Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Live Security Platinum/fake MSE alerts/ Redirect click.get-answers-fast.com


  • Please log in to reply
14 replies to this topic

#1 ladywallflower

ladywallflower

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 22 July 2012 - 07:07 AM

Hello,

I've been having some issues with my computer lately. Awhile ago i was surfing the web and was alerted with MSE alert stating that i had an infection but the security alert seemed funny because it was in the browser and i couldn't close the browser unless i clicked the alert. i didn't click the alert i used task manager to force close the browser. i ran several scans that included micosoft security essentials, malwarebytes, and spot search and destroy but nothing showed up.

After a couple of days passed my computer started acting up and one of my programs detected a trojan called medfos.b and some other trojan i forget what the name was. When i got that infection micosoft security essentials started acting up and wouldn't update and windows firewall got turned off and i couldn't turn it back on. When i went to google to do a web search any link i clicked on about viruses or anything that had to do with Microsoft support got redirected. if i manually type the address in the address bar i can get through. Eventually i was able to restart the firewall using Article ID: 920074 on microsoft support page and i also was able to use microsfot support page to fix MSE updates.

After fixing my MSE update and firewall problem i ran virus and malaware scans and removed what was found. Then a couple of days later i got hit with Live Security Platinum. When i got that nothing on my system worked and my browser was being directed when ever i clicked search links about viruses and virus removal. even bleepingcomputer.com was being redirected. i ended up typing bleepingcomputer.com into the address bar and followed the Live Security Platinum Uninstall Guide. i downloaded FixExec ran it and was able to turn off live security platinum and then ran malwarebytes and removed what was found mse was damaged so i had to uninstall it. after reinstalling mse i ran a scan and it found a couple of things and i deleted it. I also ran tds killer, it found a couple of things and i deleted what was found.

After that everything seemed to work fine. I checked over files, folders, registry files and startup list looking for anything unusual. the only thing i found unusual was a starup file called erespi.dll i did a google serach for it and searched bleepingcomputers database but nothing showed up. so i just left it disabled then i ran some rootkit scanners and the only one that said it was a bad file was Norton power eraser. so i ended up deleting it.

All of this happened a couple of days ago and everything seemed to work fine until this morning. when i run scans and rootkit scanners nothing shows up but i'm still getting browser redirects for a click.get-answers-fast. The first time i saw that was when i started having problems with my computer.

My computer runs windows xp with service pack 3 and my main browser is firefox. all of my flash, java, adobe reader stuff is up to date.

thanks in advanced for any help get in resolving this issue.

p.s. i read over the pinned forum rules and hope i followed them correctly.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:12 PM

Posted 22 July 2012 - 07:15 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 ladywallflower

ladywallflower
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 22 July 2012 - 07:30 AM

