Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search link redirected


  • Please log in to reply
22 replies to this topic

#1 Banjo09

Banjo09

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:12:09 PM

Posted 18 July 2012 - 11:22 PM

This morning while scanning BBC news site I saw an article I wanted to forward. Being new to Chrome I Googled the query "Is there anyway to forward a web page by email from Google Chrome". Clicked on the first link and didn't like the explanation and clicked on the second link which looked like this:

Is There Any Way To Forward A Web Page By E-mail From Google ...
www.experienceproject.com Q&A Home Other
Mar 29, 2011 IE and Firefox enable you to do that, but I don't see how with Chromeand Opera....Find answers to the question, Is There Any Way To Forward ...

Within an instant a pop up window appeared. I left the browser open long enough to write down the name of the "virus alert" message. Its banner read Microsoft Essential Securities Alert.

I ran a full scan with MBAM which found nothing. I then downloaded RKill, checked that MBAM was up to date, rebooted, ran RKill and ran a full MBAM scan again which found nothing. I opened Chrome and looked in my history and noticed I had been redirected from the second (shown above) search link to:

http://protectmicrosoftantivirus.pl/xczf3u/ss/78dee9e271084cb2/pr2/999/

My computer is running a lot slower now, but no indication that the browser has been commandeered... (a Dell Pentium D, running Win XT)

Did I actually get a virus or did I just get redirected to a page with a pop up window on it?
Is there anyway to safely look at the redirect page again or to research the page to see what it is?

Thanks,

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


BC AdBot (Login to Remove)

 


#2 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:12:09 PM

Posted 25 July 2012 - 05:20 PM

Doesn't look like I got a virus... I definitely got redirected and saw a fake virus scan pop up screen though.
I guess it's just another unsolved mystery...

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:09 PM

Posted 25 July 2012 - 05:25 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:12:09 PM

