3788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:00:20.0640 3788 atapi - ok
21:00:20.0656 3788 Atdisk - ok
21:00:20.0703 3788 atidgllk (e19f6a79782238de07323a53014c9728) C:\dell\drivers\R105090\atidgllk.sys
21:00:20.0718 3788 atidgllk - ok
21:00:20.0734 3788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:00:20.0734 3788 Atmarpc - ok
21:00:20.0781 3788 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:00:20.0796 3788 AudioSrv - ok
21:00:20.0843 3788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:00:20.0859 3788 audstub - ok
21:00:20.0906 3788 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:00:20.0906 3788 b57w2k - ok
21:00:20.0937 3788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:00:20.0937 3788 Beep - ok
21:00:21.0187 3788 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120619.001\BHDrvx86.sys
21:00:21.0203 3788 BHDrvx86 - ok
21:00:21.0250 3788 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:00:21.0281 3788 BITS - ok
21:00:21.0296 3788 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:00:21.0312 3788 Browser - ok
21:00:21.0312 3788 catchme - ok
21:00:21.0343 3788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:00:21.0359 3788 cbidf2k - ok
21:00:21.0390 3788 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:00:21.0406 3788 CCDECODE - ok
21:00:21.0421 3788 cd20xrnt - ok
21:00:21.0437 3788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:00:21.0453 3788 Cdaudio - ok
21:00:21.0500 3788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:00:21.0515 3788 Cdfs - ok
21:00:21.0531 3788 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:00:21.0546 3788 Cdrom - ok
21:00:21.0546 3788 Changer - ok
21:00:21.0625 3788 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:00:21.0625 3788 CiSvc - ok
21:00:21.0687 3788 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:00:21.0718 3788 ClipSrv - ok
21:00:21.0781 3788 clr_optimization_v2.0.50727_32 (7fa87325900183197bc9710d1ce4c9fa) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:00:21.0843 3788 clr_optimization_v2.0.50727_32 - ok
21:00:21.0859 3788 CmdIde - ok
21:00:21.0875 3788 COMSysApp - ok
21:00:21.0890 3788 Cpqarray - ok
21:00:21.0921 3788 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:00:21.0921 3788 CryptSvc - ok
21:00:21.0937 3788 dac2w2k - ok
21:00:21.0953 3788 dac960nt - ok
21:00:22.0000 3788 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:00:22.0046 3788 DcomLaunch - ok
21:00:22.0093 3788 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:00:22.0093 3788 Dhcp - ok
21:00:22.0156 3788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:00:22.0171 3788 Disk - ok
21:00:22.0171 3788 dmadmin - ok
21:00:22.0234 3788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:00:22.0265 3788 dmboot - ok
21:00:22.0281 3788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:00:22.0296 3788 dmio - ok
21:00:22.0312 3788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:00:22.0312 3788 dmload - ok
21:00:22.0328 3788 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:00:22.0343 3788 dmserver - ok
21:00:22.0359 3788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:00:22.0375 3788 DMusic - ok
21:00:22.0406 3788 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:00:22.0421 3788 Dnscache - ok
21:00:22.0453 3788 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:00:22.0468 3788 Dot3svc - ok
21:00:22.0468 3788 dpti2o - ok
21:00:22.0484 3788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:00:22.0484 3788 drmkaud - ok
21:00:22.0515 3788 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:00:22.0515 3788 EapHost - ok
21:00:22.0609 3788 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:00:22.0640 3788 eeCtrl - ok
21:00:22.0671 3788 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:00:22.0687 3788 EraserUtilRebootDrv - ok
21:00:22.0703 3788 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:00:22.0718 3788 ERSvc - ok
21:00:22.0765 3788 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:00:22.0765 3788 Eventlog - ok
21:00:22.0796 3788 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:00:22.0812 3788 EventSystem - ok
21:00:22.0859 3788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:00:22.0859 3788 Fastfat - ok
21:00:22.0906 3788 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:00:22.0921 3788 FastUserSwitchingCompatibility - ok
21:00:22.0953 3788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:00:22.0968 3788 Fdc - ok
21:00:22.0984 3788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:00:23.0000 3788 Fips - ok
21:00:23.0031 3788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:00:23.0046 3788 Flpydisk - ok
21:00:23.0062 3788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:00:23.0078 3788 FltMgr - ok
21:00:23.0156 3788 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:00:23.0171 3788 FontCache3.0.0.0 - ok
21:00:23.0171 3788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:00:23.0171 3788 Fs_Rec - ok
21:00:23.0187 3788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:00:23.0218 3788 Ftdisk - ok
21:00:23.0265 3788 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:00:23.0281 3788 GEARAspiWDM - ok
21:00:23.0296 3788 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
21:00:23.0296 3788 giveio - ok
