Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My sister's computer is infected


  • Please log in to reply
22 replies to this topic

#1 mike88888

mike88888

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 14 July 2012 - 12:07 AM

To anyone that can help, I would first like to thank you for taking the time to take a look at my post.

Here is the log from the first scan:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Running as [administrator]

Protection: Enabled

7/12/2012 11:08:07 PM
mbam-log-2012-07-12 (23-08-07).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 315901
Time elapsed: 1 hour(s), 4 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\WINDOWS\system32\UACeppqlmlkawysjoyuo.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hongster\list.txt (Malware.Trace) -> Quarantined and deleted successfully.

Here is the log for the second scan:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Running as [administrator]

Protection: Enabled

7/12/2012 11:08:07 PM
mbam-log-2012-07-13 (14-20-28).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 315901
Time elapsed: 1 hour(s), 4 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKLM\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKLM\SOFTWARE\UAC (Malware.Trace) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Hongster\Local Settings\Temp\2qXMv14k.exe.part (Adware.EasyDownloads) -> No action taken.
C:\WINDOWS\system32\UACeppqlmlkawysjoyuo.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> No action taken.
C:\Documents and Settings\Hongster\list.txt (Malware.Trace) -> No action taken.

Here is the log after the third scan:
Note: I had to do a system restart after the third scan.


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Running as [administrator]

Protection: Enabled

7/13/2012 2:24:43 PM
mbam-log-2012-07-13 (14-24-43).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 314816
Time elapsed: 1 hour(s), 4 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Hongster\Local Settings\Temp\2qXMv14k.exe.part (Adware.EasyDownloads) -> Quarantined and deleted successfully.

Here is the log after the fourth scan:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Running as [administrator]

Protection: Enabled

7/13/2012 7:01:15 PM
mbam-log-2012-07-13 (21-09-04).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 314859
Time elapsed: 1 hour(s), 3 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

I did place the "HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
" in the ignore section because I read that it was Microsoft Security Center which I purposely disabled so they can use there own AV.

Any help is appreciated! I really want to help my sister get her PC cleaned, because I really don't know if her system is clean. Thank you to everyone!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:13 AM

Posted 14 July 2012 - 04:47 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 mike88888

mike88888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 15 July 2012 - 12:01 AM

Thank you narenxp for your help this is greatly appreciated

Here is the log for TDSSkiller:

18:40:55.0062 0692 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
18:40:57.0062 0692 ============================================================
18:40:57.0062 0692 Current date / time: 2012/07/14 18:40:57.0062
18:40:57.0062 0692 SystemInfo:
18:40:57.0062 0692
18:40:57.0062 0692 OS Version: 5.1.2600 ServicePack: 3.0
18:40:57.0062 0692 Product type: Workstation
18:40:57.0062 0692 ComputerName: HT-COMPUTER
18:40:57.0062 0692 UserName: Hongster
18:40:57.0062 0692 Windows directory: C:\WINDOWS
18:40:57.0062 0692 System windows directory: C:\WINDOWS
18:40:57.0062 0692 Processor architecture: Intel x86
18:40:57.0062 0692 Number of processors: 2
18:40:57.0062 0692 Page size: 0x1000
18:40:57.0062 0692 Boot type: Normal boot
18:40:57.0062 0692 ============================================================
18:41:07.0500 0692 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags

0x00000050
18:41:07.0500 0692 ============================================================
18:41:07.0500 0692 \Device\Harddisk0\DR0:
18:41:07.0500 0692 MBR partitions:
18:41:07.0500 0692 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x115C0152
18:41:07.0500 0692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x115C0191, BlocksNum 0x1458930
18:41:07.0500 0692 ============================================================
18:41:07.0562 0692 C: <-> \Device\Harddisk0\DR0\Partition0
18:41:07.0625 0692 D: <-> \Device\Harddisk0\DR0\Partition1
18:41:07.0656 0692 ============================================================
18:41:07.0656 0692 Initialize success
18:41:07.0656 0692 ============================================================
18:41:40.0031 1080 ============================================================
18:41:40.0031 1080 Scan started
18:41:40.0031 1080 Mode: Manual; TDLFS;
18:41:40.0031 1080 ============================================================
18:41:40.0203 1080 Abiosdsk - ok
18:41:40.0203 1080 abp480n5 - ok
18:41:40.0296 1080 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:41:40.0312 1080 ACPI - ok
18:41:40.0343 1080 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:41:40.0359 1080 ACPIEC - ok
18:41:40.0453 1080 AcrSch2Svc (4a00e527bb34fca0e458db1089f97b3b) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
18:41:40.0468 1080 AcrSch2Svc - ok
18:41:40.0531 1080 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:41:40.0546 1080 Adobe LM Service - ok
18:41:40.0546 1080 adpu160m - ok
18:41:40.0593 1080 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:41:40.0609 1080 aec - ok
18:41:40.0656 1080 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
18:41:40.0671 1080 AFD - ok
18:41:40.0671 1080 Aha154x - ok
18:41:40.0671 1080 aic78u2 - ok
18:41:40.0687 1080 aic78xx - ok
18:41:40.0734 1080 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:41:40.0734 1080 Alerter - ok
18:41:40.0781 1080 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:41:40.0781 1080 ALG - ok
18:41:40.0796 1080 AliIde - ok
18:41:40.0796 1080 amsint - ok
18:41:40.0843 1080 AnyDVD (95cdd12426d96c73ebebe6f36fa350a2) C:\WINDOWS\system32\Drivers\AnyDVD.sys
18:41:40.0843 1080 AnyDVD - ok
18:41:40.0937 1080 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:41:40.0968 1080 Apple Mobile Device - ok
18:41:41.0015 1080 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:41:41.0031 1080 AppMgmt - ok
18:41:41.0031 1080 asc - ok
18:41:41.0031 1080 asc3350p - ok
18:41:41.0046 1080 asc3550 - ok
18:41:41.0140 1080 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:41:41.0156 1080 aspnet_state - ok
18:41:41.0187 1080 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:41:41.0203 1080 AsyncMac - ok
18:41:41.0250 1080 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:41:41.0265 1080 atapi - ok
18:41:41.0265 1080 Atdisk - ok
18:41:41.0281 1080 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:41:41.0296 1080 Atmarpc - ok
18:41:41.0312 1080 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:41:41.0312 1080 AudioSrv - ok
18:41:41.0359 1080 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:41:41.0359 1080 audstub - ok
18:41:41.0406 1080 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:41:41.0421 1080 Beep - ok
18:41:41.0468 1080 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:41:41.0484 1080 BITS - ok
18:41:41.0593 1080 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:41:41.0625 1080 Bonjour Service - ok
18:41:41.0671 1080 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:41:41.0687 1080 Browser - ok
18:41:41.0718 1080 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:41:41.0718 1080 cbidf2k - ok
18:41:41.0828 1080 ccEvtMgr (73a35ad810cb750367cc01564a44b0e7) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
18:41:41.0843 1080 ccEvtMgr - ok
18:41:41.0859 1080 ccSetMgr (5e32d63b71495a8eda09f05bd153a537) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
18:41:41.0859 1080 ccSetMgr - ok
18:41:41.0859 1080 cd20xrnt - ok
18:41:41.0875 1080 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:41:41.0875 1080 Cdaudio - ok
18:41:41.0890 1080 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:41:41.0906 1080 Cdfs - ok
18:41:41.0953 1080 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:41:41.0968 1080 Cdrom - ok
18:41:41.0968 1080 Changer - ok
18:41:42.0015 1080 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:41:42.0015 1080 CiSvc - ok
18:41:42.0046 1080 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:41:42.0046 1080 ClipSrv - ok
18:41:42.0140 1080 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:41:42.0250 1080 clr_optimization_v2.0.50727_32 - ok
18:41:42.0250 1080 CmdIde - ok
18:41:42.0250 1080 COMSysApp - ok
18:41:42.0265 1080 Cpqarray - ok
18:41:42.0296 1080 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:41:42.0312 1080 CryptSvc - ok
18:41:42.0312 1080 dac2w2k - ok
18:41:42.0312 1080 dac960nt - ok
18:41:42.0375 1080 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
18:41:42.0390 1080 DcomLaunch - ok
18:41:42.0437 1080 DefWatch (7f7efcc3ef73160147b27a8270b4cb9e) C:\Program Files\Symantec AntiVirus\DefWatch.exe
18:41:42.0453 1080 DefWatch - ok
18:41:42.0468 1080 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:41:42.0468 1080 Dhcp - ok
18:41:42.0484 1080 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:41:42.0500 1080 Disk - ok
18:41:42.0500 1080 dmadmin - ok
18:41:42.0562 1080 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:41:42.0578 1080 dmboot - ok
18:41:42.0593 1080 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:41:42.0609 1080 dmio - ok
18:41:42.0609 1080 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:41:42.0625 1080 dmload - ok
18:41:42.0640 1080 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:41:42.0656 1080 dmserver - ok
18:41:42.0703 1080 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:41:42.0718 1080 DMusic - ok
18:41:42.0781 1080 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
18:41:42.0796 1080 Dnscache - ok
18:41:42.0828 1080 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:41:42.0859 1080 Dot3svc - ok
18:41:42.0859 1080 dpti2o - ok
18:41:42.0906 1080 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:41:42.0921 1080 drmkaud - ok
18:41:42.0968 1080 Dvd43 (c0d66a5701d197c6f57ea15d85ee9f72) C:\WINDOWS\system32\DRIVERS\Dvd43.sys
18:41:42.0968 1080 Dvd43 - ok
18:41:43.0015 1080 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:41:43.0015 1080 EapHost - ok
18:41:43.0125 1080 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:41:43.0156 1080 eeCtrl - ok
18:41:43.0171 1080 ElbyCDIO (945ef111161bae49075107e5bc11a23f) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
18:41:43.0187 1080 ElbyCDIO - ok
18:41:43.0234 1080 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:41:43.0250 1080 EraserUtilRebootDrv - ok
18:41:43.0281 1080 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:41:43.0296 1080 ERSvc - ok
18:41:43.0328 1080 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
18:41:43.0343 1080 Eventlog - ok
18:41:43.0406 1080 EventSystem (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll
18:41:43.0421 1080 EventSystem - ok
18:41:43.0453 1080 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:41:43.0484 1080 Fastfat - ok
18:41:43.0500 1080 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
18:41:43.0531 1080 FastUserSwitchingCompatibility - ok
18:41:43.0578 1080 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:41:43.0578 1080 Fdc - ok
18:41:43.0625 1080 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:41:43.0640 1080 Fips - ok