Posted 25 July 2012 - 05:52 PM

16:50:48.0765 3304 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:50:49.0265 3304 ============================================================
16:50:49.0265 3304 Current date / time: 2012/07/25 16:50:49.0265
16:50:49.0265 3304 SystemInfo:
16:50:49.0265 3304
16:50:49.0265 3304 OS Version: 5.1.2600 ServicePack: 3.0
16:50:49.0265 3304 Product type: Workstation
16:50:49.0265 3304 ComputerName: E07
16:50:49.0265 3304 UserName: TCI
16:50:49.0265 3304 Windows directory: C:\WINDOWS
16:50:49.0265 3304 System windows directory: C:\WINDOWS
16:50:49.0265 3304 Processor architecture: Intel x86
16:50:49.0265 3304 Number of processors: 2
16:50:49.0265 3304 Page size: 0x1000
16:50:49.0265 3304 Boot type: Normal boot
16:50:49.0265 3304 ============================================================
16:50:51.0765 3304 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:50:51.0765 3304 ============================================================
16:50:51.0765 3304 \Device\Harddisk0\DR0:
16:50:51.0765 3304 MBR partitions:
16:50:51.0765 3304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x8DF26F1
16:50:51.0765 3304 ============================================================
16:50:51.0796 3304 C: <-> \Device\Harddisk0\DR0\Partition0
16:50:51.0796 3304 ============================================================
16:50:51.0796 3304 Initialize success
16:50:51.0796 3304 ============================================================
16:51:23.0156 3644 ============================================================
16:51:23.0156 3644 Scan started
16:51:23.0156 3644 Mode: Manual; TDLFS;
16:51:23.0156 3644 ============================================================
16:51:24.0343 3644 Abiosdsk - ok
16:51:24.0375 3644 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:51:24.0375 3644 abp480n5 - ok
16:51:24.0406 3644 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:51:24.0406 3644 ACPI - ok
16:51:24.0437 3644 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:51:24.0437 3644 ACPIEC - ok
16:51:24.0484 3644 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:51:24.0500 3644 AdobeFlashPlayerUpdateSvc - ok
16:51:24.0500 3644 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:51:24.0500 3644 adpu160m - ok
16:51:24.0515 3644 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:51:24.0531 3644 aec - ok
16:51:24.0562 3644 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:51:24.0562 3644 AFD - ok
16:51:24.0578 3644 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:51:24.0593 3644 agp440 - ok
16:51:24.0593 3644 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:51:24.0593 3644 agpCPQ - ok
16:51:24.0593 3644 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:51:24.0593 3644 Aha154x - ok
16:51:24.0609 3644 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:51:24.0609 3644 aic78u2 - ok
16:51:24.0609 3644 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:51:24.0609 3644 aic78xx - ok
16:51:24.0656 3644 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:51:24.0656 3644 Alerter - ok
16:51:24.0687 3644 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:51:24.0687 3644 ALG - ok
16:51:24.0703 3644 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:51:24.0703 3644 AliIde - ok
16:51:24.0703 3644 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:51:24.0703 3644 alim1541 - ok
16:51:24.0718 3644 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:51:24.0718 3644 amdagp - ok
16:51:24.0718 3644 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:51:24.0718 3644 amsint - ok
16:51:24.0750 3644 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:51:24.0765 3644 AppMgmt - ok
16:51:24.0765 3644 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:51:24.0765 3644 asc - ok
16:51:24.0781 3644 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:51:24.0781 3644 asc3350p - ok
16:51:24.0781 3644 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:51:24.0781 3644 asc3550 - ok
16:51:24.0812 3644 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
16:51:24.0812 3644 ASCTRM - ok
16:51:24.0906 3644 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:51:24.0906 3644 aspnet_state - ok
16:51:24.0921 3644 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:51:24.0921 3644 AsyncMac - ok
16:51:24.0937 3644 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:51:24.0937 3644 atapi - ok
16:51:24.0937 3644 Atdisk - ok
16:51:24.0984 3644 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
16:51:24.0984 3644 Ati HotKey Poller - ok
16:51:25.0062 3644 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:51:25.0062 3644 ati2mtag - ok
16:51:25.0078 3644 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:51:25.0093 3644 Atmarpc - ok
16:51:25.0125 3644 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:51:25.0125 3644 AudioSrv - ok
16:51:25.0140 3644 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:51:25.0140 3644 audstub - ok
16:51:25.0140 3644 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:51:25.0140 3644 Beep - ok
16:51:25.0187 3644 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:51:25.0265 3644 BITS - ok
16:51:25.0296 3644 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:51:25.0296 3644 Browser - ok
16:51:25.0390 3644 catchme - ok
16:51:25.0421 3644 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:51:25.0421 3644 cbidf - ok
16:51:25.0437 3644 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:51:25.0437 3644 cbidf2k - ok
16:51:25.0437 3644 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:51:25.0437 3644 cd20xrnt - ok
16:51:25.0453 3644 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:51:25.0453 3644 Cdaudio - ok
16:51:25.0484 3644 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:51:25.0484 3644 Cdfs - ok
16:51:25.0500 3644 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:51:25.0500 3644 Cdrom - ok
16:51:25.0500 3644 Changer - ok
16:51:25.0531 3644 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:51:25.0531 3644 CiSvc - ok
16:51:25.0531 3644 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:51:25.0531 3644 ClipSrv - ok
16:51:25.0609 3644 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:51:25.0609 3644 clr_optimization_v2.0.50727_32 - ok
16:51:25.0656 3644 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:51:25.0656 3644 CmdIde - ok
16:51:25.0656 3644 COMSysApp - ok
16:51:25.0671 3644 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:51:25.0671 3644 Cpqarray - ok
16:51:25.0718 3644 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:51:25.0718 3644 CryptSvc - ok
16:51:25.0718 3644 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:51:25.0734 3644 dac2w2k - ok
16:51:25.0734 3644 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:51:25.0734 3644 dac960nt - ok
16:51:25.0796 3644 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:51:25.0796 3644 DcomLaunch - ok
16:51:25.0843 3644 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:51:25.0843 3644 Dhcp - ok
16:51:25.0875 3644 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:51:25.0875 3644 Disk - ok
16:51:25.0906 3644 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
16:51:25.0906 3644 DLABOIOM - ok
16:51:25.0906 3644 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:51:25.0906 3644 DLACDBHM - ok
16:51:25.0921 3644 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
16:51:25.0921 3644 DLADResN - ok
16:51:25.0937 3644 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
16:51:25.0937 3644 DLAIFS_M - ok
16:51:25.0937 3644 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
16:51:25.0937 3644 DLAOPIOM - ok
16:51:25.0953 3644 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
16:51:25.0953 3644 DLAPoolM - ok
16:51:25.0968 3644 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
16:51:25.0968 3644 DLARTL_N - ok
16:51:25.0984 3644 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
16:51:25.0984 3644 DLAUDFAM - ok
16:51:25.0984 3644 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
16:51:25.0984 3644 DLAUDF_M - ok
16:51:26.0000 3644 dmadmin - ok
16:51:26.0046 3644 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:51:26.0062 3644 dmboot - ok
