Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

another security shield virus


  • Please log in to reply
15 replies to this topic

#1 jerseydevil

jerseydevil

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 26 July 2012 - 06:05 PM

Hello again, Anyone have a bit of time to help me clean out a virus? Security shield has gotten into my machine, and I am tired of taking my pc to the help desk to have it wiped and reloaded. This malaware closes my security essentials and prevents me from reopening it. It creates false virus scan results and pop ups that direct me to a website that sells their antivirus program.
Idealy, I want to create a lean mean virus killing machine. I bought this pc used with AVD free antivirus preloaded. Its been a while, but I think I removed that and installed microsoft security essentials. I run XP pro on a pentium 4. Need more info? Let me know. Thanks!

Edited by jerseydevil, 26 July 2012 - 06:10 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:54 AM

Posted 26 July 2012 - 06:34 PM

Boot the PC into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 26 July 2012 - 08:26 PM

Thank you so much for your help.
20:28:51.0328 0640 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:28:51.0578 0640 ============================================================
20:28:51.0578 0640 Current date / time: 2012/07/26 20:28:51.0578
20:28:51.0578 0640 SystemInfo:
20:28:51.0578 0640
20:28:51.0578 0640 OS Version: 5.1.2600 ServicePack: 3.0
20:28:51.0578 0640 Product type: Workstation
20:28:51.0578 0640 ComputerName: HOME-B97915AB57
20:28:51.0578 0640 UserName: admin
20:28:51.0578 0640 Windows directory: C:\WINDOWS
20:28:51.0578 0640 System windows directory: C:\WINDOWS
20:28:51.0578 0640 Processor architecture: Intel x86
20:28:51.0578 0640 Number of processors: 2
20:28:51.0578 0640 Page size: 0x1000
20:28:51.0578 0640 Boot type: Safe boot with network
20:28:51.0578 0640 ============================================================
20:28:54.0781 0640 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:28:54.0781 0640 ============================================================
20:28:54.0781 0640 \Device\Harddisk0\DR0:
20:28:54.0781 0640 MBR partitions:
20:28:54.0781 0640 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
20:28:54.0781 0640 ============================================================
20:28:54.0843 0640 C: <-> \Device\Harddisk0\DR0\Partition0
20:28:54.0859 0640 ============================================================
20:28:54.0859 0640 Initialize success
20:28:54.0859 0640 ============================================================
20:29:09.0453 1516 ============================================================
20:29:09.0453 1516 Scan started
20:29:09.0453 1516 Mode: Manual; TDLFS;
20:29:09.0453 1516 ============================================================
20:29:10.0296 1516 Abiosdsk - ok
20:29:10.0328 1516 abp480n5 - ok
20:29:10.0390 1516 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:29:10.0390 1516 ACPI - ok
20:29:10.0421 1516 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:29:10.0421 1516 ACPIEC - ok
20:29:10.0437 1516 adpu160m - ok
20:29:10.0484 1516 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:29:10.0500 1516 aec - ok
20:29:10.0531 1516 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:29:10.0546 1516 AFD - ok
20:29:10.0562 1516 Aha154x - ok
20:29:10.0578 1516 aic78u2 - ok
20:29:10.0609 1516 aic78xx - ok
20:29:10.0656 1516 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:29:10.0656 1516 Alerter - ok
20:29:10.0687 1516 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:29:10.0687 1516 ALG - ok
20:29:10.0718 1516 AliIde - ok
20:29:10.0750 1516 amsint - ok
20:29:10.0890 1516 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:29:10.0890 1516 Apple Mobile Device - ok
20:29:10.0921 1516 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:29:10.0937 1516 AppMgmt - ok
20:29:10.0984 1516 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:29:10.0984 1516 Arp1394 - ok
20:29:11.0000 1516 asc - ok
20:29:11.0031 1516 asc3350p - ok
20:29:11.0046 1516 asc3550 - ok
20:29:11.0203 1516 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:29:11.0218 1516 aspnet_state - ok
20:29:11.0234 1516 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:29:11.0234 1516 AsyncMac - ok
20:29:11.0281 1516 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:29:11.0281 1516 atapi - ok
20:29:11.0296 1516 Atdisk - ok
20:29:11.0328 1516 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:29:11.0343 1516 Atmarpc - ok
20:29:11.0375 1516 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:29:11.0375 1516 AudioSrv - ok
20:29:11.0406 1516 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:29:11.0406 1516 audstub - ok
20:29:11.0453 1516 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:29:11.0468 1516 b57w2k - ok
20:29:11.0515 1516 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:29:11.0515 1516 Beep - ok
20:29:11.0578 1516 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:29:11.0593 1516 Bonjour Service - ok
20:29:11.0640 1516 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:29:11.0640 1516 Browser - ok
20:29:11.0656 1516 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:29:11.0671 1516 cbidf2k - ok
20:29:11.0687 1516 cd20xrnt - ok
20:29:11.0718 1516 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:29:11.0718 1516 Cdaudio - ok
20:29:11.0734 1516 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:29:11.0750 1516 Cdfs - ok