18:41:43.0640 1080 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:41:43.0640 1080 Flpydisk - ok
18:41:43.0687 1080 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:41:43.0703 1080 FltMgr - ok
18:41:43.0734 1080 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:41:43.0734 1080 Fs_Rec - ok
18:41:43.0734 1080 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:41:43.0750 1080 Ftdisk - ok
18:41:43.0796 1080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:41:43.0812 1080 GEARAspiWDM - ok
18:41:43.0812 1080 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:41:43.0828 1080 Gpc - ok
18:41:43.0859 1080 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:41:43.0875 1080 HDAudBus - ok
18:41:43.0953 1080 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:41:43.0968 1080 helpsvc - ok
18:41:43.0968 1080 HidServ - ok
18:41:43.0984 1080 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:41:44.0000 1080 HidUsb - ok
18:41:44.0031 1080 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:41:44.0046 1080 hkmsvc - ok
18:41:44.0046 1080 hpn - ok
18:41:44.0078 1080 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
18:41:44.0093 1080 HTTP - ok
18:41:44.0140 1080 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:41:44.0156 1080 HTTPFilter - ok
18:41:44.0156 1080 i2omgmt - ok
18:41:44.0156 1080 i2omp - ok
18:41:44.0203 1080 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:41:44.0218 1080 i8042prt - ok
18:41:44.0218 1080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:41:44.0234 1080 Imapi - ok
18:41:44.0281 1080 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:41:44.0312 1080 ImapiService - ok
18:41:44.0312 1080 ini910u - ok
18:41:44.0468 1080 IntcAzAudAddService (41bb402c2ade27b32439bb765864ab3b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:41:44.0609 1080 IntcAzAudAddService - ok
18:41:44.0656 1080 IntelIde - ok
18:41:44.0703 1080 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:41:44.0718 1080 Ip6Fw - ok
18:41:44.0734 1080 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:41:44.0750 1080 IpFilterDriver - ok
18:41:44.0750 1080 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:41:44.0765 1080 IpInIp - ok
18:41:44.0781 1080 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:41:44.0796 1080 IpNat - ok
18:41:44.0875 1080 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
18:41:44.0921 1080 iPod Service - ok
18:41:44.0968 1080 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:41:44.0984 1080 IPSec - ok
18:41:44.0984 1080 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:41:45.0000 1080 IRENUM - ok
18:41:45.0015 1080 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:41:45.0015 1080 isapnp - ok
18:41:45.0156 1080 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
18:41:45.0171 1080 JavaQuickStarterService - ok
18:41:45.0218 1080 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:41:45.0234 1080 Kbdclass - ok
18:41:45.0281 1080 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:41:45.0281 1080 kbdhid - ok
18:41:45.0328 1080 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:41:45.0343 1080 kmixer - ok
18:41:45.0390 1080 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
18:41:45.0406 1080 KSecDD - ok
18:41:45.0453 1080 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
18:41:45.0468 1080 LanmanServer - ok
18:41:45.0468 1080 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
18:41:45.0484 1080 lanmanworkstation - ok
18:41:45.0484 1080 lbrtfdc - ok
18:41:45.0656 1080 LiveUpdate (7c63055bfb959199eeef366bbbe56456) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
18:41:45.0703 1080 LiveUpdate - ok
18:41:45.0796 1080 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:41:45.0812 1080 LmHosts - ok
18:41:45.0859 1080 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
18:41:45.0859 1080 MBAMProtector - ok
18:41:45.0968 1080 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:41:46.0031 1080 MBAMService - ok
18:41:46.0140 1080 MDM (b9fe64f554af6b87d4186262e9a1c5ef) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
18:41:46.0156 1080 MDM - ok
18:41:46.0187 1080 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:41:46.0187 1080 Messenger - ok
18:41:46.0218 1080 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:41:46.0234 1080 mnmdd - ok
18:41:46.0265 1080 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:41:46.0281 1080 mnmsrvc - ok
18:41:46.0312 1080 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:41:46.0328 1080 Modem - ok
18:41:46.0375 1080 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:41:46.0375 1080 Mouclass - ok
18:41:46.0390 1080 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:41:46.0390 1080 MountMgr - ok
18:41:46.0390 1080 mraid35x - ok
18:41:46.0406 1080 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:41:46.0421 1080 MRxDAV - ok
18:41:46.0437 1080 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:41:46.0453 1080 MRxSmb - ok
18:41:46.0500 1080 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:41:46.0531 1080 MSDTC - ok
18:41:46.0531 1080 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:41:46.0531 1080 Msfs - ok
18:41:46.0546 1080 MSIServer - ok
18:41:46.0578 1080 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:41:46.0593 1080 MSKSSRV - ok
18:41:46.0609 1080 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:41:46.0625 1080 MSPCLOCK - ok
18:41:46.0625 1080 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:41:46.0640 1080 MSPQM - ok
18:41:46.0671 1080 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:41:46.0687 1080 mssmbios - ok
18:41:46.0687 1080 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
18:41:46.0703 1080 Mup - ok
18:41:46.0750 1080 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:41:46.0765 1080 napagent - ok
18:41:46.0937 1080 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120714.017\naveng.sys
18:41:46.0953 1080 NAVENG - ok
18:41:47.0000 1080 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120714.017\navex15.sys
18:41:47.0000 1080 NAVEX15 - ok
18:41:47.0109 1080 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:41:47.0125 1080 NDIS - ok
18:41:47.0140 1080 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:41:47.0140 1080 NdisTapi - ok
18:41:47.0187 1080 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:41:47.0203 1080 Ndisuio - ok
18:41:47.0203 1080 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:41:47.0234 1080 NdisWan - ok
18:41:47.0234 1080 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
18:41:47.0250 1080 NDProxy - ok
18:41:47.0406 1080 Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
18:41:47.0437 1080 Nero BackItUp Scheduler 3 - ok
18:41:47.0484 1080 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:41:47.0500 1080 NetBIOS - ok
18:41:47.0515 1080 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:41:47.0531 1080 NetBT - ok
18:41:47.0578 1080 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:41:47.0593 1080 NetDDE - ok
18:41:47.0593 1080 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:41:47.0593 1080 NetDDEdsdm - ok
18:41:47.0625 1080 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:41:47.0640 1080 Netlogon - ok
18:41:47.0687 1080 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:41:47.0703 1080 Netman - ok
18:41:47.0734 1080 Nla (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
18:41:47.0734 1080 Nla - ok
18:41:47.0921 1080 NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
18:41:47.0968 1080 NMIndexingService - ok
18:41:48.0000 1080 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:41:48.0000 1080 Npfs - ok
