Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus or something else?


  • Please log in to reply
22 replies to this topic

#1 tide_belle

tide_belle

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:09:03 AM

Posted 05 August 2012 - 10:06 AM

I am running Windows XP 2003 SP3
Browser Firefox 14

I was searching this morning using WOT and was clicking on a Books A Million link and was then redirected to another site, which warned me that this site was unsafe. Please help.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:03 AM

Posted 05 August 2012 - 10:08 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:09:03 AM

Posted 06 August 2012 - 08:32 AM

Hi narenxp,
Here are the logs you requested. It looks like it found something, but I'm wondering where it came from when we never go to unreputable sites. Thank you!

TDSSKiller
21:36:48.0781 2144 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:36:49.0515 2144 ============================================================
21:36:49.0515 2144 Current date / time: 2012/08/05 21:36:49.0515
21:36:49.0515 2144 SystemInfo:
21:36:49.0515 2144
21:36:49.0515 2144 OS Version: 5.1.2600 ServicePack: 3.0
21:36:49.0515 2144 Product type: Workstation
21:36:49.0515 2144 ComputerName: D7C1CCB1
21:36:49.0515 2144 UserName: Jodi
21:36:49.0515 2144 Windows directory: C:\WINDOWS
21:36:49.0515 2144 System windows directory: C:\WINDOWS
21:36:49.0515 2144 Processor architecture: Intel x86
21:36:49.0515 2144 Number of processors: 1
21:36:49.0515 2144 Page size: 0x1000
21:36:49.0515 2144 Boot type: Normal boot
21:36:49.0515 2144 ============================================================
21:36:56.0484 2144 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:36:56.0484 2144 ============================================================
21:36:56.0484 2144 \Device\Harddisk0\DR0:
21:36:56.0484 2144 MBR partitions:
21:36:56.0484 2144 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x69682E0
21:36:56.0484 2144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x697BCA5, BlocksNum 0x2536D3D
21:36:56.0484 2144 ============================================================
21:36:56.0765 2144 C: <-> \Device\Harddisk0\DR0\Partition0
21:36:56.0859 2144 D: <-> \Device\Harddisk0\DR0\Partition1
21:36:56.0859 2144 ============================================================
21:36:56.0859 2144 Initialize success
21:36:56.0859 2144 ============================================================
21:37:16.0812 1728 ============================================================
21:37:16.0812 1728 Scan started
21:37:16.0812 1728 Mode: Manual; TDLFS;
21:37:16.0812 1728 ============================================================
21:37:17.0609 1728 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:37:17.0609 1728 !SASCORE - ok
21:37:18.0203 1728 Abiosdsk - ok
21:37:18.0375 1728 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:37:18.0734 1728 abp480n5 - ok
21:37:18.0875 1728 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:37:18.0890 1728 ACPI - ok
21:37:19.0093 1728 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:37:19.0203 1728 ACPIEC - ok
21:37:19.0984 1728 Ad-Aware Service (af9658974154c3b6a333d86dc2e0aac8) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
21:37:20.0125 1728 Ad-Aware Service - ok
21:37:20.0734 1728 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:37:20.0968 1728 AdobeFlashPlayerUpdateSvc - ok
21:37:21.0250 1728 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:37:21.0718 1728 adpu160m - ok
21:37:21.0875 1728 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:37:22.0046 1728 aec - ok
21:37:22.0187 1728 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:37:22.0187 1728 AFD - ok
21:37:22.0421 1728 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:37:22.0718 1728 agp440 - ok
21:37:22.0890 1728 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:37:23.0078 1728 agpCPQ - ok
21:37:23.0296 1728 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:37:23.0671 1728 Aha154x - ok
21:37:23.0703 1728 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:37:23.0984 1728 aic78u2 - ok
21:37:24.0078 1728 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:37:24.0375 1728 aic78xx - ok
21:37:24.0515 1728 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:37:24.0671 1728 Alerter - ok
21:37:24.0796 1728 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:37:24.0796 1728 ALG - ok
21:37:24.0921 1728 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:37:25.0078 1728 AliIde - ok
21:37:25.0171 1728 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:37:25.0343 1728 alim1541 - ok
21:37:25.0468 1728 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:37:25.0718 1728 amdagp - ok
21:37:25.0828 1728 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:37:26.0000 1728 amsint - ok
21:37:26.0156 1728 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:37:26.0437 1728 asc - ok
21:37:26.0546 1728 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:37:26.0781 1728 asc3350p - ok