20:29:11.0781 1516 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:29:11.0796 1516 Cdrom - ok
20:29:11.0812 1516 Changer - ok
20:29:11.0859 1516 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:29:11.0859 1516 CiSvc - ok
20:29:11.0890 1516 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:29:11.0890 1516 ClipSrv - ok
20:29:11.0968 1516 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:29:11.0984 1516 clr_optimization_v2.0.50727_32 - ok
20:29:12.0000 1516 CmdIde - ok
20:29:12.0015 1516 COMSysApp - ok
20:29:12.0078 1516 Cpqarray - ok
20:29:12.0125 1516 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:29:12.0125 1516 CryptSvc - ok
20:29:12.0140 1516 dac2w2k - ok
20:29:12.0171 1516 dac960nt - ok
20:29:12.0218 1516 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:29:12.0296 1516 DcomLaunch - ok
20:29:12.0343 1516 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:29:12.0343 1516 Dhcp - ok
20:29:12.0375 1516 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:29:12.0375 1516 Disk - ok
20:29:12.0390 1516 dmadmin - ok
20:29:12.0468 1516 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:29:12.0484 1516 dmboot - ok
20:29:12.0531 1516 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:29:12.0546 1516 dmio - ok
20:29:12.0562 1516 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:29:12.0562 1516 dmload - ok
20:29:12.0609 1516 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:29:12.0609 1516 dmserver - ok
20:29:12.0656 1516 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:29:12.0656 1516 DMusic - ok
20:29:12.0687 1516 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:29:12.0703 1516 Dnscache - ok
20:29:12.0750 1516 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:29:12.0765 1516 Dot3svc - ok
20:29:12.0765 1516 dpti2o - ok
20:29:12.0812 1516 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:29:12.0828 1516 drmkaud - ok
20:29:12.0859 1516 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:29:12.0859 1516 EapHost - ok
20:29:12.0921 1516 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:29:12.0921 1516 ERSvc - ok
20:29:12.0968 1516 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:29:13.0015 1516 Eventlog - ok
20:29:13.0062 1516 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:29:13.0078 1516 EventSystem - ok
20:29:13.0109 1516 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:29:13.0125 1516 Fastfat - ok
20:29:13.0171 1516 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:29:13.0187 1516 FastUserSwitchingCompatibility - ok
20:29:13.0218 1516 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:29:13.0218 1516 Fdc - ok
20:29:13.0250 1516 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:29:13.0250 1516 Fips - ok
20:29:13.0265 1516 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:29:13.0265 1516 Flpydisk - ok
20:29:13.0328 1516 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:29:13.0343 1516 FltMgr - ok
20:29:13.0437 1516 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:29:13.0453 1516 FontCache3.0.0.0 - ok
20:29:13.0484 1516 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:29:13.0484 1516 Fs_Rec - ok
20:29:13.0515 1516 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:29:13.0531 1516 Ftdisk - ok
20:29:13.0578 1516 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:29:13.0578 1516 GEARAspiWDM - ok
20:29:13.0609 1516 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:29:13.0609 1516 Gpc - ok
20:29:13.0718 1516 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:29:13.0734 1516 gupdate - ok
20:29:13.0750 1516 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:29:13.0750 1516 gupdatem - ok
20:29:13.0812 1516 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:29:13.0812 1516 HDAudBus - ok
20:29:13.0875 1516 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:29:13.0875 1516 helpsvc - ok
20:29:13.0921 1516 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:29:13.0921 1516 HidServ - ok
20:29:13.0968 1516 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:29:13.0968 1516 hidusb - ok
20:29:14.0015 1516 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:29:14.0015 1516 hkmsvc - ok
20:29:14.0031 1516 hpn - ok
20:29:14.0093 1516 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:29:14.0093 1516 HTTP - ok
20:29:14.0140 1516 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:29:14.0140 1516 HTTPFilter - ok
20:29:14.0156 1516 i2omgmt - ok
20:29:14.0187 1516 i2omp - ok
20:29:14.0218 1516 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:29:14.0218 1516 i8042prt - ok
20:29:14.0312 1516 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:29:14.0328 1516 idsvc - ok
20:29:14.0375 1516 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:29:14.0375 1516 Imapi - ok
20:29:14.0406 1516 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:29:14.0468 1516 ImapiService - ok
20:29:14.0484 1516 ini910u - ok
20:29:14.0531 1516 IntelIde - ok
20:29:14.0578 1516 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:29:14.0578 1516 intelppm - ok
20:29:14.0609 1516 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:29:14.0609 1516 Ip6Fw - ok
20:29:14.0640 1516 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:29:14.0640 1516 IpFilterDriver - ok
20:29:14.0671 1516 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:29:14.0671 1516 IpInIp - ok
20:29:14.0718 1516 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:29:14.0718 1516 IpNat - ok