18:41:48.0140 1080 nSvcIp (adc2d25754f8ca371aff9644b8eaa681) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
18:41:48.0156 1080 nSvcIp - ok
18:41:48.0218 1080 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:41:48.0234 1080 Ntfs - ok
18:41:48.0281 1080 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:41:48.0281 1080 NtLmSsp - ok
18:41:48.0312 1080 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:41:48.0328 1080 NtmsSvc - ok
18:41:48.0359 1080 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:41:48.0359 1080 Null - ok
18:41:48.0546 1080 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:41:48.0687 1080 nv - ok
18:41:48.0781 1080 nvata (947c4a0e7b25bcecc3b40f0f1070378b) C:\WINDOWS\system32\DRIVERS\nvata.sys
18:41:48.0781 1080 nvata - ok
18:41:48.0781 1080 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:41:48.0796 1080 NVENETFD - ok
18:41:48.0812 1080 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:41:48.0812 1080 nvnetbus - ok
18:41:48.0875 1080 NVSvc (0c41c4acfe00d826db479c40c1d9edc8) C:\WINDOWS\system32\nvsvc32.exe
18:41:48.0890 1080 NVSvc - ok
18:41:48.0937 1080 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:41:48.0953 1080 NwlnkFlt - ok
18:41:48.0953 1080 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:41:48.0968 1080 NwlnkFwd - ok
18:41:48.0984 1080 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:41:48.0984 1080 Parport - ok
18:41:49.0000 1080 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:41:49.0000 1080 PartMgr - ok
18:41:49.0046 1080 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:41:49.0046 1080 ParVdm - ok
18:41:49.0093 1080 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:41:49.0109 1080 PCI - ok
18:41:49.0109 1080 PCIDump - ok
18:41:49.0140 1080 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:41:49.0140 1080 PCIIde - ok
18:41:49.0171 1080 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:41:49.0187 1080 Pcmcia - ok
18:41:49.0234 1080 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
18:41:49.0250 1080 pcouffin - ok
18:41:49.0250 1080 PDCOMP - ok
18:41:49.0250 1080 PDFRAME - ok
18:41:49.0265 1080 PDRELI - ok
18:41:49.0265 1080 PDRFRAME - ok
18:41:49.0265 1080 perc2 - ok
18:41:49.0281 1080 perc2hib - ok
18:41:49.0328 1080 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
18:41:49.0390 1080 PLFlash DeviceIoControl Service - ok
18:41:49.0406 1080 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
18:41:49.0406 1080 PlugPlay - ok
18:41:49.0421 1080 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:41:49.0421 1080 PolicyAgent - ok
18:41:49.0437 1080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:41:49.0453 1080 PptpMiniport - ok
18:41:49.0500 1080 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:41:49.0515 1080 Processor - ok
18:41:49.0515 1080 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:41:49.0515 1080 ProtectedStorage - ok
18:41:49.0515 1080 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:41:49.0531 1080 PSched - ok
18:41:49.0531 1080 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:41:49.0546 1080 Ptilink - ok
18:41:49.0578 1080 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:41:49.0593 1080 PxHelp20 - ok
18:41:49.0593 1080 ql1080 - ok
18:41:49.0593 1080 Ql10wnt - ok
18:41:49.0593 1080 ql12160 - ok
18:41:49.0609 1080 ql1240 - ok
18:41:49.0609 1080 ql1280 - ok
18:41:49.0656 1080 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:41:49.0656 1080 RasAcd - ok
18:41:49.0703 1080 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:41:49.0718 1080 RasAuto - ok
18:41:49.0750 1080 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:41:49.0765 1080 Rasl2tp - ok
18:41:49.0796 1080 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:41:49.0812 1080 RasMan - ok
18:41:49.0843 1080 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:41:49.0859 1080 RasPppoe - ok
18:41:49.0859 1080 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:41:49.0875 1080 Raspti - ok
18:41:49.0890 1080 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:41:49.0890 1080 Rdbss - ok
18:41:49.0906 1080 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:41:49.0906 1080 RDPCDD - ok
18:41:49.0937 1080 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:41:49.0953 1080 rdpdr - ok
18:41:49.0968 1080 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:41:49.0984 1080 RDPWD - ok
18:41:50.0015 1080 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:41:50.0031 1080 RDSessMgr - ok
18:41:50.0046 1080 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:41:50.0062 1080 redbook - ok
18:41:50.0109 1080 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:41:50.0125 1080 RemoteAccess - ok
18:41:50.0156 1080 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:41:50.0156 1080 RemoteRegistry - ok
18:41:50.0265 1080 RichVideo (2d84428075ce90f1b8882d54960c7000) C:\Program Files\CyberLink\Shared files\RichVideo.exe
18:41:50.0281 1080 RichVideo - ok
18:41:50.0296 1080 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:41:50.0312 1080 RpcLocator - ok
18:41:50.0359 1080 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
18:41:50.0375 1080 RpcSs - ok
18:41:50.0421 1080 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:41:50.0437 1080 RSVP - ok
18:41:50.0453 1080 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:41:50.0453 1080 SamSs - ok
18:41:50.0546 1080 SavRoam (92554f1d5037033146501f72c74b4d9f) C:\Program Files\Symantec AntiVirus\SavRoam.exe
18:41:50.0562 1080 SavRoam - ok
18:41:50.0593 1080 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
18:41:50.0609 1080 SAVRT - ok
18:41:50.0609 1080 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
18:41:50.0625 1080 SAVRTPEL - ok
18:41:50.0671 1080 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:41:50.0703 1080 SCardSvr - ok
18:41:50.0734 1080 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:41:50.0750 1080 Schedule - ok
18:41:50.0796 1080 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:41:50.0796 1080 Secdrv - ok
18:41:50.0828 1080 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:41:50.0843 1080 seclogon - ok
18:41:50.0875 1080 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:41:50.0890 1080 SENS - ok
18:41:50.0906 1080 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:41:50.0921 1080 Serial - ok
18:41:50.0937 1080 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:41:50.0953 1080 Sfloppy - ok
18:41:50.0968 1080 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:41:51.0000 1080 SharedAccess - ok
18:41:51.0015 1080 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
18:41:51.0031 1080 ShellHWDetection - ok
18:41:51.0031 1080 Simbad - ok
18:41:51.0093 1080 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
18:41:51.0093 1080 snapman - ok
18:41:51.0203 1080 SNDSrvc (213c7eb70a762afdbb095e3535e8545c) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
18:41:51.0218 1080 SNDSrvc - ok
18:41:51.0218 1080 Sparrow - ok
18:41:51.0281 1080 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:41:51.0296 1080 SPBBCDrv - ok
18:41:51.0343 1080 SPBBCSvc (8a09ab7a1fd856acc469bd0cd4e98351) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
18:41:51.0375 1080 SPBBCSvc - ok
18:41:51.0406 1080 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:41:51.0421 1080 splitter - ok
18:41:51.0437 1080 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
18:41:51.0453 1080 Spooler - ok
18:41:51.0500 1080 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:41:51.0500 1080 sr - ok