21:37:26.0875 1728 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:37:27.0156 1728 asc3550 - ok
21:37:27.0625 1728 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:37:28.0250 1728 aspnet_state - ok
21:37:28.0484 1728 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:37:28.0671 1728 AsyncMac - ok
21:37:28.0921 1728 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:37:28.0921 1728 atapi - ok
21:37:28.0937 1728 Atdisk - ok
21:37:29.0062 1728 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:37:29.0125 1728 Atmarpc - ok
21:37:29.0218 1728 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:37:29.0296 1728 AudioSrv - ok
21:37:29.0390 1728 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:37:29.0390 1728 audstub - ok
21:37:29.0515 1728 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:37:29.0531 1728 Beep - ok
21:37:30.0046 1728 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:37:30.0218 1728 BITS - ok
21:37:30.0625 1728 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:37:31.0171 1728 Bonjour Service - ok
21:37:31.0281 1728 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:37:31.0359 1728 Browser - ok
21:37:31.0359 1728 bvrp_pci - ok
21:37:31.0734 1728 catchme - ok
21:37:32.0031 1728 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:37:32.0093 1728 cbidf - ok
21:37:32.0109 1728 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:37:32.0109 1728 cbidf2k - ok
21:37:32.0187 1728 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:37:32.0453 1728 cd20xrnt - ok
21:37:32.0546 1728 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:37:32.0656 1728 Cdaudio - ok
21:37:32.0750 1728 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:37:32.0765 1728 Cdfs - ok
21:37:32.0984 1728 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:37:32.0984 1728 Cdrom - ok
21:37:33.0000 1728 Changer - ok
21:37:33.0156 1728 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:37:33.0250 1728 CiSvc - ok
21:37:33.0328 1728 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:37:33.0375 1728 ClipSrv - ok
21:37:33.0828 1728 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:37:34.0875 1728 clr_optimization_v2.0.50727_32 - ok
21:37:35.0234 1728 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:37:35.0359 1728 CmdIde - ok
21:37:35.0359 1728 COMSysApp - ok
21:37:35.0421 1728 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:37:35.0468 1728 Cpqarray - ok
21:37:35.0781 1728 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
21:37:36.0437 1728 cpudrv - ok
21:37:36.0546 1728 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:37:36.0609 1728 CryptSvc - ok
21:37:36.0812 1728 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:37:37.0140 1728 dac2w2k - ok
21:37:37.0281 1728 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:37:37.0453 1728 dac960nt - ok
21:37:37.0796 1728 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:37:37.0968 1728 DcomLaunch - ok
21:37:38.0218 1728 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:37:38.0328 1728 Dhcp - ok
21:37:38.0421 1728 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:37:38.0421 1728 Disk - ok
21:37:38.0546 1728 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:37:38.0546 1728 DLABOIOM - ok
21:37:38.0687 1728 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:37:38.0687 1728 DLACDBHM - ok
21:37:38.0781 1728 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
21:37:38.0781 1728 DLADResN - ok
21:37:38.0843 1728 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:37:38.0843 1728 DLAIFS_M - ok
21:37:38.0875 1728 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:37:38.0875 1728 DLAOPIOM - ok
21:37:38.0906 1728 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:37:38.0906 1728 DLAPoolM - ok
21:37:39.0031 1728 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:37:39.0031 1728 DLARTL_N - ok
21:37:39.0234 1728 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:37:39.0234 1728 DLAUDFAM - ok
21:37:39.0312 1728 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:37:39.0312 1728 DLAUDF_M - ok
21:37:39.0312 1728 dmadmin - ok
21:37:39.0765 1728 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:37:40.0296 1728 dmboot - ok
21:37:40.0500 1728 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:37:40.0796 1728 dmio - ok
21:37:40.0937 1728 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:37:41.0000 1728 dmload - ok
21:37:41.0359 1728 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:37:41.0484 1728 dmserver - ok
21:37:41.0546 1728 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:37:41.0625 1728 DMusic - ok
21:37:41.0750 1728 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:37:41.0937 1728 Dnscache - ok
21:37:42.0140 1728 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:37:42.0343 1728 Dot3svc - ok
21:37:42.0484 1728 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:37:42.0562 1728 dpti2o - ok
21:37:42.0578 1728 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:37:42.0625 1728 drmkaud - ok