20:29:14.0828 1516 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
20:29:14.0859 1516 iPod Service - ok
20:29:14.0906 1516 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:29:14.0906 1516 IPSec - ok
20:29:14.0937 1516 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:29:14.0937 1516 IRENUM - ok
20:29:15.0000 1516 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:29:15.0000 1516 isapnp - ok
20:29:15.0109 1516 JavaQuickStarterService (09417134f248dfceea15c72bcc87f592) C:\Program Files\Java\jre6\bin\jqs.exe
20:29:15.0125 1516 JavaQuickStarterService - ok
20:29:15.0156 1516 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:29:15.0156 1516 Kbdclass - ok
20:29:15.0171 1516 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:29:15.0187 1516 kbdhid - ok
20:29:15.0234 1516 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:29:15.0281 1516 kmixer - ok
20:29:15.0328 1516 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:29:15.0328 1516 KSecDD - ok
20:29:15.0375 1516 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:29:15.0375 1516 lanmanserver - ok
20:29:15.0421 1516 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:29:15.0437 1516 lanmanworkstation - ok
20:29:15.0453 1516 lbrtfdc - ok
20:29:15.0531 1516 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:29:15.0531 1516 LmHosts - ok
20:29:15.0609 1516 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
20:29:15.0625 1516 MatSvc - ok
20:29:15.0656 1516 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:29:15.0656 1516 Messenger - ok
20:29:15.0687 1516 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:29:15.0703 1516 mnmdd - ok
20:29:15.0734 1516 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:29:15.0734 1516 mnmsrvc - ok
20:29:15.0765 1516 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:29:15.0765 1516 Modem - ok
20:29:15.0796 1516 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:29:15.0796 1516 Mouclass - ok
20:29:15.0843 1516 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:29:15.0843 1516 mouhid - ok
20:29:15.0875 1516 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:29:15.0875 1516 MountMgr - ok
20:29:15.0937 1516 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:29:15.0953 1516 MozillaMaintenance - ok
20:29:16.0000 1516 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:29:16.0000 1516 MpFilter - ok
20:29:16.0015 1516 mraid35x - ok
20:29:16.0062 1516 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:29:16.0062 1516 MRxDAV - ok
20:29:16.0125 1516 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:29:16.0140 1516 MRxSmb - ok
20:29:16.0187 1516 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:29:16.0187 1516 MSDTC - ok
20:29:16.0234 1516 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:29:16.0234 1516 Msfs - ok
20:29:16.0250 1516 MSIServer - ok
20:29:16.0312 1516 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:29:16.0312 1516 MSPCLOCK - ok
20:29:16.0343 1516 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:29:16.0343 1516 mssmbios - ok
20:29:16.0375 1516 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:29:16.0375 1516 Mup - ok
20:29:16.0421 1516 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:29:16.0437 1516 napagent - ok
20:29:16.0484 1516 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:29:16.0484 1516 NDIS - ok
20:29:16.0500 1516 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:29:16.0500 1516 NdisTapi - ok
20:29:16.0546 1516 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:29:16.0546 1516 Ndisuio - ok
20:29:16.0562 1516 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:29:16.0578 1516 NdisWan - ok
20:29:16.0609 1516 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:29:16.0625 1516 NDProxy - ok
20:29:16.0656 1516 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:29:16.0656 1516 NetBIOS - ok
20:29:16.0687 1516 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:29:16.0703 1516 NetBT - ok
20:29:16.0750 1516 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:29:16.0765 1516 NetDDE - ok
20:29:16.0765 1516 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:29:16.0781 1516 NetDDEdsdm - ok
20:29:16.0828 1516 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:16.0828 1516 Netlogon - ok
20:29:16.0875 1516 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:29:16.0906 1516 Netman - ok
20:29:16.0984 1516 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:29:17.0000 1516 NetTcpPortSharing - ok
20:29:17.0046 1516 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:29:17.0046 1516 NIC1394 - ok
20:29:17.0078 1516 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:29:17.0093 1516 Nla - ok
20:29:17.0140 1516 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:29:17.0140 1516 Npfs - ok
20:29:17.0203 1516 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:29:17.0250 1516 Ntfs - ok
20:29:17.0265 1516 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:17.0265 1516 NtLmSsp - ok
20:29:17.0312 1516 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:29:17.0328 1516 NtmsSvc - ok
20:29:17.0359 1516 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:29:17.0359 1516 Null - ok
20:29:17.0546 1516 nv (c7993894984c271e49381cc649cdf8bd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:29:17.0640 1516 nv - ok
20:29:17.0765 1516 NVSvc (e4276284b9c54c4ece7e4e2b810a9dee) C:\WINDOWS\system32\nvsvc32.exe
20:29:17.0781 1516 NVSvc - ok