21:00:23.0312 3788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:00:23.0328 3788 Gpc - ok
21:00:23.0390 3788 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:00:23.0390 3788 gupdate - ok
21:00:23.0406 3788 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:00:23.0406 3788 gupdatem - ok
21:00:23.0421 3788 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:00:23.0437 3788 gusvc - ok
21:00:23.0515 3788 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:00:23.0531 3788 helpsvc - ok
21:00:23.0562 3788 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:00:23.0578 3788 HidServ - ok
21:00:23.0625 3788 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:00:23.0625 3788 hidusb - ok
21:00:23.0781 3788 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:00:23.0781 3788 hkmsvc - ok
21:00:23.0796 3788 hpn - ok
21:00:23.0843 3788 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:00:23.0859 3788 HTTP - ok
21:00:23.0890 3788 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:00:23.0906 3788 HTTPFilter - ok
21:00:23.0921 3788 i2omgmt - ok
21:00:23.0921 3788 i2omp - ok
21:00:23.0953 3788 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
21:00:23.0968 3788 i8042prt - ok
21:00:24.0171 3788 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:00:24.0203 3788 ialm - ok
21:00:24.0312 3788 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:00:24.0343 3788 idsvc - ok
21:00:24.0500 3788 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120622.001\IDSxpx86.sys
21:00:24.0515 3788 IDSxpx86 - ok
21:00:24.0625 3788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:00:24.0625 3788 Imapi - ok
21:00:24.0671 3788 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:00:24.0687 3788 ImapiService - ok
21:00:24.0703 3788 ini910u - ok
21:00:24.0734 3788 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:00:24.0734 3788 IntelIde - ok
21:00:24.0750 3788 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:00:24.0750 3788 intelppm - ok
21:00:24.0796 3788 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:00:24.0796 3788 Ip6Fw - ok
21:00:24.0812 3788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:00:24.0828 3788 IpFilterDriver - ok
21:00:24.0843 3788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:00:24.0859 3788 IpInIp - ok
21:00:24.0906 3788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:00:24.0906 3788 IpNat - ok
21:00:24.0921 3788 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:00:24.0937 3788 IPSec - ok
21:00:24.0968 3788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:00:24.0984 3788 IRENUM - ok
21:00:25.0000 3788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:00:25.0031 3788 isapnp - ok
21:00:25.0125 3788 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
21:00:25.0140 3788 JavaQuickStarterService - ok
21:00:25.0171 3788 JL2005C (03ca5f0eb17c33d79ef90c4cc21e80db) C:\WINDOWS\system32\Drivers\jl2005c.sys
21:00:25.0187 3788 JL2005C - ok
21:00:25.0218 3788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:00:25.0234 3788 Kbdclass - ok
21:00:25.0234 3788 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:00:25.0234 3788 kbdhid - ok
21:00:25.0265 3788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:00:25.0281 3788 kmixer - ok
21:00:25.0312 3788 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:00:25.0343 3788 KSecDD - ok
21:00:25.0390 3788 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:00:25.0406 3788 LanmanServer - ok
21:00:25.0453 3788 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:00:25.0453 3788 lanmanworkstation - ok
21:00:25.0468 3788 lbrtfdc - ok
21:00:25.0531 3788 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:00:25.0531 3788 LmHosts - ok
21:00:25.0562 3788 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:00:25.0578 3788 Messenger - ok
21:00:25.0593 3788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:00:25.0593 3788 mnmdd - ok
21:00:25.0609 3788 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:00:25.0625 3788 mnmsrvc - ok
21:00:25.0656 3788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:00:25.0656 3788 Modem - ok
21:00:25.0671 3788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:00:25.0687 3788 Mouclass - ok
21:00:25.0718 3788 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:00:25.0734 3788 mouhid - ok
21:00:25.0750 3788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:00:25.0750 3788 MountMgr - ok
21:00:25.0843 3788 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:00:25.0921 3788 MozillaMaintenance - ok
21:00:25.0953 3788 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:00:25.0968 3788 MpFilter - ok
21:00:26.0156 3788 MpKsle364148e - ok
21:00:26.0171 3788 mraid35x - ok
21:00:26.0203 3788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:00:26.0234 3788 MRxDAV - ok
21:00:26.0296 3788 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:00:26.0328 3788 MRxSmb - ok
21:00:26.0375 3788 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:00:26.0375 3788 MSDTC - ok
21:00:26.0390 3788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:00:26.0406 3788 Msfs - ok
21:00:26.0421 3788 MSIServer - ok
21:00:26.0437 3788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:00:26.0453 3788 MSKSSRV - ok