here is the TDSSKiller log. i am running the other scans now

08:18:57.0000 0576 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
08:18:57.0343 0576 ============================================================
08:18:57.0343 0576 Current date / time: 2012/07/22 08:18:57.0343
08:18:57.0343 0576 SystemInfo:
08:18:57.0343 0576
08:18:57.0343 0576 OS Version: 5.1.2600 ServicePack: 3.0
08:18:57.0343 0576 Product type: Workstation
08:18:57.0343 0576
08:18:57.0343 0576
08:18:57.0343 0576 Windows directory: C:\WINDOWS
08:18:57.0343 0576 System windows directory: C:\WINDOWS
08:18:57.0343 0576 Processor architecture: Intel x86
08:18:57.0343 0576 Number of processors: 1
08:18:57.0343 0576 Page size: 0x1000
08:18:57.0343 0576 Boot type: Normal boot
08:18:57.0343 0576 ============================================================
08:18:59.0890 0576 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:18:59.0906 0576 ============================================================
08:18:59.0906 0576 \Device\Harddisk0\DR0:
08:18:59.0906 0576 MBR partitions:
08:18:59.0906 0576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
08:18:59.0906 0576 ============================================================
08:19:00.0093 0576 C: <-> \Device\Harddisk0\DR0\Partition0
08:19:00.0093 0576 ============================================================
08:19:00.0093 0576 Initialize success
08:19:00.0093 0576 ============================================================
08:20:13.0703 1216 ============================================================
08:20:13.0703 1216 Scan started
08:20:13.0703 1216 Mode: Manual; TDLFS;
08:20:13.0703 1216 ============================================================
08:20:14.0250 1216 Abiosdsk - ok
08:20:14.0265 1216 abp480n5 - ok
08:20:14.0296 1216 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:20:14.0312 1216 ACPI - ok
08:20:14.0343 1216 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:20:14.0343 1216 ACPIEC - ok
08:20:14.0390 1216 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
08:20:14.0390 1216 adfs - ok
08:20:14.0468 1216 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
08:20:14.0468 1216 Adobe LM Service - ok
08:20:14.0484 1216 adpu160m - ok
08:20:14.0531 1216 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:20:14.0531 1216 aec - ok
08:20:14.0578 1216 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:20:14.0578 1216 AFD - ok
08:20:14.0625 1216 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
08:20:14.0625 1216 agp440 - ok
08:20:14.0640 1216 Aha154x - ok
08:20:14.0656 1216 aic78u2 - ok
08:20:14.0671 1216 aic78xx - ok
08:20:14.0703 1216 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:20:14.0703 1216 Alerter - ok
08:20:14.0734 1216 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:20:14.0734 1216 ALG - ok
08:20:14.0750 1216 AliIde - ok
08:20:14.0765 1216 amsint - ok
08:20:14.0796 1216 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
08:20:14.0796 1216 AN983 - ok
08:20:14.0843 1216 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:20:14.0843 1216 AppMgmt - ok
08:20:14.0859 1216 asc - ok
08:20:14.0875 1216 asc3350p - ok
08:20:14.0890 1216 asc3550 - ok
08:20:14.0968 1216 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:20:14.0968 1216 aspnet_state - ok
08:20:15.0031 1216 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:20:15.0031 1216 AsyncMac - ok
08:20:15.0062 1216 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:20:15.0062 1216 atapi - ok
08:20:15.0078 1216 Atdisk - ok
08:20:15.0156 1216 Ati HotKey Poller (a2eaeb497ca29ecaeaf0df66ad85c57d) C:\WINDOWS\system32\Ati2evxx.exe
08:20:15.0171 1216 Ati HotKey Poller - ok
08:20:15.0234 1216 ATI Smart (312a17dff710a0f4e6d4dd1d52ead1a8) C:\WINDOWS\system32\ati2sgag.exe
08:20:15.0250 1216 ATI Smart - ok
08:20:15.0437 1216 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:20:15.0453 1216 ati2mtag - ok
08:20:15.0578 1216 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:20:15.0578 1216 Atmarpc - ok
08:20:15.0609 1216 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:20:15.0625 1216 AudioSrv - ok
08:20:15.0656 1216 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:20:15.0656 1216 audstub - ok
08:20:15.0671 1216 aylrsqpo - ok
08:20:15.0718 1216 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:20:15.0718 1216 Beep - ok
08:20:15.0781 1216 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:20:15.0796 1216 BITS - ok
08:20:15.0875 1216 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
08:20:15.0875 1216 Bonjour Service - ok
08:20:15.0921 1216 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:20:15.0921 1216 Browser - ok
08:20:15.0953 1216 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:20:15.0953 1216 cbidf2k - ok
08:20:15.0968 1216 cd20xrnt - ok
08:20:16.0015 1216 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:20:16.0015 1216 Cdaudio - ok
08:20:16.0078 1216 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:20:16.0078 1216 Cdfs - ok
08:20:16.0109 1216 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:20:16.0109 1216 Cdrom - ok
08:20:16.0125 1216 Changer - ok
08:20:16.0156 1216 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:20:16.0156 1216 CiSvc - ok
08:20:16.0187 1216 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:20:16.0187 1216 ClipSrv - ok
08:20:16.0250 1216 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:20:16.0250 1216 clr_optimization_v2.0.50727_32 - ok
08:20:16.0265 1216 CmdIde - ok
08:20:16.0281 1216 COMSysApp - ok
08:20:16.0296 1216 Cpqarray - ok
08:20:16.0343 1216 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:20:16.0343 1216 CryptSvc - ok
08:20:16.0375 1216 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