21:37:42.0765 1728 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:37:42.0765 1728 DRVMCDB - ok
21:37:42.0906 1728 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:37:42.0906 1728 DRVNDDM - ok
21:37:43.0453 1728 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
21:37:43.0812 1728 DSBrokerService - ok
21:37:44.0046 1728 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
21:37:44.0531 1728 DSproct - ok
21:37:44.0656 1728 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
21:37:44.0656 1728 dsunidrv - ok
21:37:44.0828 1728 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:37:44.0828 1728 E100B - ok
21:37:45.0000 1728 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:37:45.0125 1728 EapHost - ok
21:37:45.0203 1728 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:37:45.0250 1728 ERSvc - ok
21:37:45.0375 1728 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:37:45.0375 1728 Eventlog - ok
21:37:45.0718 1728 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:37:45.0875 1728 EventSystem - ok
21:37:46.0078 1728 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:37:46.0078 1728 Fastfat - ok
21:37:46.0218 1728 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:37:46.0515 1728 FastUserSwitchingCompatibility - ok
21:37:46.0781 1728 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
21:37:46.0906 1728 Fax - ok
21:37:46.0968 1728 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:37:47.0015 1728 Fdc - ok
21:37:47.0062 1728 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:37:47.0062 1728 Fips - ok
21:37:47.0234 1728 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:37:47.0390 1728 Flpydisk - ok
21:37:47.0515 1728 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:37:47.0515 1728 FltMgr - ok
21:37:48.0125 1728 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:37:48.0171 1728 FontCache3.0.0.0 - ok
21:37:48.0281 1728 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
21:37:48.0281 1728 fssfltr - ok
21:37:50.0953 1728 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:37:51.0640 1728 fsssvc - ok
21:37:51.0718 1728 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:37:51.0718 1728 Fs_Rec - ok
21:37:51.0984 1728 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:37:52.0046 1728 Ftdisk - ok
21:37:52.0156 1728 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:37:52.0171 1728 GEARAspiWDM - ok
21:37:52.0421 1728 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:37:52.0421 1728 Gpc - ok
21:37:52.0765 1728 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:37:52.0890 1728 gupdate - ok
21:37:52.0890 1728 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:37:52.0890 1728 gupdatem - ok
21:37:53.0359 1728 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:37:53.0406 1728 helpsvc - ok
21:37:53.0421 1728 HidServ - ok
21:37:53.0562 1728 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:37:53.0562 1728 HidUsb - ok
21:37:53.0812 1728 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:37:54.0203 1728 hkmsvc - ok
21:37:54.0390 1728 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:37:54.0656 1728 hpn - ok
21:37:55.0125 1728 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:37:55.0140 1728 HSFHWBS2 - ok
21:37:55.0843 1728 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:37:55.0843 1728 HSF_DP - ok
21:37:56.0062 1728 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:37:56.0062 1728 HTTP - ok
21:37:56.0281 1728 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:37:56.0328 1728 HTTPFilter - ok
21:37:56.0406 1728 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:37:56.0406 1728 i2omgmt - ok
21:37:56.0500 1728 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:37:56.0609 1728 i2omp - ok
21:37:56.0687 1728 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:37:56.0781 1728 i8042prt - ok
21:37:57.0500 1728 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:37:57.0515 1728 ialm - ok
21:37:58.0390 1728 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:37:59.0218 1728 idsvc - ok
21:37:59.0906 1728 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:37:59.0906 1728 Imapi - ok
21:38:00.0078 1728 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:38:00.0328 1728 ImapiService - ok
21:38:00.0531 1728 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:38:00.0765 1728 ini910u - ok
21:38:00.0843 1728 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:38:00.0859 1728 IntelIde - ok
21:38:00.0953 1728 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:38:00.0953 1728 intelppm - ok
21:38:01.0109 1728 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:38:01.0375 1728 Ip6Fw - ok
21:38:01.0515 1728 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:38:01.0609 1728 IpFilterDriver - ok
21:38:01.0890 1728 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:38:02.0000 1728 IpInIp - ok
21:38:02.0078 1728 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:38:02.0078 1728 IpNat - ok
21:38:02.0828 1728 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