18:41:51.0531 1080 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:41:51.0546 1080 srservice - ok
18:41:51.0562 1080 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
18:41:51.0578 1080 Srv - ok
18:41:51.0640 1080 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:41:51.0640 1080 SSDPSRV - ok
18:41:51.0671 1080 SSI (9910b19fed16e3e073d48efc4422f29c) C:\WINDOWS\system32\Drivers\SSI.SYS
18:41:51.0687 1080 SSI - ok
18:41:51.0718 1080 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:41:51.0781 1080 stisvc - ok
18:41:51.0921 1080 svcWRSSSDK (c813a0a21424532d39131618336ad44c) C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
18:41:51.0984 1080 svcWRSSSDK - ok
18:41:52.0062 1080 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:41:52.0078 1080 swenum - ok
18:41:52.0109 1080 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:41:52.0109 1080 swmidi - ok
18:41:52.0125 1080 SwPrv - ok
18:41:52.0218 1080 Symantec AntiVirus (7ac1fccc7976857aac3906d45a81d77b) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
18:41:52.0234 1080 Symantec AntiVirus - ok
18:41:52.0281 1080 symc810 - ok
18:41:52.0296 1080 symc8xx - ok
18:41:52.0312 1080 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:41:52.0328 1080 SymEvent - ok
18:41:52.0359 1080 SYMREDRV (e919f0922248a826964428f479a3dc24) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
18:41:52.0375 1080 SYMREDRV - ok
18:41:52.0406 1080 SYMTDI (c177d5a655af572c456ec977582b9bc0) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
18:41:52.0421 1080 SYMTDI - ok
18:41:52.0421 1080 sym_hi - ok
18:41:52.0421 1080 sym_u3 - ok
18:41:52.0468 1080 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:41:52.0484 1080 sysaudio - ok
18:41:52.0531 1080 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:41:52.0546 1080 SysmonLog - ok
18:41:52.0562 1080 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:41:52.0578 1080 TapiSrv - ok
18:41:52.0625 1080 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:41:52.0640 1080 Tcpip - ok
18:41:52.0671 1080 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:41:52.0687 1080 TDPIPE - ok
18:41:52.0734 1080 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
18:41:52.0750 1080 tdrpman - ok
18:41:52.0781 1080 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:41:52.0781 1080 TDTCP - ok
18:41:52.0828 1080 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:41:52.0828 1080 TermDD - ok
18:41:52.0875 1080 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:41:52.0906 1080 TermService - ok
18:41:52.0937 1080 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
18:41:52.0937 1080 Themes - ok
18:41:52.0953 1080 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
18:41:52.0953 1080 tifsfilter - ok
18:41:52.0968 1080 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
18:41:52.0984 1080 timounter - ok
18:41:53.0031 1080 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:41:53.0046 1080 TlntSvr - ok
18:41:53.0046 1080 TosIde - ok
18:41:53.0093 1080 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:41:53.0109 1080 TrkWks - ok
18:41:53.0234 1080 TryAndDecideService (bc236bbb0b16049392e020e53f17d04c) C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
18:41:53.0250 1080 TryAndDecideService - ok
18:41:53.0281 1080 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:41:53.0281 1080 Udfs - ok
18:41:53.0296 1080 ultra - ok
18:41:53.0328 1080 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:41:53.0343 1080 Update - ok
18:41:53.0390 1080 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:41:53.0406 1080 upnphost - ok
18:41:53.0437 1080 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:41:53.0437 1080 UPS - ok
18:41:53.0484 1080 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:41:53.0484 1080 USBAAPL - ok
18:41:53.0531 1080 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:41:53.0531 1080 usbccgp - ok
18:41:53.0562 1080 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:41:53.0562 1080 usbehci - ok
18:41:53.0562 1080 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:41:53.0578 1080 usbhub - ok
18:41:53.0625 1080 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:41:53.0625 1080 usbohci - ok
18:41:53.0656 1080 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:41:53.0671 1080 usbprint - ok
18:41:53.0703 1080 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:41:53.0718 1080 usbscan - ok
18:41:53.0750 1080 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:41:53.0750 1080 USBSTOR - ok
18:41:53.0781 1080 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:41:53.0796 1080 VgaSave - ok
18:41:53.0796 1080 ViaIde - ok
18:41:53.0828 1080 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:41:53.0843 1080 VolSnap - ok
18:41:53.0875 1080 vsdatant (19482b3bf4eab3cf52d778f9f38dd306) C:\WINDOWS\system32\vsdatant.sys
18:41:53.0906 1080 vsdatant - ok
18:41:53.0968 1080 vsmon - ok
18:41:54.0015 1080 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:41:54.0031 1080 VSS - ok
18:41:54.0078 1080 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:41:54.0093 1080 W32Time - ok
18:41:54.0125 1080 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:41:54.0140 1080 Wanarp - ok
18:41:54.0140 1080 WDICA - ok
18:41:54.0187 1080 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:41:54.0187 1080 wdmaud - ok
18:41:54.0218 1080 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:41:54.0218 1080 WebClient - ok
18:41:54.0312 1080 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:41:54.0328 1080 winmgmt - ok
18:41:54.0390 1080 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:41:54.0406 1080 WmdmPmSN - ok
18:41:54.0453 1080 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll
18:41:54.0484 1080 Wmi - ok
18:41:54.0500 1080 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:41:54.0515 1080 WmiApSrv - ok
18:41:54.0671 1080 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:41:54.0703 1080 WMPNetworkSvc - ok
18:41:54.0750 1080 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:41:54.0765 1080 wscsvc - ok
18:41:54.0796 1080 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:41:54.0812 1080 wuauserv - ok
18:41:54.0906 1080 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:41:54.0921 1080 WudfPf - ok
18:41:54.0953 1080 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:41:54.0968 1080 WudfRd - ok
18:41:54.0984 1080 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:41:55.0000 1080 WudfSvc - ok
18:41:55.0093 1080 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:41:55.0109 1080 WZCSVC - ok
18:41:55.0140 1080 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:41:55.0156 1080 xmlprov - ok
18:41:55.0265 1080 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (5867ce254625645345c833510d24f124) C:\Program Files\CyberLink\PowerDVD\000.fcl
18:41:55.0734 1080 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
18:41:55.0765 1080 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:41:56.0093 1080 \Device\Harddisk0\DR0 - ok
18:41:56.0093 1080 Boot (0x1200) (3f61284bac726284dc0666892c8c019b) \Device\Harddisk0\DR0\Partition0
18:41:56.0093 1080 \Device\Harddisk0\DR0\Partition0 - ok
18:41:56.0109 1080 Boot (0x1200) (c56cc28dcca50b78b8ba16726e4de34e) \Device\Harddisk0\DR0\Partition1
18:41:56.0109 1080 \Device\Harddisk0\DR0\Partition1 - ok
18:41:56.0109 1080 ============================================================
18:41:56.0109 1080 Scan finished
18:41:56.0109 1080 ============================================================
18:41:56.0125 0352 Detected object count: 0
18:41:56.0125 0352 Actual detected object count: 0
18:42:26.0328 3628 Deinitialize success