08:20:16.0375 1216 ctljystk - ok
08:20:16.0421 1216 cvspydr2 (c6644d1a70c050fdd7ecbe8c3ac05313) C:\WINDOWS\system32\DRIVERS\cvspydr2.sys
08:20:16.0421 1216 cvspydr2 - ok
08:20:16.0437 1216 dac2w2k - ok
08:20:16.0437 1216 dac960nt - ok
08:20:16.0515 1216 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:20:16.0531 1216 DcomLaunch - ok
08:20:16.0562 1216 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:20:16.0562 1216 Dhcp - ok
08:20:16.0593 1216 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:20:16.0593 1216 Disk - ok
08:20:16.0640 1216 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
08:20:16.0640 1216 DM9102 - ok
08:20:16.0656 1216 dmadmin - ok
08:20:16.0750 1216 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:20:16.0765 1216 dmboot - ok
08:20:16.0796 1216 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:20:16.0796 1216 dmio - ok
08:20:16.0828 1216 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:20:16.0828 1216 dmload - ok
08:20:16.0859 1216 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:20:16.0859 1216 dmserver - ok
08:20:16.0906 1216 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:20:16.0906 1216 DMusic - ok
08:20:16.0953 1216 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:20:16.0953 1216 Dnscache - ok
08:20:17.0015 1216 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:20:17.0015 1216 Dot3svc - ok
08:20:17.0031 1216 dpti2o - ok
08:20:17.0062 1216 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:20:17.0062 1216 drmkaud - ok
08:20:17.0093 1216 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:20:17.0093 1216 EapHost - ok
08:20:17.0156 1216 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
08:20:17.0156 1216 emu10k - ok
08:20:17.0171 1216 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
08:20:17.0187 1216 emu10k1 - ok
08:20:17.0218 1216 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:20:17.0218 1216 ERSvc - ok
08:20:17.0250 1216 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:20:17.0265 1216 Eventlog - ok
08:20:17.0312 1216 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
08:20:17.0312 1216 EventSystem - ok
08:20:17.0375 1216 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:20:17.0375 1216 Fastfat - ok
08:20:17.0421 1216 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:20:17.0437 1216 FastUserSwitchingCompatibility - ok
08:20:17.0468 1216 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:20:17.0468 1216 Fdc - ok
08:20:17.0484 1216 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:20:17.0484 1216 Fips - ok
08:20:17.0609 1216 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:20:17.0625 1216 FLEXnet Licensing Service - ok
08:20:17.0640 1216 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:20:17.0656 1216 Flpydisk - ok
08:20:17.0703 1216 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:20:17.0703 1216 FltMgr - ok
08:20:17.0796 1216 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:20:17.0796 1216 FontCache3.0.0.0 - ok
08:20:17.0828 1216 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:20:17.0828 1216 Fs_Rec - ok
08:20:17.0843 1216 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:20:17.0859 1216 Ftdisk - ok
08:20:17.0890 1216 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
08:20:17.0890 1216 gameenum - ok
08:20:17.0906 1216 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:20:17.0906 1216 Gpc - ok
08:20:18.0031 1216 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
08:20:18.0046 1216 HCF_MSFT - ok
08:20:18.0109 1216 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:20:18.0109 1216 helpsvc - ok
08:20:18.0125 1216 HidServ - ok
08:20:18.0156 1216 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:20:18.0156 1216 HidUsb - ok
08:20:18.0203 1216 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:20:18.0203 1216 hkmsvc - ok
08:20:18.0218 1216 hpn - ok
08:20:18.0281 1216 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:20:18.0281 1216 HTTP - ok
08:20:18.0296 1216 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:20:18.0312 1216 HTTPFilter - ok
08:20:18.0328 1216 i2omgmt - ok
08:20:18.0328 1216 i2omp - ok
08:20:18.0359 1216 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:20:18.0359 1216 i8042prt - ok
08:20:18.0515 1216 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:20:18.0531 1216 idsvc - ok
08:20:18.0578 1216 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:20:18.0578 1216 Imapi - ok
08:20:18.0625 1216 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
08:20:18.0625 1216 ImapiService - ok
08:20:18.0640 1216 ini910u - ok
08:20:18.0671 1216 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:20:18.0671 1216 IntelIde - ok
08:20:18.0718 1216 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:20:18.0718 1216 ip6fw - ok
08:20:18.0750 1216 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:20:18.0750 1216 IpFilterDriver - ok
08:20:18.0765 1216 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:20:18.0765 1216 IpInIp - ok
08:20:18.0812 1216 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:20:18.0812 1216 IpNat - ok
08:20:18.0859 1216 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:20:18.0859 1216 IPSec - ok
08:20:18.0875 1216 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:20:18.0890 1216 IRENUM - ok
08:20:18.0921 1216 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:20:18.0921 1216 isapnp - ok
08:20:19.0046 1216 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe
08:20:19.0046 1216 JavaQuickStarterService - ok
08:20:19.0078 1216 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:20:19.0078 1216 Kbdclass - ok
08:20:19.0125 1216 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:20:19.0125 1216 kmixer - ok