20:29:17.0812 1516 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:29:17.0828 1516 NwlnkFlt - ok
20:29:17.0843 1516 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:29:17.0843 1516 NwlnkFwd - ok
20:29:17.0890 1516 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:29:17.0890 1516 ohci1394 - ok
20:29:17.0937 1516 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:29:17.0953 1516 Parport - ok
20:29:17.0968 1516 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:29:17.0968 1516 PartMgr - ok
20:29:18.0015 1516 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:29:18.0015 1516 ParVdm - ok
20:29:18.0031 1516 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:29:18.0046 1516 PCI - ok
20:29:18.0062 1516 PCIDump - ok
20:29:18.0093 1516 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:29:18.0093 1516 PCIIde - ok
20:29:18.0125 1516 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:29:18.0140 1516 Pcmcia - ok
20:29:18.0156 1516 PDCOMP - ok
20:29:18.0171 1516 PDFRAME - ok
20:29:18.0203 1516 PDRELI - ok
20:29:18.0234 1516 PDRFRAME - ok
20:29:18.0265 1516 perc2 - ok
20:29:18.0281 1516 perc2hib - ok
20:29:18.0390 1516 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:29:18.0390 1516 PlugPlay - ok
20:29:18.0406 1516 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:18.0406 1516 PolicyAgent - ok
20:29:18.0453 1516 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:29:18.0453 1516 PptpMiniport - ok
20:29:18.0468 1516 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:18.0468 1516 ProtectedStorage - ok
20:29:18.0484 1516 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:29:18.0500 1516 PSched - ok
20:29:18.0531 1516 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:29:18.0531 1516 Ptilink - ok
20:29:18.0546 1516 ql1080 - ok
20:29:18.0578 1516 Ql10wnt - ok
20:29:18.0609 1516 ql12160 - ok
20:29:18.0625 1516 ql1240 - ok
20:29:18.0656 1516 ql1280 - ok
20:29:18.0703 1516 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:29:18.0703 1516 RasAcd - ok
20:29:18.0734 1516 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:29:18.0734 1516 RasAuto - ok
20:29:18.0765 1516 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:29:18.0765 1516 Rasl2tp - ok
20:29:18.0812 1516 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:29:18.0843 1516 RasMan - ok
20:29:18.0875 1516 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:29:18.0890 1516 RasPppoe - ok
20:29:18.0906 1516 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:29:18.0906 1516 Raspti - ok
20:29:18.0937 1516 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:29:18.0953 1516 Rdbss - ok
20:29:18.0968 1516 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:29:18.0968 1516 RDPCDD - ok
20:29:19.0031 1516 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:29:19.0046 1516 rdpdr - ok
20:29:19.0093 1516 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
20:29:19.0109 1516 RDPWD - ok
20:29:19.0156 1516 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:29:19.0156 1516 RDSessMgr - ok
20:29:19.0187 1516 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:29:19.0187 1516 redbook - ok
20:29:19.0234 1516 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:29:19.0234 1516 RemoteAccess - ok
20:29:19.0265 1516 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:29:19.0281 1516 RemoteRegistry - ok
20:29:19.0312 1516 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:29:19.0312 1516 RpcLocator - ok
20:29:19.0359 1516 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:29:19.0375 1516 RpcSs - ok
20:29:19.0406 1516 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:29:19.0421 1516 RSVP - ok
20:29:19.0468 1516 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:19.0468 1516 SamSs - ok
20:29:19.0500 1516 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:29:19.0546 1516 SCardSvr - ok
20:29:19.0593 1516 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:29:19.0640 1516 Schedule - ok
20:29:19.0687 1516 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:29:19.0687 1516 Secdrv - ok
20:29:19.0718 1516 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:29:19.0718 1516 seclogon - ok
20:29:19.0734 1516 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:29:19.0750 1516 SENS - ok
20:29:19.0796 1516 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:29:19.0796 1516 serenum - ok
20:29:19.0828 1516 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:29:19.0828 1516 Serial - ok
20:29:19.0921 1516 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:29:19.0921 1516 Sfloppy - ok
20:29:19.0968 1516 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:29:19.0984 1516 ShellHWDetection - ok
20:29:20.0000 1516 Simbad - ok
20:29:20.0031 1516 Sparrow - ok
20:29:20.0078 1516 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:29:20.0078 1516 splitter - ok
20:29:20.0125 1516 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:29:20.0125 1516 Spooler - ok
20:29:20.0171 1516 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:29:20.0171 1516 sr - ok
20:29:20.0234 1516 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:29:20.0250 1516 srservice - ok
20:29:20.0296 1516 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:29:20.0312 1516 Srv - ok
20:29:20.0359 1516 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:29:20.0359 1516 SSDPSRV - ok
20:29:20.0515 1516 STacSV (b8ce501a576695746cdd344d9e866c37) c:\docume~1\admin\locals~1\temp\cdm\{ea54fa99-cfcb-455f-bd8c-19570a9b1ba2}\STacSV.exe