Here is the log for aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-14 18:44:04
-----------------------------
18:44:04.125 OS Version: Windows 5.1.2600 Service Pack 3
18:44:04.125 Number of processors: 2 586 0x6B02
18:44:04.125 ComputerName: HT-COMPUTER UserName: Hongster
18:44:07.000 Initialize success
18:46:23.406 AVAST engine defs: 12071402
18:46:40.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b
18:46:40.140 Disk 0 Vendor: Hitachi_HDP725016GLA380 GMBOA57A Size: 152627MB BusType: 3
18:46:40.171 Disk 0 MBR read successfully
18:46:40.171 Disk 0 MBR scan
18:46:40.218 Disk 0 Windows XP default MBR code
18:46:40.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 142208 MB offset 63
18:46:40.234 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10417 MB offset 291242385
18:46:40.250 Disk 0 scanning sectors +312576705
18:46:40.312 Disk 0 scanning C:\WINDOWS\system32\drivers
18:46:50.296 Service scanning
18:47:10.156 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
18:47:13.156 Modules scanning
18:47:20.671 Disk 0 trace - called modules:
18:47:20.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
18:47:20.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a424180]
18:47:20.687 3 CLASSPNP.SYS[ba8f8fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8a3faf18]
18:47:20.687 5 ACPI.sys[ba77f620] -> nt!IofCallDriver -> \Device\0000006b[0x8a441030]
18:47:21.046 AVAST engine scan C:\WINDOWS
18:47:29.359 AVAST engine scan C:\WINDOWS\system32
18:49:49.750 AVAST engine scan C:\WINDOWS\system32\drivers
18:50:02.125 AVAST engine scan C:\Documents and Settings\Hongster
19:19:05.046 AVAST engine scan C:\Documents and Settings\All Users
19:19:44.812 Scan finished successfully
19:21:58.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Hongster\Desktop\mbam-log\MBR.dat"
19:21:58.937 The log file has been saved successfully to "C:\Documents and Settings\Hongster\Desktop\mbam-log\aswMBR.txt"