16:51:26.0062 3644 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:51:26.0078 3644 dmio - ok
16:51:26.0109 3644 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:51:26.0109 3644 dmload - ok
16:51:26.0140 3644 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:51:26.0140 3644 dmserver - ok
16:51:26.0156 3644 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:51:26.0156 3644 DMusic - ok
16:51:26.0187 3644 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:51:26.0187 3644 Dnscache - ok
16:51:26.0218 3644 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:51:26.0218 3644 Dot3svc - ok
16:51:26.0234 3644 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:51:26.0234 3644 dpti2o - ok
16:51:26.0265 3644 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:51:26.0265 3644 drmkaud - ok
16:51:26.0296 3644 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
16:51:26.0296 3644 DRVMCDB - ok
16:51:26.0296 3644 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:51:26.0296 3644 DRVNDDM - ok
16:51:26.0390 3644 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
16:51:26.0390 3644 DSBrokerService - ok
16:51:26.0453 3644 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
16:51:26.0453 3644 DSproct - ok
16:51:26.0468 3644 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
16:51:26.0468 3644 dsunidrv - ok
16:51:26.0500 3644 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:51:26.0500 3644 E100B - ok
16:51:26.0531 3644 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:51:26.0531 3644 EapHost - ok
16:51:26.0546 3644 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:51:26.0546 3644 ERSvc - ok
16:51:26.0609 3644 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:51:26.0609 3644 Eventlog - ok
16:51:26.0687 3644 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:51:26.0687 3644 EventSystem - ok
16:51:26.0703 3644 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:51:26.0703 3644 Fastfat - ok
16:51:26.0734 3644 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:51:26.0734 3644 FastUserSwitchingCompatibility - ok
16:51:26.0765 3644 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
16:51:26.0781 3644 Fax - ok
16:51:26.0781 3644 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:51:26.0781 3644 Fdc - ok
16:51:26.0812 3644 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:51:26.0812 3644 Fips - ok
16:51:26.0812 3644 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:51:26.0812 3644 Flpydisk - ok
16:51:26.0843 3644 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:51:26.0843 3644 FltMgr - ok
16:51:26.0937 3644 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:51:26.0937 3644 FontCache3.0.0.0 - ok
16:51:26.0968 3644 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:51:26.0968 3644 Fs_Rec - ok
16:51:26.0984 3644 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:51:26.0984 3644 Ftdisk - ok
16:51:27.0015 3644 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:51:27.0015 3644 Gpc - ok
16:51:27.0109 3644 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
16:51:27.0109 3644 gupdate - ok
16:51:27.0109 3644 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
16:51:27.0109 3644 gupdatem - ok
16:51:27.0156 3644 gusvc (016e55316ce89e8ac8f77a6818842345) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:51:27.0156 3644 gusvc - ok
16:51:27.0203 3644 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:51:27.0203 3644 HDAudBus - ok
16:51:27.0250 3644 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:51:27.0250 3644 helpsvc - ok
16:51:27.0281 3644 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
16:51:27.0281 3644 HidServ - ok
16:51:27.0296 3644 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:51:27.0296 3644 HidUsb - ok
16:51:27.0343 3644 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:51:27.0343 3644 hkmsvc - ok
16:51:27.0375 3644 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:51:27.0375 3644 hpn - ok
16:51:27.0406 3644 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:51:27.0406 3644 HTTP - ok
16:51:27.0437 3644 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:51:27.0437 3644 HTTPFilter - ok
16:51:27.0453 3644 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:51:27.0453 3644 i2omgmt - ok
16:51:27.0468 3644 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:51:27.0468 3644 i2omp - ok
16:51:27.0484 3644 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:51:27.0484 3644 i8042prt - ok
16:51:27.0578 3644 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:51:27.0578 3644 IDriverT - ok
16:51:27.0687 3644 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:51:27.0703 3644 idsvc - ok
16:51:27.0781 3644 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:51:27.0781 3644 Imapi - ok
16:51:27.0859 3644 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:51:27.0859 3644 ImapiService - ok
16:51:27.0890 3644 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:51:27.0890 3644 ini910u - ok
16:51:27.0906 3644 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:51:27.0906 3644 IntelIde - ok
16:51:27.0921 3644 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:51:27.0921 3644 intelppm - ok
16:51:27.0937 3644 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:51:27.0937 3644 Ip6Fw - ok
16:51:27.0968 3644 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:51:27.0968 3644 IpFilterDriver - ok
16:51:27.0968 3644 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:51:27.0968 3644 IpInIp - ok
16:51:27.0984 3644 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:51:27.0984 3644 IpNat - ok
16:51:28.0000 3644 iPod Service - ok
16:51:28.0015 3644 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:51:28.0031 3644 IPSec - ok
16:51:28.0031 3644 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:51:28.0031 3644 IRENUM - ok
16:51:28.0046 3644 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:51:28.0046 3644 isapnp - ok
16:51:28.0125 3644 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe
16:51:28.0125 3644 JavaQuickStarterService - ok
16:51:28.0156 3644 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:51:28.0156 3644 Kbdclass - ok
16:51:28.0171 3644 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:51:28.0171 3644 kbdhid - ok
16:51:28.0187 3644 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:51:28.0187 3644 kmixer - ok
16:51:28.0218 3644 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:51:28.0218 3644 KSecDD - ok
16:51:28.0250 3644 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:51:28.0250 3644 lanmanserver - ok
16:51:28.0281 3644 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:51:28.0281 3644 lanmanworkstation - ok
16:51:28.0296 3644 lbrtfdc - ok
16:51:28.0328 3644 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:51:28.0328 3644 LmHosts - ok
16:51:28.0359 3644 LPDSVC (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\system32\tcpsvcs.exe
16:51:28.0359 3644 LPDSVC - ok
16:51:28.0390 3644 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
16:51:28.0390 3644 MBAMProtector - ok
16:51:28.0468 3644 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:51:28.0468 3644 MBAMService - ok
16:51:28.0531 3644 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:51:28.0546 3644 MDM - ok
16:51:28.0562 3644 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:51:28.0562 3644 Messenger - ok
16:51:28.0578 3644 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:51:28.0593 3644 mnmdd - ok
16:51:28.0609 3644 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:51:28.0609 3644 mnmsrvc - ok
16:51:28.0640 3644 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:51:28.0640 3644 Modem - ok
16:51:28.0656 3644 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:51:28.0656 3644 Mouclass - ok
16:51:28.0687 3644 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:51:28.0687 3644 mouhid - ok
16:51:28.0703 3644 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:51:28.0703 3644 MountMgr - ok
16:51:28.0734 3644 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:51:28.0734 3644 mraid35x - ok
16:51:28.0750 3644 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:51:28.0750 3644 MRxDAV - ok