21:00:26.0500 3788 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:00:26.0515 3788 MsMpSvc - ok
21:00:26.0531 3788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:00:26.0531 3788 MSPCLOCK - ok
21:00:26.0593 3788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:00:26.0593 3788 MSPQM - ok
21:00:26.0609 3788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:00:26.0640 3788 mssmbios - ok
21:00:26.0671 3788 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:00:26.0671 3788 MSTEE - ok
21:00:26.0703 3788 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:00:26.0718 3788 Mup - ok
21:00:26.0812 3788 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
21:00:26.0812 3788 N360 - ok
21:00:26.0859 3788 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:00:26.0859 3788 NABTSFEC - ok
21:00:26.0906 3788 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:00:26.0937 3788 napagent - ok
21:00:27.0171 3788 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120622.033\NAVENG.SYS
21:00:27.0171 3788 NAVENG - ok
21:00:27.0265 3788 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120622.033\NAVEX15.SYS
21:00:27.0312 3788 NAVEX15 - ok
21:00:27.0421 3788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:00:27.0421 3788 NDIS - ok
21:00:27.0468 3788 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:00:27.0468 3788 NdisIP - ok
21:00:27.0500 3788 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:00:27.0515 3788 NdisTapi - ok
21:00:27.0562 3788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:00:27.0578 3788 Ndisuio - ok
21:00:27.0593 3788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:00:27.0609 3788 NdisWan - ok
21:00:27.0656 3788 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:00:27.0671 3788 NDProxy - ok
21:00:27.0687 3788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:00:27.0687 3788 NetBIOS - ok
21:00:27.0718 3788 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:00:27.0718 3788 NetBT - ok
21:00:27.0765 3788 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:00:27.0781 3788 NetDDE - ok
21:00:27.0812 3788 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:00:27.0812 3788 NetDDEdsdm - ok
21:00:27.0859 3788 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:00:27.0875 3788 Netlogon - ok
21:00:27.0906 3788 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:00:27.0921 3788 Netman - ok
21:00:28.0000 3788 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:00:28.0015 3788 NetTcpPortSharing - ok
21:00:28.0062 3788 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:00:28.0078 3788 Nla - ok
21:00:28.0109 3788 npf (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
21:00:28.0125 3788 npf - ok
21:00:28.0140 3788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:00:28.0171 3788 Npfs - ok
21:00:28.0218 3788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:00:28.0250 3788 Ntfs - ok
21:00:28.0265 3788 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:00:28.0265 3788 NtLmSsp - ok
21:00:28.0312 3788 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:00:28.0328 3788 NtmsSvc - ok
21:00:28.0359 3788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:00:28.0359 3788 Null - ok
21:00:28.0750 3788 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:00:28.0968 3788 nv - ok
21:00:29.0156 3788 nvsvc (a8c1e6ff53fb0628a302843ea5fa5ab6) C:\WINDOWS\system32\nvsvc32.exe
21:00:29.0187 3788 nvsvc - ok
21:00:29.0234 3788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:00:29.0234 3788 NwlnkFlt - ok
21:00:29.0265 3788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:00:29.0265 3788 NwlnkFwd - ok
21:00:29.0312 3788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:00:29.0312 3788 Parport - ok
21:00:29.0328 3788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:00:29.0343 3788 PartMgr - ok
21:00:29.0375 3788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:00:29.0375 3788 ParVdm - ok
21:00:29.0390 3788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:00:29.0406 3788 PCI - ok
21:00:29.0421 3788 PCIDump - ok
21:00:29.0421 3788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:00:29.0421 3788 PCIIde - ok
21:00:29.0453 3788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:00:29.0468 3788 Pcmcia - ok
21:00:29.0468 3788 PDCOMP - ok
21:00:29.0484 3788 PDFRAME - ok
21:00:29.0500 3788 PDRELI - ok
21:00:29.0500 3788 PDRFRAME - ok
21:00:29.0515 3788 perc2 - ok
21:00:29.0531 3788 perc2hib - ok
21:00:29.0578 3788 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:00:29.0593 3788 PlugPlay - ok
21:00:29.0609 3788 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:00:29.0609 3788 PolicyAgent - ok
21:00:29.0640 3788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:00:29.0656 3788 PptpMiniport - ok
21:00:29.0671 3788 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:00:29.0671 3788 ProtectedStorage - ok
21:00:29.0687 3788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:00:29.0703 3788 PSched - ok
21:00:29.0703 3788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:00:29.0718 3788 Ptilink - ok
21:00:29.0750 3788 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:00:29.0765 3788 PxHelp20 - ok
21:00:29.0781 3788 ql1080 - ok
21:00:29.0781 3788 Ql10wnt - ok
21:00:29.0796 3788 ql12160 - ok
21:00:29.0812 3788 ql1240 - ok