08:20:19.0171 1216 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:20:19.0171 1216 KSecDD - ok
08:20:19.0218 1216 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:20:19.0234 1216 lanmanserver - ok
08:20:19.0281 1216 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:20:19.0281 1216 lanmanworkstation - ok
08:20:19.0296 1216 lbrtfdc - ok
08:20:19.0343 1216 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:20:19.0343 1216 LmHosts - ok
08:20:19.0359 1216 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:20:19.0375 1216 Messenger - ok
08:20:19.0484 1216 MFE_RR - ok
08:20:19.0531 1216 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:20:19.0531 1216 mnmdd - ok
08:20:19.0578 1216 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
08:20:19.0578 1216 mnmsrvc - ok
08:20:19.0609 1216 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:20:19.0609 1216 Modem - ok
08:20:19.0656 1216 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:20:19.0656 1216 Mouclass - ok
08:20:19.0671 1216 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:20:19.0687 1216 mouhid - ok
08:20:19.0703 1216 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:20:19.0703 1216 MountMgr - ok
08:20:19.0765 1216 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:20:19.0765 1216 MozillaMaintenance - ok
08:20:19.0812 1216 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:20:19.0812 1216 MpFilter - ok
08:20:19.0906 1216 MpKsl26acab8b (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DDC51632-1ECE-4467-95FA-A05FB98E749A}\MpKsl26acab8b.sys
08:20:19.0906 1216 MpKsl26acab8b - ok
08:20:19.0921 1216 mraid35x - ok
08:20:19.0953 1216 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:20:19.0968 1216 MRxDAV - ok
08:20:20.0046 1216 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:20:20.0062 1216 MRxSmb - ok
08:20:20.0093 1216 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
08:20:20.0093 1216 MSDTC - ok
08:20:20.0140 1216 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:20:20.0140 1216 Msfs - ok
08:20:20.0156 1216 MSIServer - ok
08:20:20.0187 1216 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:20:20.0187 1216 MSKSSRV - ok
08:20:20.0250 1216 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:20:20.0250 1216 MsMpSvc - ok
08:20:20.0281 1216 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:20:20.0281 1216 MSPCLOCK - ok
08:20:20.0296 1216 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:20:20.0296 1216 MSPQM - ok
08:20:20.0328 1216 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:20:20.0328 1216 mssmbios - ok
08:20:20.0375 1216 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:20:20.0375 1216 Mup - ok
08:20:20.0437 1216 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:20:20.0437 1216 napagent - ok
08:20:20.0484 1216 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:20:20.0484 1216 NDIS - ok
08:20:20.0515 1216 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:20:20.0515 1216 NdisTapi - ok
08:20:20.0562 1216 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:20:20.0562 1216 Ndisuio - ok
08:20:20.0578 1216 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:20:20.0578 1216 NdisWan - ok
08:20:20.0625 1216 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:20:20.0625 1216 NDProxy - ok
08:20:20.0671 1216 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:20:20.0671 1216 NetBIOS - ok
08:20:20.0687 1216 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:20:20.0703 1216 NetBT - ok
08:20:20.0734 1216 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:20:20.0750 1216 NetDDE - ok
08:20:20.0765 1216 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:20:20.0765 1216 NetDDEdsdm - ok
08:20:20.0781 1216 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
08:20:20.0781 1216 Netlogon - ok
08:20:20.0812 1216 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:20:20.0828 1216 Netman - ok
08:20:20.0921 1216 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:20:20.0921 1216 NetTcpPortSharing - ok
08:20:20.0984 1216 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:20:21.0000 1216 Nla - ok
08:20:21.0031 1216 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:20:21.0031 1216 Npfs - ok
08:20:21.0109 1216 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:20:21.0109 1216 Ntfs - ok
08:20:21.0125 1216 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
08:20:21.0125 1216 NtLmSsp - ok
08:20:21.0203 1216 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:20:21.0218 1216 NtmsSvc - ok
08:20:21.0250 1216 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:20:21.0250 1216 Null - ok
08:20:21.0468 1216 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:20:21.0500 1216 nv - ok
08:20:21.0593 1216 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:20:21.0593 1216 NwlnkFlt - ok
08:20:21.0609 1216 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:20:21.0609 1216 NwlnkFwd - ok
08:20:21.0812 1216 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:20:21.0812 1216 Parport - ok
08:20:21.0843 1216 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:20:21.0843 1216 PartMgr - ok
08:20:21.0921 1216 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:20:21.0937 1216 ParVdm - ok
08:20:21.0953 1216 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:20:21.0953 1216 PCI - ok
08:20:21.0968 1216 PCIDump - ok
08:20:21.0984 1216 PCIIde - ok
08:20:22.0031 1216 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:20:22.0031 1216 Pcmcia - ok
08:20:22.0046 1216 PDCOMP - ok
08:20:22.0062 1216 PDFRAME - ok
08:20:22.0062 1216 PDRELI - ok
08:20:22.0078 1216 PDRFRAME - ok
08:20:22.0093 1216 perc2 - ok
08:20:22.0109 1216 perc2hib - ok