16:51:28.0796 3644 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:51:28.0812 3644 MRxSmb - ok
16:51:28.0843 3644 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:51:28.0843 3644 MSDTC - ok
16:51:28.0875 3644 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:51:28.0875 3644 Msfs - ok
16:51:28.0890 3644 MSIServer - ok
16:51:28.0890 3644 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:51:28.0890 3644 MSKSSRV - ok
16:51:28.0906 3644 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:51:28.0906 3644 MSPCLOCK - ok
16:51:28.0906 3644 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:51:28.0906 3644 MSPQM - ok
16:51:28.0921 3644 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:51:28.0921 3644 mssmbios - ok
16:51:28.0937 3644 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:51:28.0937 3644 Mup - ok
16:51:28.0984 3644 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:51:28.0984 3644 napagent - ok
16:51:29.0000 3644 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:51:29.0000 3644 NDIS - ok
16:51:29.0031 3644 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:51:29.0031 3644 NdisTapi - ok
16:51:29.0031 3644 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:51:29.0046 3644 Ndisuio - ok
16:51:29.0046 3644 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:51:29.0046 3644 NdisWan - ok
16:51:29.0078 3644 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:51:29.0078 3644 NDProxy - ok
16:51:29.0140 3644 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:51:29.0140 3644 NetBIOS - ok
16:51:29.0156 3644 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:51:29.0156 3644 NetBT - ok
16:51:29.0187 3644 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:51:29.0187 3644 NetDDE - ok
16:51:29.0203 3644 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:51:29.0203 3644 NetDDEdsdm - ok
16:51:29.0234 3644 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:51:29.0234 3644 Netlogon - ok
16:51:29.0250 3644 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:51:29.0250 3644 Netman - ok
16:51:29.0375 3644 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
16:51:29.0375 3644 NetSvc - ok
16:51:29.0484 3644 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:51:29.0484 3644 NetTcpPortSharing - ok
16:51:29.0515 3644 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:51:29.0515 3644 Nla - ok
16:51:29.0546 3644 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:51:29.0546 3644 Npfs - ok
16:51:29.0578 3644 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:51:29.0593 3644 Ntfs - ok
16:51:29.0656 3644 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:51:29.0656 3644 NtLmSsp - ok
16:51:29.0718 3644 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:51:29.0718 3644 NtmsSvc - ok
16:51:29.0781 3644 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
16:51:29.0781 3644 NuidFltr - ok
16:51:29.0812 3644 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:51:29.0812 3644 Null - ok
16:51:29.0906 3644 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:51:29.0921 3644 nv - ok
16:51:30.0000 3644 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:51:30.0000 3644 NwlnkFlt - ok
16:51:30.0000 3644 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:51:30.0000 3644 NwlnkFwd - ok
16:51:30.0109 3644 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:51:30.0109 3644 odserv - ok
16:51:30.0187 3644 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:51:30.0187 3644 ose - ok
16:51:30.0203 3644 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:51:30.0218 3644 Parport - ok
16:51:30.0218 3644 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:51:30.0218 3644 PartMgr - ok
16:51:30.0234 3644 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:51:30.0234 3644 ParVdm - ok
16:51:30.0250 3644 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:51:30.0265 3644 PCI - ok
16:51:30.0265 3644 PCIDump - ok
16:51:30.0281 3644 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:51:30.0281 3644 PCIIde - ok
16:51:30.0281 3644 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:51:30.0281 3644 Pcmcia - ok
16:51:30.0296 3644 PDCOMP - ok
16:51:30.0296 3644 PDFRAME - ok
16:51:30.0296 3644 PDRELI - ok
16:51:30.0312 3644 PDRFRAME - ok
16:51:30.0312 3644 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:51:30.0312 3644 perc2 - ok
16:51:30.0328 3644 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:51:30.0328 3644 perc2hib - ok
16:51:30.0375 3644 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:51:30.0375 3644 PlugPlay - ok
16:51:30.0390 3644 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:51:30.0406 3644 PolicyAgent - ok
16:51:30.0406 3644 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:51:30.0406 3644 PptpMiniport - ok
16:51:30.0421 3644 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:51:30.0421 3644 ProtectedStorage - ok
16:51:30.0421 3644 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:51:30.0421 3644 PSched - ok
16:51:30.0453 3644 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
16:51:30.0453 3644 PSI - ok
16:51:30.0500 3644 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:51:30.0500 3644 Ptilink - ok
16:51:30.0531 3644 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:51:30.0531 3644 PxHelp20 - ok
16:51:30.0531 3644 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:51:30.0546 3644 ql1080 - ok
16:51:30.0546 3644 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:51:30.0546 3644 Ql10wnt - ok
16:51:30.0546 3644 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:51:30.0546 3644 ql12160 - ok
16:51:30.0562 3644 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:51:30.0562 3644 ql1240 - ok
16:51:30.0562 3644 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:51:30.0562 3644 ql1280 - ok
16:51:30.0593 3644 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:51:30.0593 3644 RasAcd - ok
16:51:30.0625 3644 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:51:30.0625 3644 RasAuto - ok
16:51:30.0625 3644 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:51:30.0625 3644 Rasl2tp - ok
16:51:30.0671 3644 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:51:30.0671 3644 RasMan - ok
16:51:30.0687 3644 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:51:30.0687 3644 RasPppoe - ok
16:51:30.0687 3644 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:51:30.0687 3644 Raspti - ok
16:51:30.0718 3644 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:51:30.0718 3644 Rdbss - ok
16:51:30.0734 3644 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:51:30.0734 3644 RDPCDD - ok
16:51:30.0781 3644 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:51:30.0781 3644 rdpdr - ok
16:51:30.0828 3644 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
16:51:30.0828 3644 RDPWD - ok
16:51:30.0875 3644 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:51:30.0875 3644 RDSessMgr - ok
16:51:30.0906 3644 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:51:30.0906 3644 redbook - ok
16:51:30.0937 3644 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:51:30.0937 3644 RemoteAccess - ok
16:51:30.0984 3644 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:51:30.0984 3644 RemoteRegistry - ok
16:51:31.0062 3644 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
16:51:31.0062 3644 RimUsb - ok
16:51:31.0093 3644 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
16:51:31.0093 3644 RimVSerPort - ok
16:51:31.0125 3644 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:51:31.0125 3644 ROOTMODEM - ok
16:51:31.0156 3644 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:51:31.0171 3644 RpcLocator - ok
16:51:31.0265 3644 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
16:51:31.0265 3644 RpcSs - ok
16:51:31.0281 3644 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:51:31.0281 3644 RSVP - ok
16:51:31.0312 3644 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:51:31.0312 3644 SamSs - ok
16:51:31.0328 3644 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:51:31.0328 3644 SCardSvr - ok
16:51:31.0359 3644 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:51:31.0375 3644 Schedule - ok
16:51:31.0406 3644 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:51:31.0406 3644 Secdrv - ok