21:38:03.0406 1728 iPod Service - ok
21:38:03.0500 1728 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:38:03.0500 1728 IPSec - ok
21:38:03.0640 1728 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:38:03.0843 1728 IRENUM - ok
21:38:03.0937 1728 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:38:03.0953 1728 isapnp - ok
21:38:04.0171 1728 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
21:38:04.0187 1728 JavaQuickStarterService - ok
21:38:04.0296 1728 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:38:04.0296 1728 Kbdclass - ok
21:38:04.0312 1728 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:38:04.0312 1728 kbdhid - ok
21:38:04.0484 1728 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:38:04.0671 1728 kmixer - ok
21:38:04.0812 1728 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:38:04.0875 1728 KSecDD - ok
21:38:05.0015 1728 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:38:05.0390 1728 lanmanserver - ok
21:38:05.0515 1728 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:38:05.0625 1728 lanmanworkstation - ok
21:38:05.0656 1728 Lavasoft Kernexplorer - ok
21:38:05.0671 1728 Lbd - ok
21:38:05.0671 1728 lbrtfdc - ok
21:38:08.0437 1728 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
21:38:14.0921 1728 LeapFrog Connect Device Service - ok
21:38:15.0359 1728 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:38:15.0453 1728 LmHosts - ok
21:38:15.0765 1728 lxdnCATSCustConnectService (ab694fa24e02246f9ddcdd729d6b9278) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
21:38:16.0203 1728 lxdnCATSCustConnectService - ok
21:38:16.0203 1728 lxdn_device - ok
21:38:16.0515 1728 McAfeeFramework (447d4617b99ac0a4ba056713dfe02279) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
21:38:16.0593 1728 McAfeeFramework - ok
21:38:16.0843 1728 McShield (54ebfeeea8a86328c7f0238fc1675008) C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
21:38:16.0906 1728 McShield - ok
21:38:16.0968 1728 McTaskManager (d7c8aef6b8e5a79e9c53f20a45a14a44) C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
21:38:17.0000 1728 McTaskManager - ok
21:38:17.0234 1728 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:38:17.0265 1728 mdmxsdk - ok
21:38:17.0421 1728 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:38:17.0531 1728 Messenger - ok
21:38:17.0671 1728 mfeapfk (6a7418672657547e543d8c04f94258e1) C:\WINDOWS\system32\drivers\mfeapfk.sys
21:38:17.0703 1728 mfeapfk - ok
21:38:17.0765 1728 mfeavfk (63c29d5148a1fb26beb60e45b94e6df2) C:\WINDOWS\system32\drivers\mfeavfk.sys
21:38:17.0812 1728 mfeavfk - ok
21:38:17.0859 1728 mfebopk (a4d0923fb0f233c6476e1fa2b5d6c0b1) C:\WINDOWS\system32\drivers\mfebopk.sys
21:38:17.0875 1728 mfebopk - ok
21:38:18.0062 1728 mfehidk (791e08dca5e1d347551ae27edf32a2b6) C:\WINDOWS\system32\drivers\mfehidk.sys
21:38:18.0125 1728 mfehidk - ok
21:38:18.0234 1728 mferkdk (2f875c69112eeed976b7d7e397fd6871) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
21:38:18.0250 1728 mferkdk - ok
21:38:18.0281 1728 mfetdik (923b88a31c63fb2b1bde239fef6ed158) C:\WINDOWS\system32\drivers\mfetdik.sys
21:38:18.0312 1728 mfetdik - ok
21:38:18.0406 1728 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:38:18.0421 1728 mnmdd - ok
21:38:18.0546 1728 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:38:18.0656 1728 mnmsrvc - ok
21:38:18.0781 1728 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:38:18.0796 1728 Modem - ok
21:38:18.0843 1728 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:38:18.0843 1728 MODEMCSA - ok
21:38:18.0953 1728 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:38:18.0968 1728 Mouclass - ok
21:38:19.0093 1728 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:38:19.0093 1728 mouhid - ok
21:38:19.0187 1728 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:38:19.0203 1728 MountMgr - ok
21:38:19.0390 1728 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:38:19.0687 1728 MozillaMaintenance - ok
21:38:19.0781 1728 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:38:20.0078 1728 mraid35x - ok
21:38:20.0203 1728 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:38:20.0281 1728 MRxDAV - ok
21:38:20.0515 1728 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:38:20.0703 1728 MRxSmb - ok
21:38:21.0000 1728 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:38:21.0046 1728 MSDTC - ok
21:38:21.0156 1728 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:38:21.0171 1728 Msfs - ok
21:38:21.0171 1728 MSIServer - ok
21:38:21.0234 1728 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:38:21.0281 1728 MSKSSRV - ok
21:38:21.0359 1728 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:38:21.0500 1728 MSPCLOCK - ok
21:38:21.0531 1728 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:38:21.0578 1728 MSPQM - ok
21:38:21.0687 1728 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:38:21.0703 1728 mssmbios - ok
21:38:21.0796 1728 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:38:21.0843 1728 Mup - ok