20:29:20.0515 1516 STacSV - ok
20:29:20.0609 1516 STHDA (6ad7569cc5e40b94932ec56097c5dccd) C:\WINDOWS\system32\drivers\sthda.sys
20:29:20.0656 1516 STHDA - ok
20:29:20.0703 1516 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:29:20.0718 1516 stisvc - ok
20:29:20.0781 1516 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:29:20.0781 1516 swenum - ok
20:29:20.0812 1516 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:29:20.0812 1516 swmidi - ok
20:29:20.0828 1516 SwPrv - ok
20:29:20.0875 1516 symc810 - ok
20:29:20.0890 1516 symc8xx - ok
20:29:20.0921 1516 sym_hi - ok
20:29:20.0953 1516 sym_u3 - ok
20:29:21.0000 1516 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:29:21.0000 1516 sysaudio - ok
20:29:21.0046 1516 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:29:21.0046 1516 SysmonLog - ok
20:29:21.0093 1516 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:29:21.0109 1516 TapiSrv - ok
20:29:21.0156 1516 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:29:21.0171 1516 Tcpip - ok
20:29:21.0203 1516 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:29:21.0218 1516 TDPIPE - ok
20:29:21.0234 1516 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:29:21.0234 1516 TDTCP - ok
20:29:21.0281 1516 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:29:21.0281 1516 TermDD - ok
20:29:21.0328 1516 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:29:21.0343 1516 TermService - ok
20:29:21.0390 1516 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:29:21.0390 1516 Themes - ok
20:29:21.0421 1516 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:29:21.0437 1516 TlntSvr - ok
20:29:21.0453 1516 TosIde - ok
20:29:21.0500 1516 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:29:21.0515 1516 TrkWks - ok
20:29:21.0546 1516 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:29:21.0562 1516 Udfs - ok
20:29:21.0578 1516 ultra - ok
20:29:21.0640 1516 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:29:21.0656 1516 Update - ok
20:29:21.0703 1516 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:29:21.0703 1516 upnphost - ok
20:29:21.0734 1516 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:29:21.0734 1516 UPS - ok
20:29:21.0781 1516 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:29:21.0781 1516 USBAAPL - ok
20:29:21.0812 1516 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:29:21.0812 1516 usbccgp - ok
20:29:21.0859 1516 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:29:21.0859 1516 usbehci - ok
20:29:21.0890 1516 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:29:21.0906 1516 usbhub - ok
20:29:21.0921 1516 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:29:21.0921 1516 usbprint - ok
20:29:21.0968 1516 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:29:21.0968 1516 usbscan - ok
20:29:22.0000 1516 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:29:22.0000 1516 USBSTOR - ok
20:29:22.0015 1516 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:29:22.0031 1516 usbuhci - ok
20:29:22.0046 1516 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:29:22.0046 1516 VgaSave - ok
20:29:22.0062 1516 ViaIde - ok
20:29:22.0125 1516 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:29:22.0125 1516 VolSnap - ok
20:29:22.0171 1516 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:29:22.0187 1516 VSS - ok
20:29:22.0250 1516 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:29:22.0265 1516 W32Time - ok
20:29:22.0312 1516 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:29:22.0312 1516 Wanarp - ok
20:29:22.0328 1516 WDICA - ok
20:29:22.0390 1516 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:29:22.0390 1516 wdmaud - ok
20:29:22.0421 1516 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:29:22.0421 1516 WebClient - ok
20:29:22.0515 1516 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:29:22.0515 1516 winmgmt - ok
20:29:22.0609 1516 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:29:22.0609 1516 WmdmPmSN - ok
20:29:22.0671 1516 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:29:22.0703 1516 Wmi - ok
20:29:22.0750 1516 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:29:22.0765 1516 WmiApSrv - ok
20:29:22.0937 1516 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:29:22.0953 1516 WMPNetworkSvc - ok
20:29:23.0046 1516 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:29:23.0046 1516 WudfPf - ok
20:29:23.0062 1516 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:29:23.0078 1516 WudfRd - ok
20:29:23.0109 1516 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:29:23.0125 1516 WudfSvc - ok
20:29:23.0218 1516 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:29:23.0234 1516 WZCSVC - ok
20:29:23.0265 1516 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:29:23.0281 1516 xmlprov - ok
20:29:23.0406 1516 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:29:23.0421 1516 YahooAUService - ok
20:29:23.0500 1516 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:29:24.0187 1516 \Device\Harddisk0\DR0 - ok
20:29:24.0234 1516 Boot (0x1200) (fdce04eec5dd7a2e09626cecce7f9d5c) \Device\Harddisk0\DR0\Partition0
20:29:24.0234 1516 \Device\Harddisk0\DR0\Partition0 - ok
20:29:24.0234 1516 ============================================================
20:29:24.0234 1516 Scan finished
20:29:24.0234 1516 ============================================================
20:29:24.0281 1520 Detected object count: 0
20:29:24.0281 1520 Actual detected object count: 0