08:20:22.0171 1216 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:20:22.0187 1216 PlugPlay - ok
08:20:22.0203 1216 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
08:20:22.0203 1216 PolicyAgent - ok
08:20:22.0234 1216 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:20:22.0250 1216 PptpMiniport - ok
08:20:22.0265 1216 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:20:22.0265 1216 Processor - ok
08:20:22.0281 1216 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:20:22.0281 1216 ProtectedStorage - ok
08:20:22.0296 1216 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:20:22.0296 1216 PSched - ok
08:20:22.0343 1216 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:20:22.0343 1216 Ptilink - ok
08:20:22.0390 1216 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:20:22.0390 1216 PxHelp20 - ok
08:20:22.0406 1216 ql1080 - ok
08:20:22.0406 1216 Ql10wnt - ok
08:20:22.0421 1216 ql12160 - ok
08:20:22.0437 1216 ql1240 - ok
08:20:22.0453 1216 ql1280 - ok
08:20:22.0484 1216 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:20:22.0484 1216 RasAcd - ok
08:20:22.0515 1216 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:20:22.0515 1216 RasAuto - ok
08:20:22.0546 1216 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:20:22.0562 1216 Rasl2tp - ok
08:20:22.0593 1216 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:20:22.0609 1216 RasMan - ok
08:20:22.0625 1216 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:20:22.0625 1216 RasPppoe - ok
08:20:22.0640 1216 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:20:22.0640 1216 Raspti - ok
08:20:22.0671 1216 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:20:22.0687 1216 Rdbss - ok
08:20:22.0703 1216 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:20:22.0703 1216 RDPCDD - ok
08:20:22.0750 1216 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:20:22.0750 1216 rdpdr - ok
08:20:22.0796 1216 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
08:20:22.0796 1216 RDPWD - ok
08:20:22.0843 1216 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:20:22.0843 1216 RDSessMgr - ok
08:20:22.0875 1216 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:20:22.0875 1216 redbook - ok
08:20:22.0906 1216 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:20:22.0906 1216 RemoteAccess - ok
08:20:22.0953 1216 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:20:22.0953 1216 RemoteRegistry - ok
08:20:23.0000 1216 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
08:20:23.0000 1216 RpcLocator - ok
08:20:23.0062 1216 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:20:23.0078 1216 RpcSs - ok
08:20:23.0109 1216 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
08:20:23.0125 1216 RSVP - ok
08:20:23.0156 1216 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:20:23.0156 1216 SamSs - ok
08:20:23.0203 1216 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:20:23.0218 1216 SCardSvr - ok
08:20:23.0265 1216 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:20:23.0265 1216 Schedule - ok
08:20:23.0296 1216 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:20:23.0296 1216 Secdrv - ok
08:20:23.0328 1216 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:20:23.0328 1216 seclogon - ok
08:20:23.0343 1216 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:20:23.0359 1216 SENS - ok
08:20:23.0375 1216 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:20:23.0375 1216 serenum - ok
08:20:23.0421 1216 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:20:23.0421 1216 Serial - ok
08:20:23.0468 1216 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:20:23.0468 1216 Sfloppy - ok
08:20:23.0500 1216 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
08:20:23.0500 1216 sfman - ok
08:20:23.0562 1216 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:20:23.0578 1216 SharedAccess - ok
08:20:23.0609 1216 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:20:23.0609 1216 ShellHWDetection - ok
08:20:23.0625 1216 Simbad - ok
08:20:23.0718 1216 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
08:20:23.0718 1216 SkypeUpdate - ok
08:20:23.0765 1216 SMR300 (964c7e906079a61320bad4f992e7d777) C:\WINDOWS\system32\drivers\SMR300.SYS
08:20:23.0765 1216 SMR300 - ok
08:20:23.0781 1216 Sparrow - ok
08:20:23.0812 1216 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:20:23.0812 1216 splitter - ok
08:20:23.0859 1216 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:20:23.0859 1216 Spooler - ok
08:20:23.0890 1216 Spyder2 (527bbe1a1e98e634b540325491927efe) C:\WINDOWS\system32\DRIVERS\Spyder2.sys
08:20:23.0890 1216 Spyder2 - ok
08:20:23.0921 1216 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:20:23.0937 1216 sr - ok
08:20:23.0984 1216 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
08:20:23.0984 1216 srservice - ok
08:20:24.0046 1216 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:20:24.0062 1216 Srv - ok
08:20:24.0093 1216 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:20:24.0093 1216 SSDPSRV - ok
08:20:24.0156 1216 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:20:24.0171 1216 stisvc - ok
08:20:24.0203 1216 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:20:24.0203 1216 swenum - ok
08:20:24.0234 1216 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:20:24.0234 1216 swmidi - ok
08:20:24.0250 1216 SwPrv - ok
08:20:24.0265 1216 symc810 - ok
08:20:24.0281 1216 symc8xx - ok
08:20:24.0296 1216 sym_hi - ok
08:20:24.0312 1216 sym_u3 - ok
08:20:24.0343 1216 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:20:24.0343 1216 sysaudio - ok
08:20:24.0390 1216 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:20:24.0390 1216 SysmonLog - ok