21:38:22.0500 1728 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:38:22.0796 1728 napagent - ok
21:38:23.0093 1728 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:38:23.0171 1728 NDIS - ok
21:38:23.0250 1728 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:38:23.0265 1728 NdisTapi - ok
21:38:23.0343 1728 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:38:23.0359 1728 Ndisuio - ok
21:38:23.0500 1728 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:38:23.0593 1728 NdisWan - ok
21:38:23.0687 1728 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:38:23.0734 1728 NDProxy - ok
21:38:23.0828 1728 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:38:23.0843 1728 NetBIOS - ok
21:38:23.0968 1728 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:38:24.0046 1728 NetBT - ok
21:38:24.0375 1728 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:38:24.0578 1728 NetDDE - ok
21:38:24.0578 1728 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:38:24.0578 1728 NetDDEdsdm - ok
21:38:24.0703 1728 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:38:24.0734 1728 Netlogon - ok
21:38:24.0953 1728 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:38:25.0109 1728 Netman - ok
21:38:25.0781 1728 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
21:38:26.0359 1728 NetSvc - ok
21:38:26.0968 1728 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:38:27.0234 1728 NetTcpPortSharing - ok
21:38:27.0390 1728 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:38:27.0609 1728 Nla - ok
21:38:27.0703 1728 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:38:27.0703 1728 Npfs - ok
21:38:28.0203 1728 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:38:28.0562 1728 Ntfs - ok
21:38:28.0640 1728 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:38:28.0640 1728 NtLmSsp - ok
21:38:29.0046 1728 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:38:29.0375 1728 NtmsSvc - ok
21:38:29.0468 1728 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:38:29.0484 1728 Null - ok
21:38:30.0593 1728 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:38:31.0656 1728 nv - ok
21:38:32.0390 1728 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:38:32.0515 1728 NwlnkFlt - ok
21:38:32.0578 1728 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:38:32.0625 1728 NwlnkFwd - ok
21:38:33.0000 1728 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:38:33.0125 1728 ose - ok
21:38:33.0312 1728 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:38:33.0437 1728 Parport - ok
21:38:33.0531 1728 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:38:33.0546 1728 PartMgr - ok
21:38:33.0718 1728 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:38:33.0828 1728 ParVdm - ok
21:38:33.0937 1728 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:38:34.0000 1728 PCI - ok
21:38:34.0000 1728 PCIDump - ok
21:38:34.0062 1728 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:38:34.0078 1728 PCIIde - ok
21:38:34.0218 1728 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:38:34.0640 1728 Pcmcia - ok
21:38:34.0656 1728 PDCOMP - ok
21:38:34.0656 1728 PDFRAME - ok
21:38:34.0656 1728 PDRELI - ok
21:38:34.0656 1728 PDRFRAME - ok
21:38:34.0796 1728 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:38:35.0031 1728 perc2 - ok
21:38:35.0078 1728 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:38:35.0109 1728 perc2hib - ok
21:38:35.0265 1728 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:38:35.0265 1728 PlugPlay - ok
21:38:35.0359 1728 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:38:35.0359 1728 PolicyAgent - ok
21:38:35.0468 1728 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:38:35.0484 1728 PptpMiniport - ok
21:38:35.0484 1728 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:38:35.0484 1728 ProtectedStorage - ok
21:38:35.0625 1728 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:38:35.0671 1728 PSched - ok
21:38:35.0781 1728 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:38:35.0781 1728 Ptilink - ok
21:38:35.0906 1728 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:38:35.0906 1728 PxHelp20 - ok
21:38:36.0156 1728 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:38:36.0375 1728 ql1080 - ok
21:38:36.0484 1728 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:38:36.0671 1728 Ql10wnt - ok
21:38:36.0734 1728 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:38:36.0796 1728 ql12160 - ok
21:38:36.0984 1728 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:38:37.0156 1728 ql1240 - ok
21:38:37.0312 1728 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:38:37.0437 1728 ql1280 - ok
21:38:37.0531 1728 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:38:37.0531 1728 RasAcd - ok
21:38:37.0671 1728 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:38:37.0859 1728 RasAuto - ok
21:38:37.0953 1728 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:38:37.0968 1728 Rasl2tp - ok