16:51:31.0421 3644 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:51:31.0421 3644 seclogon - ok
16:51:31.0531 3644 Secunia PSI Agent (f70a51eb03ee7046784ef62efce9528e) C:\Program Files\Secunia\PSI\PSIA.exe
16:51:31.0546 3644 Secunia PSI Agent - ok
16:51:31.0578 3644 Secunia Update Agent (ad56ceb08eeb517332355fde9e5939c8) C:\Program Files\Secunia\PSI\sua.exe
16:51:31.0593 3644 Secunia Update Agent - ok
16:51:31.0750 3644 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:51:31.0750 3644 SENS - ok
16:51:31.0812 3644 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:51:31.0812 3644 serenum - ok
16:51:31.0843 3644 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:51:31.0843 3644 Serial - ok
16:51:31.0875 3644 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:51:31.0875 3644 Sfloppy - ok
16:51:31.0937 3644 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:51:31.0937 3644 SharedAccess - ok
16:51:31.0984 3644 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:51:31.0984 3644 ShellHWDetection - ok
16:51:31.0984 3644 Simbad - ok
16:51:32.0000 3644 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:51:32.0000 3644 sisagp - ok
16:51:32.0109 3644 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
16:51:32.0125 3644 SMNDIS5 - ok
16:51:32.0156 3644 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:51:32.0156 3644 Sparrow - ok
16:51:32.0171 3644 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:51:32.0171 3644 splitter - ok
16:51:32.0250 3644 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:51:32.0250 3644 Spooler - ok
16:51:32.0312 3644 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:51:32.0312 3644 sr - ok
16:51:32.0359 3644 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:51:32.0359 3644 srservice - ok
16:51:32.0390 3644 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:51:32.0406 3644 Srv - ok
16:51:32.0406 3644 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:51:32.0406 3644 SSDPSRV - ok
16:51:32.0468 3644 STHDA (0aa91bbe468b3f46072091f18003ecaa) C:\WINDOWS\system32\drivers\sthda.sys
16:51:32.0484 3644 STHDA - ok
16:51:32.0500 3644 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:51:32.0515 3644 stisvc - ok
16:51:32.0562 3644 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:51:32.0562 3644 swenum - ok
16:51:32.0703 3644 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:51:32.0703 3644 swmidi - ok
16:51:32.0703 3644 SwPrv - ok
16:51:32.0734 3644 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:51:32.0734 3644 symc810 - ok
16:51:32.0750 3644 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:51:32.0750 3644 symc8xx - ok
16:51:32.0750 3644 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:51:32.0750 3644 sym_hi - ok
16:51:32.0750 3644 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:51:32.0750 3644 sym_u3 - ok
16:51:32.0765 3644 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:51:32.0765 3644 sysaudio - ok
16:51:32.0796 3644 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:51:32.0796 3644 SysmonLog - ok
16:51:32.0828 3644 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:51:32.0828 3644 TapiSrv - ok
16:51:32.0859 3644 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:51:32.0859 3644 Tcpip - ok
16:51:32.0859 3644 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:51:32.0875 3644 TDPIPE - ok
16:51:32.0875 3644 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:51:32.0875 3644 TDTCP - ok
16:51:32.0875 3644 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:51:32.0890 3644 TermDD - ok
16:51:32.0906 3644 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:51:32.0906 3644 TermService - ok
16:51:32.0921 3644 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:51:32.0921 3644 Themes - ok
16:51:32.0953 3644 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
16:51:32.0953 3644 TlntSvr - ok
16:51:32.0984 3644 TMPassthru (690acb48dac04e44a3d5e7654ca3260d) C:\WINDOWS\system32\DRIVERS\TMPassthru.sys
16:51:33.0000 3644 TMPassthru - ok
16:51:33.0000 3644 TMPassthruMP (690acb48dac04e44a3d5e7654ca3260d) C:\WINDOWS\system32\DRIVERS\TMPassthru.sys
16:51:33.0000 3644 TMPassthruMP - ok
16:51:33.0031 3644 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:51:33.0031 3644 TosIde - ok
16:51:33.0062 3644 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:51:33.0062 3644 TrkWks - ok
16:51:33.0078 3644 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:51:33.0078 3644 Udfs - ok
16:51:33.0093 3644 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:51:33.0093 3644 ultra - ok
16:51:33.0125 3644 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
16:51:33.0125 3644 UMWdf - ok
16:51:33.0140 3644 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:51:33.0156 3644 Update - ok
16:51:33.0187 3644 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:51:33.0187 3644 upnphost - ok
16:51:33.0203 3644 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:51:33.0203 3644 UPS - ok
16:51:33.0218 3644 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:51:33.0218 3644 usbccgp - ok
16:51:33.0218 3644 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:51:33.0234 3644 usbehci - ok
16:51:33.0234 3644 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:51:33.0234 3644 usbhub - ok
16:51:33.0265 3644 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:51:33.0265 3644 usbscan - ok
16:51:33.0296 3644 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:51:33.0296 3644 USBSTOR - ok
16:51:33.0312 3644 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:51:33.0312 3644 usbuhci - ok
16:51:33.0343 3644 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:51:33.0343 3644 VgaSave - ok
16:51:33.0359 3644 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:51:33.0359 3644 viaagp - ok
16:51:33.0359 3644 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:51:33.0359 3644 ViaIde - ok
16:51:33.0375 3644 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:51:33.0375 3644 VolSnap - ok
16:51:33.0421 3644 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:51:33.0421 3644 VSS - ok
16:51:33.0437 3644 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:51:33.0437 3644 w32time - ok
16:51:33.0453 3644 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:51:33.0453 3644 Wanarp - ok
16:51:33.0468 3644 wanatw - ok
16:51:33.0515 3644 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:51:33.0515 3644 Wdf01000 - ok
16:51:33.0515 3644 WDICA - ok
16:51:33.0531 3644 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:51:33.0531 3644 wdmaud - ok
16:51:33.0546 3644 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:51:33.0546 3644 WebClient - ok
16:51:33.0671 3644 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:51:33.0671 3644 winmgmt - ok
16:51:33.0703 3644 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
16:51:33.0703 3644 WmdmPmSN - ok
16:51:33.0750 3644 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:51:33.0765 3644 Wmi - ok
16:51:33.0781 3644 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:51:33.0781 3644 WmiApSrv - ok
16:51:33.0796 3644 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
16:51:33.0796 3644 WpdUsb - ok
16:51:33.0828 3644 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:51:33.0828 3644 wscsvc - ok
16:51:33.0843 3644 WSearch - ok
16:51:33.0843 3644 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:51:33.0859 3644 wuauserv - ok
16:51:33.0906 3644 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:51:33.0921 3644 WZCSVC - ok
16:51:33.0937 3644 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:51:33.0937 3644 xmlprov - ok
16:51:33.0953 3644 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
16:51:34.0453 3644 \Device\Harddisk0\DR0 - ok
16:51:34.0453 3644 Boot (0x1200) (2880ed450a33a67d6219b832fa9cd42e) \Device\Harddisk0\DR0\Partition0
16:51:34.0453 3644 \Device\Harddisk0\DR0\Partition0 - ok
16:51:34.0453 3644 ============================================================
16:51:34.0468 3644 Scan finished
16:51:34.0468 3644 ============================================================
16:51:34.0468 2452 Detected object count: 0
16:51:34.0468 2452 Actual detected object count: 0