08:20:25.0031 1216 TabletServicePen (1ff41723b6cf6ef0d2456691b75131bb) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
08:20:25.0109 1216 TabletServicePen - ok
08:20:25.0250 1216 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:20:25.0250 1216 TapiSrv - ok
08:20:25.0343 1216 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:20:25.0343 1216 Tcpip - ok
08:20:25.0375 1216 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:20:25.0375 1216 TDPIPE - ok
08:20:25.0406 1216 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:20:25.0406 1216 TDTCP - ok
08:20:25.0437 1216 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:20:25.0437 1216 TermDD - ok
08:20:25.0500 1216 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:20:25.0515 1216 TermService - ok
08:20:25.0546 1216 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:20:25.0562 1216 Themes - ok
08:20:25.0593 1216 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
08:20:25.0593 1216 TlntSvr - ok
08:20:25.0609 1216 TosIde - ok
08:20:25.0750 1216 TouchServicePen (c17ea46c3326a951dc3b8e883d661e0c) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
08:20:25.0765 1216 TouchServicePen - ok
08:20:25.0796 1216 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:20:25.0812 1216 TrkWks - ok
08:20:25.0859 1216 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:20:25.0859 1216 Udfs - ok
08:20:25.0875 1216 ultra - ok
08:20:25.0937 1216 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:20:25.0937 1216 Update - ok
08:20:26.0000 1216 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:20:26.0015 1216 upnphost - ok
08:20:26.0031 1216 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:20:26.0046 1216 UPS - ok
08:20:26.0078 1216 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:20:26.0078 1216 usbccgp - ok
08:20:26.0109 1216 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:20:26.0109 1216 usbhub - ok
08:20:26.0171 1216 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:20:26.0171 1216 USBSTOR - ok
08:20:26.0203 1216 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:20:26.0203 1216 usbuhci - ok
08:20:26.0218 1216 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:20:26.0218 1216 VgaSave - ok
08:20:26.0234 1216 ViaIde - ok
08:20:26.0265 1216 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:20:26.0265 1216 VolSnap - ok
08:20:26.0328 1216 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:20:26.0328 1216 VSS - ok
08:20:26.0375 1216 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
08:20:26.0375 1216 W32Time - ok
08:20:26.0421 1216 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
08:20:26.0421 1216 wacommousefilter - ok
08:20:26.0453 1216 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
08:20:26.0453 1216 wacomvhid - ok
08:20:26.0500 1216 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:20:26.0500 1216 Wanarp - ok
08:20:26.0562 1216 Wdf01000 (060e8cb99cc0a6751db5810c042b0d45) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
08:20:26.0578 1216 Wdf01000 - ok
08:20:26.0593 1216 WDICA - ok
08:20:26.0625 1216 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:20:26.0625 1216 wdmaud - ok
08:20:26.0671 1216 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:20:26.0671 1216 WebClient - ok
08:20:26.0750 1216 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:20:26.0750 1216 winmgmt - ok
08:20:26.0828 1216 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
08:20:26.0828 1216 WmdmPmSN - ok
08:20:26.0921 1216 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:20:26.0937 1216 Wmi - ok
08:20:26.0984 1216 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
08:20:26.0984 1216 WmiApSrv - ok
08:20:27.0015 1216 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:20:27.0031 1216 wuauserv - ok
08:20:27.0109 1216 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:20:27.0125 1216 WZCSVC - ok
08:20:27.0156 1216 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:20:27.0156 1216 xmlprov - ok
08:20:27.0203 1216 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:20:27.0953 1216 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:20:27.0953 1216 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:20:28.0000 1216 Boot (0x1200) (498534aa03625679d2efab7201604bcf) \Device\Harddisk0\DR0\Partition0
08:20:28.0000 1216 \Device\Harddisk0\DR0\Partition0 - ok
08:20:28.0000 1216 ============================================================
08:20:28.0000 1216 Scan finished
08:20:28.0000 1216 ============================================================
08:20:28.0031 2288 Detected object count: 1
08:20:28.0031 2288 Actual detected object count: 1
08:21:16.0906 2288 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
08:21:16.0937 2288 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
08:21:17.0031 2288 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
08:21:17.0046 2288 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
08:21:17.0187 2288 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
08:21:17.0250 2288 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
08:21:17.0390 2288 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
08:21:20.0234 2288 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
08:21:20.0296 2288 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
08:21:20.0312 2288 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
08:21:20.0890 2288 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:21:21.0062 2288 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:21:21.0125 2288 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
08:21:21.0187 2288 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
08:21:21.0203 2288 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine

Edited by ladywallflower, 22 July 2012 - 06:54 PM.


#4 ladywallflower

ladywallflower
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 22 July 2012 - 07:46 AM

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 08:23:23
-----------------------------
08:23:23.281 OS Version: Windows 5.1.2600 Service Pack 3
08:23:23.281 Number of processors: 1 586 0xA
08:23:23.281
08:23:25.078 Initialize success
08:24:57.953 AVAST engine defs: 12072200
08:25:30.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
08:25:30.828 Disk 0 Vendor: ST380021A 3.10 Size: 76319MB BusType: 3
08:25:30.828 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
08:25:30.828 Disk 1 Vendor: IOMEGA_ZIP_250 41.S Size: 76319MB BusType: 2
08:25:30.843 Disk 0 MBR read successfully
08:25:30.843 Disk 0 MBR scan
08:25:30.984 Disk 0 Windows XP default MBR code
08:25:31.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
08:25:31.046 Disk 0 scanning sectors +156280320
08:25:31.156 Disk 0 scanning C:\WINDOWS\system32\drivers
08:26:01.421 Service scanning
08:26:20.671 Service MpKsl26acab8b c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DDC51632-1ECE-4467-95FA-A05FB98E749A}\MpKsl26acab8b.sys **LOCKED** 32
08:26:44.437 Modules scanning
08:26:59.875 Disk 0 trace - called modules:
08:26:59.906 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
08:26:59.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f87ab8]
08:26:59.906 3 CLASSPNP.SYS[f76affd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86fd8d98]
08:27:00.625 AVAST engine scan C:\WINDOWS
08:27:04.421 AVAST engine scan C:\WINDOWS\system32
08:33:31.593 AVAST engine scan C:\WINDOWS\system32\drivers
08:34:06.500 AVAST engine scan C:\Documents and Settings\me
08:42:00.156 AVAST engine scan C:\Documents and Settings\All Users
08:43:25.765 Scan finished successfully
08:44:35.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\me\Desktop\MBR.dat"
08:44:35.203 The log file has been saved successfully to "C:\Documents and Settings\me\Desktop\aswMBRlog.txt"

Edited by ladywallflower, 22 July 2012 - 06:53 PM.


#5 ladywallflower

ladywallflower
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 22 July 2012 - 10:04 AM

here is the eset log.... I finished all the scans you asked me to run.

C:\Documents and Settings\me\Local Settings\Application Data\{35F5EE27-D2C1-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.07.2012_00.03.40\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.07.2012_00.03.40\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.07.2012_00.03.40\mbr0000\tdlfs0000\tsk0004.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.07.2012_00.03.40\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.07.2012_00.03.40\mbr0000\tdlfs0000\tsk0007.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.07.2012_08.18.57\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.07.2012_08.18.57\tdlfs0000\tsk0003.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.07.2012_08.18.57\tdlfs0000\tsk0004.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.07.2012_08.18.57\tdlfs0000\tsk0005.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\22.07.2012_08.18.57\tdlfs0000\tsk0007.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:12 PM

Posted 22 July 2012 - 10:12 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Create a restore point before trying this

Download

adware cleaner

Launch it click on Delete

#7 ladywallflower

ladywallflower
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 22 July 2012 - 05:14 PM

minitoolbox log

MiniToolBox by Farbar Version: 22-07-2012

===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/21/2012 00:14:50 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (07/21/2012 00:11:58 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (07/21/2012 00:08:13 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (07/21/2012 00:03:30 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (07/20/2012 11:58:40 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (07/20/2012 11:58:20 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (07/20/2012 11:57:57 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070652, P2 mpupdateengine, P3 am fe, P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (07/20/2012 11:55:48 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (07/20/2012 11:42:03 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (07/20/2012 11:39:31 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL


System errors:
=============
Error: (07/22/2012 01:01:19 PM) (Source: PlugPlayManager) (User: )
Description: The device Root\LEGACY_WSOKW\0000 disappeared from the system without first being prepared for removal.