21:38:38.0125 1728 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:38:38.0234 1728 RasMan - ok
21:38:38.0312 1728 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:38:38.0328 1728 RasPppoe - ok
21:38:38.0437 1728 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:38:38.0453 1728 Raspti - ok
21:38:38.0656 1728 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:38:38.0765 1728 Rdbss - ok
21:38:38.0828 1728 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:38:38.0859 1728 RDPCDD - ok
21:38:39.0031 1728 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:38:39.0265 1728 rdpdr - ok
21:38:39.0437 1728 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:38:39.0921 1728 RDPWD - ok
21:38:40.0390 1728 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:38:40.0593 1728 RDSessMgr - ok
21:38:40.0656 1728 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:38:40.0687 1728 redbook - ok
21:38:40.0843 1728 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:38:41.0031 1728 RemoteAccess - ok
21:38:41.0265 1728 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:38:41.0546 1728 RpcLocator - ok
21:38:41.0812 1728 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:38:41.0812 1728 RpcSs - ok
21:38:42.0156 1728 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:38:42.0234 1728 RSVP - ok
21:38:42.0468 1728 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:38:42.0546 1728 SamSs - ok
21:38:43.0656 1728 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:38:43.0890 1728 SASDIFSV - ok
21:38:44.0453 1728 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
21:38:45.0031 1728 SASENUM - ok
21:38:45.0109 1728 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
21:38:45.0140 1728 SASKUTIL - ok
21:38:49.0562 1728 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
21:38:49.0593 1728 SBAMSvc - ok
21:38:50.0250 1728 sbaphd (62ba65cc0b4a4bd1eaff5fed6e2b5069) C:\WINDOWS\system32\drivers\sbaphd.sys
21:38:50.0250 1728 sbaphd - ok
21:38:50.0609 1728 sbapifs (3fff8cda4d2f29ca06f1557e85163c30) C:\WINDOWS\system32\drivers\sbapifs.sys
21:38:50.0640 1728 sbapifs - ok
21:38:51.0375 1728 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\WINDOWS\system32\drivers\SBREdrv.sys
21:38:51.0515 1728 SBRE - ok
21:38:51.0671 1728 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:38:51.0765 1728 SCardSvr - ok
21:38:51.0921 1728 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:38:52.0125 1728 Schedule - ok
21:38:52.0296 1728 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:38:52.0500 1728 Secdrv - ok
21:38:52.0593 1728 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:38:52.0656 1728 seclogon - ok
21:38:53.0000 1728 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
21:38:53.0328 1728 senfilt - ok
21:38:53.0437 1728 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:38:53.0453 1728 SENS - ok
21:38:53.0546 1728 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:38:53.0562 1728 serenum - ok
21:38:53.0625 1728 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:38:53.0656 1728 Serial - ok
21:38:53.0671 1728 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:38:53.0718 1728 Sfloppy - ok
21:38:54.0000 1728 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:38:54.0250 1728 SharedAccess - ok
21:38:54.0390 1728 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:38:54.0390 1728 ShellHWDetection - ok
21:38:54.0390 1728 Simbad - ok
21:38:54.0828 1728 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:38:55.0109 1728 sisagp - ok
21:38:55.0484 1728 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
21:38:55.0625 1728 smwdm - ok
21:38:55.0843 1728 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:38:56.0078 1728 Sparrow - ok
21:38:56.0218 1728 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:38:56.0296 1728 splitter - ok
21:38:56.0406 1728 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:38:56.0437 1728 Spooler - ok
21:38:56.0687 1728 sprtsvc_dellsupportcenter - ok
21:38:58.0203 1728 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:38:58.0453 1728 sr - ok
21:38:58.0953 1728 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:38:59.0046 1728 srservice - ok
21:38:59.0703 1728 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:39:00.0015 1728 Srv - ok
21:39:00.0109 1728 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:39:00.0171 1728 SSDPSRV - ok
21:39:00.0390 1728 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:39:00.0640 1728 stisvc - ok
21:39:00.0843 1728 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:39:00.0843 1728 swenum - ok
21:39:00.0890 1728 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:39:01.0000 1728 swmidi - ok
21:39:01.0000 1728 SwPrv - ok
21:39:01.0125 1728 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:39:01.0296 1728 symc810 - ok
21:39:01.0484 1728 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:39:01.0796 1728 symc8xx - ok
21:39:01.0890 1728 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:39:02.0140 1728 sym_hi - ok