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-26 20:34:29
-----------------------------
20:34:29.703 OS Version: Windows 5.1.2600 Service Pack 3
20:34:29.703 Number of processors: 2 586 0x403
20:34:29.703 ComputerName: HOME-B97915AB57 UserName: admin
20:34:29.984 Initialize success
20:35:54.671 AVAST engine defs: 12072602
20:36:16.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
20:36:16.625 Disk 0 Vendor: WDC_WD800BD-22LRA0 06.01D06 Size: 76319MB BusType: 3
20:36:16.656 Disk 0 MBR read successfully
20:36:16.671 Disk 0 MBR scan
20:36:16.750 Disk 0 Windows XP default MBR code
20:36:16.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
20:36:16.781 Disk 0 scanning sectors +156296385
20:36:16.906 Disk 0 scanning C:\WINDOWS\system32\drivers
20:36:31.093 Service scanning
20:36:51.421 Modules scanning
20:36:57.781 Disk 0 trace - called modules:
20:36:57.796 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:36:57.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82387ab8]
20:36:57.812 3 CLASSPNP.SYS[f8597fd7] -> nt!IofCallDriver -> \Device\0000005b[0x8238d170]
20:36:57.812 5 ACPI.sys[f84ee620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x82369d98]
20:36:58.734 AVAST engine scan C:\WINDOWS
20:37:12.000 AVAST engine scan C:\WINDOWS\system32
20:39:42.843 AVAST engine scan C:\WINDOWS\system32\drivers
20:39:56.562 AVAST engine scan C:\Documents and Settings\admin
20:40:53.109 File: C:\Documents and Settings\admin\Local Settings\Application Data\rqwtm.exe **INFECTED** Win32:MalOb-GV [Cryp]
20:40:53.281 File: C:\Documents and Settings\admin\Local Settings\Application Data\{7c77b735-d9c2-df59-4082-e23a66489624}\n **INFECTED** Win32:Rootkit-gen [Rtk]
20:44:01.171 File: C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\CFU5DA5C\soft3[1].exe **INFECTED** Win32:Sirefef-ADO [Trj]
20:47:31.671 File: C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\Y4GGP712\soft4[1].exe **INFECTED** Win32:MalOb-GV [Cryp]
20:48:55.515 AVAST engine scan C:\Documents and Settings\All Users
20:49:12.796 Scan finished successfully
21:05:01.984 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
21:05:02.031 The log file has been saved successfully to "C:\aswMBR.txt"