Error: (07/22/2012 01:00:49 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1


Microsoft Office Sessions:
=========================
Error: (07/21/2012 00:14:50 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (07/21/2012 00:11:58 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (07/21/2012 00:08:13 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (07/21/2012 00:03:30 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (07/20/2012 11:58:40 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (07/20/2012 11:58:20 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (07/20/2012 11:57:57 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070652mpupdateengineam fe11.1.3927.0mpsigstub.exe4.0.1526.0microsoft security essentialsNILNILNIL

Error: (07/20/2012 11:55:48 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset4.0.1526.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (07/20/2012 11:42:03 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (07/20/2012 11:39:31 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL


=========================== Installed Programs ============================

Adobe AIR (Version: 1.1.0.5790)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge CS4 (Version: 3)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Creative Suite 2
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Drive CS4 (Version: 1)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 11 Plugin (Version: 11.3.300.257)
Adobe Fonts All (Version: 2.0)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS4 (Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0)
Adobe InDesign CS4 Common Base Files (Version: 6.0)
Adobe InDesign CS4 Icon Handler (Version: 6.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe SGM CS4 (Version: 3.0)
Adobe SING CS4 (Version: 2.0)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS3 (Version: 1.0)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Catalyst Control Center (Version: 1.2.2314.20337)
ATI Display Driver (Version: 8.252-060503a-038185C-ATI)
Bamboo (Version: 5.2.5-5)
Bamboo Dock (Version: 4.0)
Bamboo Dock (Version: 4.0.0)
CCleaner (Version: 3.20)
Connect (Version: 1.0.0.1)
Defraggler (Version: 2.09)
DivX Setup (Version: 2.6.1.8)
ESET Online Scanner v3
Google Chrome (Version: 20.0.1132.57)
HiJackThis (Version: 1.0.0)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 33 (Version: 6.0.330)
kuler (Version: 2.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
PANTONE+ Digital Libraries 1.0 for Adobe® CS (Version: 1.0)
PDF Settings CS4 (Version: 9.0)
PhotoCAL
Photoshop Camera Raw (Version: 5.0)
QuickTime (Version: 7.71.80.42)
Revo Uninstaller 1.94 (Version: 1.94)
Skype™ 5.8 (Version: 5.8.158)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.6 (Version: 4.6.0)
Suite Shared Configuration CS4 (Version: 1.0)
Suite Specific (Version: 2.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WebFldrs XP (Version: 9.50.6513)
WebTablet FB Plugin (Version: 2.0.0.1)
WebTablet IE Plugin (Version: 1.1.0.12)
WebTablet Netscape Plugin (Version: 1.1.0.10)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.11 (32-bit) (Version: 4.11.0)

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 1023.01 MB
Available physical RAM: 496.57 MB
Total Pagefile: 2463.34 MB
Available Pagefile: 2087.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.55 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.52 GB) (Free:47.91 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator Guest HelpAssistant
me SUPPORT_388945a0


**** End of log ****

FSS log

Farbar Service Scanner Version: 19-07-2012
Ran by me (administrator) on 22-07-2012 at 18:04:12
Running from "C:\Documents and Settings\me\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Edited by ladywallflower, 22 July 2012 - 06:52 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:12 PM

Posted 22 July 2012 - 05:27 PM

MBAM and adwcleaner logs?

#9 ladywallflower

ladywallflower
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 22 July 2012 - 05:27 PM

adwcleaner log

# AdwCleaner v1.703 - Logfile created 07/22/2012 at 18:05:47
# Updated 20/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User :
# Running from : C:\Documents and Settings\me\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

-\\ Google Chrome v20.0.1132.57

*************************

AdwCleaner[S1].txt - [875 octets] - [22/07/2012 18:05:47]

########## EOF - C:\AdwCleaner[S1].txt - [1002 octets] ##########

Edited by ladywallflower, 22 July 2012 - 06:54 PM.


#10 ladywallflower

ladywallflower
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 22 July 2012 - 05:29 PM

mbam 1st log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.22.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702

7/22/2012 11:23:07 AM
mbam-log-2012-07-22 (11-23-07).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282918
Time elapsed: 1 hour(s), 34 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{797A4DED-39CA-423C-9779-811410B2AE0D}\RP183\A0025709.dll (Trojan.Agent) -> Quarantined and deleted successfully.

(end)



2nd log of after restart

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.22.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702


7/22/2012 3:14:41 PM
mbam-log-2012-07-22 (15-14-41).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282939
Time elapsed: 2 hour(s), 30 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by ladywallflower, 22 July 2012 - 06:55 PM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:12 PM

Posted 22 July 2012 - 05:30 PM

Uninstall firefox

Make sure to checkmark Remove my personal data option

Reinstall it

Let me know if you still have redirects

#12 ladywallflower

ladywallflower
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 22 July 2012 - 05:54 PM

okay i reinstalled firefox and it doesn't look like i have any redirects. computer seems fine.

Edited by ladywallflower, 22 July 2012 - 06:03 PM.


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:12 PM

Posted 22 July 2012 - 06:08 PM

Download

wscsvc

Launch it,click YES

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#14 ladywallflower

ladywallflower
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 22 July 2012 - 06:49 PM

okay, i did the last steps. Thanks for the help narenxp. :-)

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:12 PM

Posted 22 July 2012 - 07:01 PM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users