Here is the log for ESET online scanner:

C:\Documents and Settings\Hongster\Local Settings\Temp\ueC4sveu.exe.part Win32/Toolbar.Zugo application cleaned by deleting - quarantined

Note: On ESET online scanner I checked the Uninstall application on close and I checked the Delete quarantined files then I clicked the finnish and click the x on the upper right hand coner. I hope that was ok?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:13 AM

Posted 15 July 2012 - 08:33 AM

Thats ok

Update MBAM and run a full scan until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#5 mike88888

mike88888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 15 July 2012 - 05:31 PM

Again thank you for your ongoing help with my sisters computer problem.

Here is the last full scan I ran with MBAM:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.15.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Hongster :: HT-COMPUTER [administrator]

Protection: Enabled

7/15/2012 10:27:17 AM
mbam-log-2012-07-15 (10-27-17).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 315131
Time elapsed: 1 hour(s), 4 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here is the log for mini toolbox:

MiniToolBox by Farbar Version: 15-07-2012
Ran by Hongster (administrator) on 15-07-2012 at 15:07:37
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


66.98.148.65 auto.search.msn.com
66.98.148.65 auto.search.msn.es
127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : ht-computer Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . :

No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-22-15-18-7A-19 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Sunday, July 15, 2012 6:52:59 AM Lease Expires . . . . . . . . . . : Monday, July 16, 2012 6:52:59 AMServer: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.224.226, 74.125.224.229, 74.125.224.230, 74.125.224.225
74.125.224.228, 74.125.224.224, 74.125.224.227, 74.125.224.233, 74.125.224.238
74.125.224.231, 74.125.224.232

Pinging google.com [74.125.224.230] with 32 bytes of data:Reply from 74.125.224.230: bytes=32 time=68ms TTL=55Reply from 74.125.224.230: bytes=32 time=65ms TTL=55Ping statistics for 74.125.224.230:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 65ms, Maximum = 68ms, Average = 66msServer: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:Reply from 209.191.122.70: bytes=32 time=109ms TTL=51Reply from 209.191.122.70: bytes=32 time=46ms TTL=51Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 46ms, Maximum = 109ms, Average = 77msServer: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1:

bytes=32 time=57ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 57ms, Average = 28ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 22 15 18 7a 19 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.100 192.168.1.100 20
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/10/2012 04:26:54 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BF from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact

Microsoft Product Support Services to report this error.

Error: (07/10/2012 04:19:06 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module rpcss.dll, version 5.1.2600.5512, fault address 0x0001f455.
Processing media-specific event for [svchost.exe!ws!]

Error: (07/06/2012 08:48:49 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 17.0.963.79, faulting module gcswf32.dll, version 11.1.102.63, fault address 0x001765b0.
Processing media-specific event for [chrome.exe!ws!]

Error: (06/26/2012 05:34:03 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 17.0.963.79, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/26/2012 05:34:03 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 17.0.963.79, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (07/10/2012 04:24:15 AM) (Source: Service Control Manager) (User: )
Description: The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (06/26/2012 10:54:48 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.100 for the Network Card with network address 002215187A19 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/26/2012 10:38:03 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 002215187A19 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/21/2012 10:53:09 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.100 for the Network Card with network address 002215187A19 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/14/2012 02:09:11 AM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 002215187A19. The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (06/14/2012 02:09:07 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 002215187A19 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/14/2012 00:51:25 AM) (Source: Service Control Manager) (User: )
Description: The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (05/28/2012 05:58:07 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 002215187A19 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/28/2012 05:57:30 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.102 for the Network Card with network address 002215187A19 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/28/2012 05:54:26 PM) (Source: Service Control Manager) (User: )
Description: The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.


Microsoft Office Sessions:
=========================
Error: (07/10/2012 04:26:54 AM) (Source: EventSystem)(User: )
Description: f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp44800706BF

Error: (07/10/2012 04:19:06 AM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.5512rpcss.dll5.1.2600.55120001f455

Error: (07/06/2012 08:48:49 PM) (Source: Application Error)(User: )
Description: chrome.exe17.0.963.79gcswf32.dll11.1.102.63001765b0

Error: (06/26/2012 05:34:03 PM) (Source: Application Hang)(User: )
Description: chrome.exe17.0.963.79hungapp0.0.0.000000000

Error: (06/26/2012 05:34:03 PM) (Source: Application Hang)(User: )
Description: chrome.exe17.0.963.79hungapp0.0.0.000000000