21:00:29.0812 3788 ql1280 - ok
21:00:29.0828 3788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:00:29.0828 3788 RasAcd - ok
21:00:29.0859 3788 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:00:29.0875 3788 RasAuto - ok
21:00:29.0890 3788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:00:29.0906 3788 Rasl2tp - ok
21:00:29.0937 3788 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:00:29.0953 3788 RasMan - ok
21:00:29.0968 3788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:00:29.0984 3788 RasPppoe - ok
21:00:30.0000 3788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:00:30.0078 3788 Raspti - ok
21:00:30.0093 3788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:00:30.0093 3788 Rdbss - ok
21:00:30.0109 3788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:00:30.0109 3788 RDPCDD - ok
21:00:30.0156 3788 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:00:30.0171 3788 rdpdr - ok
21:00:30.0218 3788 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:00:30.0234 3788 RDPWD - ok
21:00:30.0250 3788 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:00:30.0281 3788 RDSessMgr - ok
21:00:30.0296 3788 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:00:30.0312 3788 redbook - ok
21:00:30.0343 3788 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:00:30.0359 3788 RemoteAccess - ok
21:00:30.0390 3788 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:00:30.0406 3788 RemoteRegistry - ok
21:00:30.0437 3788 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:00:30.0453 3788 RpcLocator - ok
21:00:30.0515 3788 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:00:30.0515 3788 RpcSs - ok
21:00:30.0546 3788 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:00:30.0546 3788 RSVP - ok
21:00:30.0578 3788 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:00:30.0578 3788 SamSs - ok
21:00:30.0718 3788 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:00:30.0734 3788 SASDIFSV - ok
21:00:30.0750 3788 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:00:30.0750 3788 SASKUTIL - ok
21:00:30.0796 3788 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:00:30.0812 3788 SCardSvr - ok
21:00:30.0843 3788 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:00:30.0859 3788 Schedule - ok
21:00:30.0890 3788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:00:30.0890 3788 Secdrv - ok
21:00:30.0906 3788 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:00:30.0921 3788 seclogon - ok
21:00:31.0000 3788 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
21:00:31.0093 3788 senfilt - ok
21:00:31.0140 3788 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:00:31.0140 3788 SENS - ok
21:00:31.0156 3788 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:00:31.0156 3788 serenum - ok
21:00:31.0171 3788 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:00:31.0187 3788 Serial - ok
21:00:31.0218 3788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:00:31.0218 3788 Sfloppy - ok
21:00:31.0281 3788 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:00:31.0296 3788 SharedAccess - ok
21:00:31.0343 3788 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:00:31.0359 3788 ShellHWDetection - ok
21:00:31.0359 3788 Simbad - ok
21:00:31.0406 3788 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:00:31.0421 3788 SLIP - ok
21:00:31.0453 3788 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
21:00:31.0468 3788 SmartDefragDriver - ok
21:00:31.0500 3788 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
21:00:31.0500 3788 smwdm - ok
21:00:31.0515 3788 Sparrow - ok
21:00:31.0546 3788 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
21:00:31.0546 3788 speedfan - ok
21:00:31.0593 3788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:00:31.0593 3788 splitter - ok
21:00:31.0640 3788 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:00:31.0671 3788 Spooler - ok
21:00:31.0687 3788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:00:31.0703 3788 sr - ok
21:00:31.0750 3788 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:00:31.0765 3788 srservice - ok
21:00:31.0953 3788 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502010.003\SRTSP.SYS
21:00:31.0984 3788 SRTSP - ok
21:00:32.0031 3788 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502010.003\SRTSPX.SYS
21:00:32.0046 3788 SRTSPX - ok
21:00:32.0078 3788 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:00:32.0109 3788 Srv - ok
21:00:32.0140 3788 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:00:32.0140 3788 SSDPSRV - ok
21:00:32.0171 3788 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:00:32.0187 3788 stisvc - ok
21:00:32.0218 3788 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:00:32.0234 3788 streamip - ok
21:00:32.0250 3788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:00:32.0265 3788 swenum - ok
21:00:32.0312 3788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:00:32.0328 3788 swmidi - ok
21:00:32.0328 3788 SwPrv - ok
21:00:32.0343 3788 symc810 - ok
21:00:32.0359 3788 symc8xx - ok
21:00:32.0390 3788 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMDS.SYS
21:00:32.0421 3788 SymDS - ok
21:00:32.0468 3788 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMEFA.SYS
21:00:32.0484 3788 SymEFA - ok