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#5 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:12:09 PM

Posted 25 July 2012 - 06:19 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-25 16:59:12
-----------------------------
16:59:12.437 OS Version: Windows 5.1.2600 Service Pack 3
16:59:12.437 Number of processors: 2 586 0x407
16:59:12.437 ComputerName: E07 UserName: TCI
16:59:12.953 Initialize success
17:11:47.703 AVAST engine defs: 12072502
17:14:06.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
17:14:06.234 Disk 0 Vendor: HDS728080PLA380 PF2OA63A Size: 76293MB BusType: 3
17:14:06.250 Disk 0 MBR read successfully
17:14:06.250 Disk 0 MBR scan
17:14:06.296 Disk 0 unknown MBR code
17:14:06.296 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
17:14:06.312 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72676 MB offset 96390
17:14:06.359 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3561 MB offset 148938615
17:14:06.359 Disk 0 scanning sectors +156232125
17:14:06.421 Disk 0 scanning C:\WINDOWS\system32\drivers
17:14:14.078 Service scanning
17:14:28.921 Modules scanning
17:14:33.359 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
17:14:34.250 Disk 0 trace - called modules:
17:14:34.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:14:34.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6e7ab8]
17:14:34.265 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a6f3b00]
17:14:34.781 AVAST engine scan C:\WINDOWS
17:15:07.687 AVAST engine scan C:\WINDOWS\system32
17:17:34.562 AVAST engine scan C:\WINDOWS\system32\drivers
17:17:46.796 AVAST engine scan C:\Documents and Settings\TCI
17:18:49.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TCI\Desktop\MBR.dat"
17:18:49.156 The log file has been saved successfully to "C:\Documents and Settings\TCI\Desktop\aswMBR.txt"