=========================== Installed Programs ============================

Acronis True Image Home (Version: 11.0.8101)
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Stock Photos 1.0 (Version: 001.000.000)
AnyDVD
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
ConvertXtoDVD 2.2.3.258 (Version: 2.2.3.258)
DVD Region+CSS Free 5.9.8.5
DVD Shrink 3.2
Eraser 5.8 (Version: Eraser 5.8)
Foxit Reader
Google Chrome (Version: 17.0.963.79)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
K-Lite Mega Codec Pack 4.1.7 (Version: 4.1.7)
LimeWire PRO 4.18.6 (Version: 4.18.6)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.67)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
Nero 8 (Version: 8.3.314)
neroxml (Version: 1.0.0)
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager (Version: 2.03.6523)
Power Slides v1.0
PowerDVD (Version: 7.3.3516.0)
PowerDVD Ultra (Version: 7.3.3516.0)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 5.10.0.5657)
SereneScreen Marine Aquarium 2.6 (Version: 2.6)
SlowView (Version: 1.0 RC2)
Spy Sweeper 4.x Updater (Version: 1.2)
Symantec AntiVirus (Version: 10.1.7000.7)
Tweak UI
VC 9.0 Runtime (Version: 1.0.0)
VCRedistSetup (Version: 1.0.0)
WD Diagnostics (Version: 1.09.0002)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.531 )
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
WinZip (Version: 11.0 (7313))
ZoneAlarm Pro (Version: 9.0.083.000)

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 1918.42 MB
Available physical RAM: 998.41 MB
Total Pagefile: 3109.27 MB
Available Pagefile: 2450.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1984.93 MB

========================= Partitions: =====================================

1 Drive c: (Master) (Fixed) (Total:138.88 GB) (Free:33.27 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.17 GB) (Free:1.39 GB) NTFS

========================= Users: ========================================

User accounts for \\HT-COMPUTER

Administrator Guest HelpAssistant
Hongster SUPPORT_388945a0


**** End of log ****

Here is the log for FSS:

Farbar Service Scanner Version: 08-07-2012
Ran by Hongster (administrator) on 15-07-2012 at 15:15:45
Running from "C:\Documents and Settings\Hongster\Desktop\mbam-log"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll
[2008-04-14 02:41] - [2008-04-14 02:41] - 0246272 ____A (Microsoft Corporation) 19A799805B24990867B00C120D300C3A

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

I hope these log have good news. Thank you!

Note: At this point I still have not rebooted the system yet.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:13 AM

Posted 15 July 2012 - 07:10 PM

what are the current issues?

#7 mike88888

mike88888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 15 July 2012 - 08:01 PM

I was hoping you can tell me if there are any issues in the last two scan logs that I am not seeing. Also I had some question for my own computer but am not sure if I should start a new post or post it here. I had scan my own computer with the first three programs you recommended, with the first two results clean but the third one came back with three items found. I really just want to make sure my sisters computer is OK first. Thank you for your help.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:13 AM

Posted 15 July 2012 - 08:06 PM

Log looks good except for minor issues

Press Windows+R key and type

services.msc
and click ok

Right click on system restore service-properties

Change the startup type to automatic

Download

Hosts fix

Run it,

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your flash player

Update java from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:13 AM

Posted 15 July 2012 - 08:07 PM

Start a new topic for a different PC :thumbup2:

#10 mike88888

mike88888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 15 July 2012 - 09:16 PM

Thank you for the quick reply.

1. On my sisters computer under "system restore service-properties" its already set to automatic. Should I do anything to it?
2. What does the Hosts fix do on my sisters computer? Does it send any data back to Microsoft? If not great.
3. After everything is done should I do a restart of the system just to make sure it everything is set.

Also I will start a new post for my own computer.

Thank you.

Edited by mike88888, 15 July 2012 - 09:22 PM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:13 AM

Posted 15 July 2012 - 09:33 PM

1. On my sisters computer under "system restore service-properties" its already set to automatic. Should I do anything to it?


Ignore it

2. What does the Hosts fix do on my sisters computer? Does it send any data back to Microsoft? If not great.


It resets your hosts file entries to default

3. After everything is done should I do a restart of the system just to make sure it everything is set.


Yes

safe surfing :)

#12 mike88888

mike88888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 15 July 2012 - 11:20 PM

I ran the Hosts fix with no problems, but when I ran the TFC and clicked the start button it made my desktop disappeared which it stated it would do but then nothing happens. I wait ten minutes nothing happen, I gave it another ten and nothing happened now its over an hour and still nothing happens. I tried to click exit and all it does is how the hour glass animation but nothing happens so I tried to click the x on the upper right hand corner and nothing happens after about a minute of that the title section of the windows shows "not responding". What should I do know?

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:13 AM

Posted 15 July 2012 - 11:25 PM

Restart the PC and run the tool in safemode

#14 mike88888

mike88888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 16 July 2012 - 12:28 AM

After I restarted my sisters computer in safe mode I double clicked the TFC program and it went through its processes without any problem. After the reboot I went to the my computer and turned off the restore function and restarted the computer after that I turned on the restore funtion. The flash player was already update via chrome browser update then I updated Java also made sure both MBAM and there Anti-virus definition where updated as well. Now is there anything else I can do for her to make sure shes good to go? Should I delete any programs or files during this trouble shooting secession?

There was one thing when I checked the add or remove programs, I see there is two Java ™. One is the Java ™ 6 update 29 and the second one is Java ™ 7 update 5, how is that possible? Should I just highlight it and click the remove button?

My sister and I wanted to thank you for your time and help with her computer!

narenxp = Awesome :thumbsup:

Edited by mike88888, 16 July 2012 - 12:36 AM.


#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:13 AM

Posted 16 July 2012 - 04:42 AM

Remove the older one and update your java

Appreciate your feedback :thumbsup:

safe surfing




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users