C:\Documents and Settings\admin\Local Settings\Application Data\rqwtm.exe a variant of Win32/Kryptik.AIVD trojan cleaned by deleting - quarantined
C:\Documents and Settings\admin\Local Settings\Application Data\{7c77b735-d9c2-df59-4082-e23a66489624}\n Win32/Sirefef.EV trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\admin\Local Settings\Temp\NOD3A.tmp Win32/Sirefef.EV trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\CFU5DA5C\soft3[1].exe Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\Y4GGP712\soft4[1].exe a variant of Win32/Kryptik.AIVD trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AIRS57A7\mx_nan_a[1].txt HTML/Iframe.B.Gen virus deleted - quarantined
C:\WINDOWS\Installer\{7c77b735-d9c2-df59-4082-e23a66489624}\n Win32/Sirefef.EV trojan cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\Installer\{7c77b735-d9c2-df59-4082-e23a66489624}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{7c77b735-d9c2-df59-4082-e23a66489624}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan cleaned by deleting - quarantined
Operating memory multiple threats


Thanks again!

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:54 AM

Posted 26 July 2012 - 08:52 PM

Reboot to normal mode

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 27 July 2012 - 12:24 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by admin (administrator) on 27-07-2012 at 13:14:39
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : home-b97915ab57

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-13-20-71-BC-9D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

71.242.0.12

Lease Obtained. . . . . . . . . . : Friday, July 27, 2012 6:50:21 AM

Lease Expires . . . . . . . . . . : Saturday, July 28, 2012 6:50:21 AM

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.228.73, 74.125.228.68, 74.125.228.65, 74.125.228.78
74.125.228.71, 74.125.228.66, 74.125.228.64, 74.125.228.67, 74.125.228.72
74.125.228.69, 74.125.228.70



Pinging google.com [74.125.228.105] with 32 bytes of data:



Reply from 74.125.228.105: bytes=32 time=19ms TTL=252

Reply from 74.125.228.105: bytes=32 time=15ms TTL=252



Ping statistics for 74.125.228.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 15ms, Maximum = 19ms, Average = 17ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=70ms TTL=250

Reply from 209.191.122.70: bytes=32 time=70ms TTL=250



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 70ms, Maximum = 70ms, Average = 70ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 71 bc 9d ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.5 192.168.1.5 20
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 20
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 20
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 20
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/26/2012 11:13:01 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (07/26/2012 06:59:35 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/22/2012 10:06:46 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/22/2012 10:02:32 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/22/2012 09:57:00 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/22/2012 09:56:44 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/22/2012 09:56:32 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/22/2012 09:56:23 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/09/2012 07:20:45 AM) (Source: Application Hang) (User: )
Description: Hanging application soffice.bin, version 2.3.9307.500, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/09/2012 07:20:45 AM) (Source: Application Hang) (User: )
Description: Hanging application soffice.bin, version 2.3.9307.500, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (07/27/2012 06:52:04 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/27/2012 06:50:37 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (07/26/2012 11:11:41 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/26/2012 09:30:04 PM) (Source: DCOM) (User: HOME-B97915AB57)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/26/2012 09:22:51 PM) (Source: DCOM) (User: HOME-B97915AB57)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/26/2012 09:22:44 PM) (Source: DCOM) (User: HOME-B97915AB57)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/26/2012 09:20:34 PM) (Source: DCOM) (User: HOME-B97915AB57)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/26/2012 09:04:54 PM) (Source: DCOM) (User: HOME-B97915AB57)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/26/2012 08:58:49 PM) (Source: DCOM) (User: HOME-B97915AB57)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/26/2012 08:26:08 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (07/26/2012 11:13:01 PM) (Source: WinMgmt)(User: )
Description:

Error: (07/26/2012 06:59:35 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/22/2012 10:06:46 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/22/2012 10:02:32 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/22/2012 09:57:00 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/22/2012 09:56:44 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/22/2012 09:56:32 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/22/2012 09:56:23 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/09/2012 07:20:45 AM) (Source: Application Hang)(User: )
Description: soffice.bin2.3.9307.500hungapp0.0.0.000000000

Error: (07/09/2012 07:20:45 AM) (Source: Application Hang)(User: )
Description: soffice.bin2.3.9307.500hungapp0.0.0.000000000


=========================== Installed Programs ============================

Acrobat.com (Version: 1.7.186)
Adobe AIR (Version: 1.5.2.8870)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.63)
Adobe Flash Player 11 Plugin (Version: 11.1.102.63)
Adobe Reader 9.1 (Version: 9.1.0)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Canon iP1600
Canon Utilities Easy-PhotoPrint
ESET Online Scanner v3
Google Chrome (Version: 20.0.1132.57)
Google Update Helper (Version: 1.3.21.115)
Internet Explorer (Enable DEP)
iTunes (Version: 10.6.3.25)
Java™ 6 Update 16 (Version: 6.0.160)
Java™ 6 Update 4 (Version: 1.6.0.40)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
NVIDIA Drivers
OpenOffice.org 2.4 (Version: 2.4.9310)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 509.53 MB
Available physical RAM: 332.75 MB
Total Pagefile: 1244.55 MB
Available Pagefile: 950.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:48.31 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-B97915AB57

admin Administrator ASPNET
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****





Farbar Service Scanner Version: 26-07-2012
Ran by admin (administrator) on 27-07-2012 at 13:17:18
Running from "C:\Documents and Settings\admin\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000560000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Thanks!

#6 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 27 July 2012 - 12:25 PM

# AdwCleaner v1.703 - Logfile created 07/27/2012 at 13:19:15
# Updated 20/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : admin - HOME-B97915AB57
# Running from : C:\Documents and Settings\admin\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\6s5slpya.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1346 octets] - [27/07/2012 13:18:49]
AdwCleaner[S1].txt - [1283 octets] - [27/07/2012 13:19:15]

########## EOF - C:\AdwCleaner[S1].txt - [1411 octets] ##########

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:54 AM

Posted 27 July 2012 - 12:31 PM

Malwarebytes log?

Open your C drive

On top,click on Tools-folder options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Documents and Settings\admin\Local Settings\Application Data\{7c77b735-d9c2-df59-4082-e23a66489624}
C:\Windows\Installer\{7c77b735-d9c2-df59-4082-e23a66489624}

delete the folders

Download

Sharedaccess
wscsvc
BITS
wuauserv

Launch them,click YES,restart the PC,post the new FSS log

#8 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 27 July 2012 - 06:49 PM

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.27.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
admin :: HOME-B97915AB57 [administrator]

Protection: Enabled

7/27/2012 7:02:22 AM
mbam-log-2012-07-27 (07-02-22).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241875
Time elapsed: 56 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 27 July 2012 - 08:32 PM

Farbar Service Scanner Version: 26-07-2012
Ran by admin (administrator) on 27-07-2012 at 21:32:04
Running from "C:\Documents and Settings\admin\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000560000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:54 AM

Posted 28 July 2012 - 12:08 AM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#11 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 28 July 2012 - 07:41 AM

Thank you very much! Should Ikeep all of the programs I downloaded, in case something like this happens again? Do you reccomend relying on Microsoft's security essentials as my AV? It didnt seem to help with the security shield virus...

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:54 AM

Posted 28 July 2012 - 07:45 AM

Thank you very much! Should Ikeep all of the programs I downloaded, in case something like this happens again?


Remove all the tools we used except for malwarebytes

Do you reccomend relying on Microsoft's security essentials as my AV? It didnt seem to help with the security shield virus...


No AV is 100% foolproof and can prevent, detect and remove all threats at any given time

Read this guide

http://www.bleepingcomputer.com/forums/topic407147.html

good luck

Edited by narenxp, 28 July 2012 - 07:46 AM.


#13 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 28 July 2012 - 09:21 PM

TFC is not working. It opens, says its going to stop processes or something to that effect, then freezes. Other than that, everything seems to be fine at this point. I ran cleanmgr, will that suffice? Please advise.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:54 AM

Posted 28 July 2012 - 09:27 PM

Run TFC in safemode :thumbup2:

#15 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 03 August 2012 - 01:14 PM

Thanks! My pc is worth using again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users