21:00:32.0515 3788 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:00:32.0531 3788 SymEvent - ok
21:00:32.0562 3788 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502010.003\Ironx86.SYS
21:00:32.0562 3788 SymIRON - ok
21:00:32.0593 3788 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502010.003\SYMTDI.SYS
21:00:32.0609 3788 SYMTDI - ok
21:00:32.0625 3788 sym_hi - ok
21:00:32.0625 3788 sym_u3 - ok
21:00:32.0671 3788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:00:32.0687 3788 sysaudio - ok
21:00:32.0718 3788 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:00:32.0734 3788 SysmonLog - ok
21:00:32.0781 3788 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:00:32.0796 3788 TapiSrv - ok
21:00:32.0843 3788 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:00:32.0875 3788 Tcpip - ok
21:00:32.0906 3788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:00:32.0921 3788 TDPIPE - ok
21:00:32.0937 3788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:00:32.0953 3788 TDTCP - ok
21:00:32.0984 3788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:00:33.0000 3788 TermDD - ok
21:00:33.0093 3788 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:00:33.0109 3788 TermService - ok
21:00:33.0125 3788 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:00:33.0125 3788 Themes - ok
21:00:33.0156 3788 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:00:33.0171 3788 TlntSvr - ok
21:00:33.0187 3788 TosIde - ok
21:00:33.0218 3788 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:00:33.0234 3788 TrkWks - ok
21:00:33.0265 3788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:00:33.0359 3788 Udfs - ok
21:00:33.0375 3788 ultra - ok
21:00:33.0406 3788 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
21:00:33.0406 3788 UMWdf - ok
21:00:33.0437 3788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:00:33.0468 3788 Update - ok
21:00:33.0515 3788 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:00:33.0531 3788 upnphost - ok
21:00:33.0546 3788 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:00:33.0562 3788 UPS - ok
21:00:33.0593 3788 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:00:33.0609 3788 usbaudio - ok
21:00:33.0625 3788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:00:33.0640 3788 usbccgp - ok
21:00:33.0687 3788 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
21:00:33.0703 3788 USBCCID - ok
21:00:33.0734 3788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:00:33.0734 3788 usbehci - ok
21:00:33.0750 3788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:00:33.0765 3788 usbhub - ok
21:00:33.0796 3788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:00:33.0796 3788 USBSTOR - ok
21:00:33.0828 3788 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:00:33.0843 3788 usbuhci - ok
21:00:33.0843 3788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:00:33.0859 3788 VgaSave - ok
21:00:33.0859 3788 ViaIde - ok
21:00:33.0890 3788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:00:33.0890 3788 VolSnap - ok
21:00:34.0296 3788 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:00:34.0343 3788 VSS - ok
21:00:34.0359 3788 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:00:34.0375 3788 W32Time - ok
21:00:34.0421 3788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:00:34.0437 3788 Wanarp - ok
21:00:34.0453 3788 WDICA - ok
21:00:34.0468 3788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:00:34.0484 3788 wdmaud - ok
21:00:34.0500 3788 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:00:34.0515 3788 WebClient - ok
21:00:34.0578 3788 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:00:34.0578 3788 winmgmt - ok
21:00:34.0640 3788 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
21:00:34.0703 3788 WmdmPmSN - ok
21:00:34.0765 3788 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:00:34.0781 3788 Wmi - ok
21:00:34.0843 3788 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:00:34.0875 3788 WmiApSrv - ok
21:00:34.0968 3788 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:00:34.0984 3788 wscsvc - ok
21:00:35.0015 3788 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:00:35.0078 3788 WSTCODEC - ok
21:00:35.0093 3788 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:00:35.0109 3788 wuauserv - ok
21:00:35.0156 3788 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:00:35.0187 3788 WZCSVC - ok
21:00:35.0218 3788 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:00:35.0234 3788 xmlprov - ok
21:00:35.0265 3788 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:00:35.0734 3788 \Device\Harddisk0\DR0 - ok
21:00:35.0765 3788 Boot (0x1200) (4e4327c757a9fcbd47f16d5088c0c50d) \Device\Harddisk0\DR0\Partition0
21:00:35.0765 3788 \Device\Harddisk0\DR0\Partition0 - ok
21:00:35.0765 3788 ============================================================
21:00:35.0765 3788 Scan finished
21:00:35.0765 3788 ============================================================
21:00:35.0781 1016 Detected object count: 0
21:00:35.0781 1016 Actual detected object count: 0
21:51:57.0171 3056 Deinitialize success
arbar Service Scanner Version: 23-06-2012
Ran by tayona (administrator) on 23-06-2012 at 22:04:17
Running from "C:\Documents and Settings\tayona\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