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#6 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:12:09 PM

Posted 25 July 2012 - 06:56 PM

Re-post of (complete) aswMBR...


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-25 16:59:12
-----------------------------
16:59:12.437 OS Version: Windows 5.1.2600 Service Pack 3
16:59:12.437 Number of processors: 2 586 0x407
16:59:12.437 ComputerName: E07 UserName: TCI
16:59:12.953 Initialize success
17:11:47.703 AVAST engine defs: 12072502
17:14:06.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
17:14:06.234 Disk 0 Vendor: HDS728080PLA380 PF2OA63A Size: 76293MB BusType: 3
17:14:06.250 Disk 0 MBR read successfully
17:14:06.250 Disk 0 MBR scan
17:14:06.296 Disk 0 unknown MBR code
17:14:06.296 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
17:14:06.312 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72676 MB offset 96390
17:14:06.359 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3561 MB offset 148938615
17:14:06.359 Disk 0 scanning sectors +156232125
17:14:06.421 Disk 0 scanning C:\WINDOWS\system32\drivers
17:14:14.078 Service scanning
17:14:28.921 Modules scanning
17:14:33.359 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
17:14:34.250 Disk 0 trace - called modules:
17:14:34.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:14:34.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6e7ab8]
17:14:34.265 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a6f3b00]
17:14:34.781 AVAST engine scan C:\WINDOWS
17:15:07.687 AVAST engine scan C:\WINDOWS\system32
17:17:34.562 AVAST engine scan C:\WINDOWS\system32\drivers
17:17:46.796 AVAST engine scan C:\Documents and Settings\TCI
17:18:49.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TCI\Desktop\MBR.dat"
17:18:49.156 The log file has been saved successfully to "C:\Documents and Settings\TCI\Desktop\aswMBR.txt"
17:41:34.656 File: C:\Documents and Settings\TCI\My Documents\Downloads\exeHelper.com **INFECTED** Win32:Malware-gen
17:44:29.093 AVAST engine scan C:\Documents and Settings\All Users
17:47:38.812 Scan finished successfully
17:49:40.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TCI\Desktop\MBR.dat"
17:49:40.890 The log file has been saved successfully to "C:\Documents and Settings\TCI\Desktop\aswMBR.txt"

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:09 PM

Posted 25 July 2012 - 07:16 PM

ESET log?

#8 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:12:09 PM

Posted 26 July 2012 - 09:30 AM

I scanned last night, but botched the log capture...
This morning's scan found no threats. Last night's scan found two.
My problem was that I didn't (and don't now) see a way to "List" the found threats and export...
Today I see a "Manage Quarantine" option and a "Finish" option.
Last night I chose "Finish" and never got to a log that I could copy.
The "Finish" option took me to a page to download other products...
Today, should I "Manage Quarantine" or "Finish"?
Thanks,

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:09 PM

Posted 26 July 2012 - 09:31 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#10 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:12:09 PM

Posted 26 July 2012 - 10:46 AM

Running MBAM

Found these two files in quarantine in ESET:

C:\Qoobox\Quarantine\C\WINDOWS\system32\rulisofo.dll.vir
&
C:\Qoobox\Quarantine\C\WINDOWS\system32\biyedepu.dll.vir

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#11 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:12:09 PM

Posted 26 July 2012 - 11:39 AM

MBAM Log found 0 items


Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.26.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
TCI :: E07 [administrator]

Protection: Enabled

7/26/2012 9:37:24 AM
mbam-log-2012-07-26 (09-37-24).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 308880
Time elapsed: 1 hour(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#12 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:12:09 PM

Posted 26 July 2012 - 11:48 AM

Mini Tool Box:


MiniToolBox by Farbar Version: 23-07-2012
Ran by TCI (administrator) on 26-07-2012 at 10:40:52
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : E07

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-72-E3-91-29

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.84.139

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.84.84

DHCP Server . . . . . . . . . . . : 192.168.84.84

DNS Servers . . . . . . . . . . . : 192.168.84.84

Primary WINS Server . . . . . . . : 192.168.84.84

Lease Obtained. . . . . . . . . . : Thursday, July 26, 2012 9:34:07 AM

Lease Expires . . . . . . . . . . : Friday, July 27, 2012 9:34:07 AM

Server: UnKnown
Address: 192.168.84.84

Name: google.com
Addresses: 74.125.225.196, 74.125.225.198, 74.125.225.194, 74.125.225.199
74.125.225.197, 74.125.225.201, 74.125.225.193, 74.125.225.206, 74.125.225.192
74.125.225.195, 74.125.225.200



Pinging google.com [74.125.225.196] with 32 bytes of data:



Reply from 74.125.225.196: bytes=32 time=28ms TTL=54

Reply from 74.125.225.196: bytes=32 time=21ms TTL=54



Ping statistics for 74.125.225.196:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 28ms, Average = 24ms

Server: UnKnown
Address: 192.168.84.84

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=92ms TTL=51

Reply from 72.30.38.140: bytes=32 time=102ms TTL=51



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 92ms, Maximum = 102ms, Average = 97ms

Server: UnKnown
Address: 192.168.84.84

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 13 72 e3 91 29 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.84.84 192.168.84.139 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.84.0 255.255.255.0 192.168.84.139 192.168.84.139 20
192.168.84.139 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.84.255 255.255.255.255 192.168.84.139 192.168.84.139 20
224.0.0.0 240.0.0.0 192.168.84.139 192.168.84.139 20
255.255.255.255 255.255.255.255 192.168.84.139 192.168.84.139 1
Default Gateway: 192.168.84.84
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/23/2012 08:12:21 AM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
The binding handle is invalid. (0x800706a6)

Error: (06/19/2012 01:52:23 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 7.0.6000.17110, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/14/2012 00:24:31 PM) (Source: Microsoft Office 12) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.