i should have mentioned that although im a senior i am self taught on my pc. i sincerely hope that ive done everything correctly and again tyvm!

The difference is too nice - Where ends the virtue or begins the vice.


#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:33 AM

Posted 24 June 2012 - 07:29 AM

Hi

Please do the following:

Step 1


I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.

2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to Control Panel > "Add/Remove Programs" (Windows XP) / or "Programs and Features" (Windows Vista / 7), and remove either Norton or Microsoft Security Essentials.


Step 2

Restart the computer


Step 3


=========================== Installed Programs ============================

184635 (Version: 1.0.0)

Do you know what this program is?

Step 4

How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 kaygie

kaygie
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:baltimore, maryland
  • Local time:08:33 PM

Posted 24 June 2012 - 06:47 PM

i have uninstalled Microsoft Security Essentials. I did not know about the conflict. i do not know what that program is...ive tried to find out since it is in my add and remove programs list. its the first one there. it is 0.72 mb and says used rarely. my pc seems alright atm. i freaked when ppl kept talking about emails i had sent and i knew that i had not. tyvm for helping me. tyvm for being so prompt. you did not come across anything that
seemed infected? i truly appreciate your help! have a wonderful evening.

The difference is too nice - Where ends the virtue or begins the vice.


#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:33 AM

Posted 26 June 2012 - 05:16 AM

Hi

We'll remove the unknown program first, and then run another 2 scans:

Step 1

Uninstall Programs
  • Click the Start button (windows XP) or "windows Orb" button (Windows Vista / 7).
  • Type "control" in the search box and press enter
  • Double click "Programs and Features" (Vista / Win7) or "Add / Remove Programs" (Win XP)
  • Please uninstall the following programs:


    184635
  • After the programs have been uninstalled, make sure you restart the computer.


Step 2

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam-download.php to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes'
    Anti-Malware
    and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

If requested by MBAM, restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Users\<Username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


Step 3

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step 4

How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:33 AM

Posted 01 July 2012 - 07:53 AM

Hi

Are you still with me?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users