Error: (05/21/2012 11:16:19 AM) (Source: Microsoft Office 12) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.

Error: (05/18/2012 07:49:52 AM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
The binding handle is invalid. (0x800706a6)

Error: (04/12/2012 04:01:57 PM) (Source: Microsoft Office 12) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.

Error: (04/03/2012 07:41:33 AM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
The binding handle is invalid. (0x800706a6)

Error: (03/28/2012 08:26:29 AM) (Source: Microsoft Office 12) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.

Error: (02/17/2012 04:00:07 PM) (Source: Microsoft Office 12) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.

Error: (02/15/2012 10:21:41 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 7.0.6000.17106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (07/20/2012 06:12:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/20/2012 04:47:02 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm

Error: (07/20/2012 04:46:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (08/13/2010 08:11:53 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 781 seconds with 240 seconds of active time. This session ended with a crash.

Error: (06/01/2010 03:52:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25994 seconds with 10320 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
AOLIcon (Version: 1.00.0000)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
ATI Control Panel (Version: 6.14.10.5160)
ATI Display Driver (Version: 8.162-050803a2-025672C-Dell)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.35)
BlackBerry Device Software Updater (Version: 6.0.1.6)
Blekko Toolbar (Version: 1.0.0)
CompanionLink (Version: 5.00.5000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dell CinePlayer (Version: 3.0)
Dell Digital Jukebox Driver
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Software Uninstall
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Digital Content Portal (Version: 1.00.0000)
Dropbox (Version: 1.4.7)
ESET Online Scanner v3
FileZilla Client 3.1.3.1 (Version: 3.1.3.1)
Google Chrome (Version: 20.0.1132.57)
Google Desktop (Version: -)
Google Toolbar for Internet Explorer
Google Update Helper (Version: 1.3.21.115)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
GTK+ 2.10.6-1 runtime environment
Hallmark Smilebox
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HijackThis 2.0.2 (Version: 2.0.2)
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 9.20.0000)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 33 (Version: 6.0.330)
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MCU (Version: 1.00.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Outlook 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Outlook Personal Folders Backup (Version: 1.10.0.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
MSN Toolbar (Version: 3.0.989.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.4 (Version: 3.4.9590)
PDFCreator (Version: 0.9.3)
PDFCreator Toolbar (Version: 3.0.0.0)
Pdfedit (Version: 4.5.0.0)
Picasa 3 (Version: 3.8)
Qualxserve Service Agreement (Version: 1.11.0000)
QuickTime (Version: 7.72.80.56)
Rapattoni MLS PDF Creator (Version: 1.00.0000)
RealPlayer Basic
Roxio DLA (Version: 5.2.0)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
Search Assist (Version: 1.00.0000)
Secunia PSI (3.0.0.2004) (Version: 3.0.0.2004)
Sonic Activation Module (Version: 1.0)
Sonic Update Manager (Version: 3.0.0)
The GIMP 2.2.14
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Manager (Version: 4.60)
URL Assistant
Viewpoint Media Player
VZAccess Manager for RIM (Version: 6.5.1)
WebFldrs XP (Version: 9.50.7523)
Windows Desktop Search 3.01 (Version: 03.01.6000.72)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.5.0530.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 (Version: 9.00.3636)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip (Version: 9.0 (6028))
WordPerfect Office X3 (Version: 13.1)
YouSendIt Plug-in for Outlook (Version: 2.8.5)

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 2046.07 MB
Available physical RAM: 1019.38 MB
Total Pagefile: 3428.98 MB
Available Pagefile: 2608.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.92 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:70.97 GB) (Free:32.69 GB) NTFS
2 Drive j: (Share) (Network) (Total:454.02 GB) (Free:200.97 GB) NTFS

========================= Users: ========================================

User accounts for \\E07

admin Administrator Guest
HelpAssistant SUPPORT_388945a0 TCI


**** End of log ****

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#13 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:12:09 PM

Posted 26 July 2012 - 11:50 AM

Farbar Service Scanner Version: 26-07-2012
Ran by TCI (administrator) on 26-07-2012 at 10:49:40
Running from "C:\Documents and Settings\TCI\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) TMPassthru(8)
0x080000000400000001000000020000000300000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#14 Banjo09

Banjo09
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:12:09 PM

Posted 26 July 2012 - 12:09 PM

# AdwCleaner v1.703 - Logfile created 07/26/2012 at 10:52:55
# Updated 20/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : TCI - E07
# Running from : C:\Documents and Settings\TCI\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\TCI\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\pdfforge.org
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\pdfforge.org
Key Deleted : HKLM\SOFTWARE\Viewpoint

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Documents and Settings\TCI\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "path": "C:\\Program Files\\Viewpoint\\Viewpoint Experience Technology\\npViewpoint.dll",

*************************

AdwCleaner[S1].txt - [2931 octets] - [26/07/2012 10:52:55]

########## EOF - C:\AdwCleaner[S1].txt - [3059 octets] ##########

 Dell Inspiron 3847, i5-4440, 16 GB RAM, 64 bit Win7 Pro


#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:09 PM

Posted 26 July 2012 - 01:32 PM

Let me know your current issues




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users