21:39:02.0437 1728 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:39:02.0640 1728 sym_u3 - ok
21:39:02.0734 1728 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:39:02.0750 1728 sysaudio - ok
21:39:02.0937 1728 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:39:03.0078 1728 SysmonLog - ok
21:39:03.0234 1728 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:39:03.0390 1728 TapiSrv - ok
21:39:03.0609 1728 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:39:03.0875 1728 Tcpip - ok
21:39:04.0109 1728 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:39:04.0218 1728 TDPIPE - ok
21:39:04.0281 1728 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:39:04.0343 1728 TDTCP - ok
21:39:04.0375 1728 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:39:04.0406 1728 TermDD - ok
21:39:04.0703 1728 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:39:04.0984 1728 TermService - ok
21:39:05.0250 1728 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:39:05.0265 1728 Themes - ok
21:39:05.0406 1728 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:39:05.0453 1728 TosIde - ok
21:39:05.0546 1728 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:39:05.0765 1728 TrkWks - ok
21:39:05.0906 1728 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:39:06.0031 1728 Udfs - ok
21:39:06.0156 1728 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:39:06.0453 1728 ultra - ok
21:39:06.0687 1728 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:39:06.0890 1728 Update - ok
21:39:07.0031 1728 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:39:07.0156 1728 upnphost - ok
21:39:07.0218 1728 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:39:07.0312 1728 UPS - ok
21:39:07.0484 1728 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:39:07.0546 1728 usbccgp - ok
21:39:07.0625 1728 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:39:07.0640 1728 usbehci - ok
21:39:07.0703 1728 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:39:07.0718 1728 usbhub - ok
21:39:07.0828 1728 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:39:07.0875 1728 usbprint - ok
21:39:07.0953 1728 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:39:07.0968 1728 usbscan - ok
21:39:08.0062 1728 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:39:08.0171 1728 USBSTOR - ok
21:39:08.0250 1728 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:39:08.0265 1728 usbuhci - ok
21:39:08.0359 1728 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:39:08.0390 1728 VgaSave - ok
21:39:08.0562 1728 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:39:08.0828 1728 viaagp - ok
21:39:08.0875 1728 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:39:08.0921 1728 ViaIde - ok
21:39:09.0031 1728 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:39:09.0046 1728 VolSnap - ok
21:39:09.0390 1728 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:39:09.0609 1728 VSS - ok
21:39:09.0734 1728 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:39:09.0984 1728 w32time - ok
21:39:10.0125 1728 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:39:10.0171 1728 Wanarp - ok
21:39:10.0171 1728 wanatw - ok
21:39:10.0187 1728 WDICA - ok
21:39:10.0312 1728 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:39:10.0375 1728 wdmaud - ok
21:39:10.0640 1728 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:39:10.0718 1728 WebClient - ok
21:39:11.0125 1728 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:39:11.0359 1728 winachsf - ok
21:39:11.0625 1728 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:39:11.0750 1728 winmgmt - ok
21:39:11.0890 1728 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:39:12.0000 1728 WmdmPmSN - ok
21:39:12.0250 1728 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:39:12.0468 1728 WmiApSrv - ok
21:39:13.0125 1728 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:39:14.0671 1728 WMPNetworkSvc - ok
21:39:14.0921 1728 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:39:15.0000 1728 WpdUsb - ok
21:39:15.0109 1728 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:39:15.0218 1728 wscsvc - ok
21:39:15.0281 1728 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:39:15.0343 1728 wuauserv - ok
21:39:15.0546 1728 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:39:15.0625 1728 WudfPf - ok
21:39:16.0390 1728 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:39:16.0562 1728 WudfRd - ok
21:39:16.0656 1728 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:39:16.0750 1728 WudfSvc - ok
21:39:17.0187 1728 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:39:17.0531 1728 WZCSVC - ok
21:39:17.0906 1728 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:39:17.0984 1728 xmlprov - ok
21:39:18.0046 1728 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
21:39:20.0906 1728 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:39:20.0906 1728 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:39:20.0984 1728 Boot (0x1200) (aa9a0b9aae416c1037d3d9c104c9a81c) \Device\Harddisk0\DR0\Partition0
21:39:21.0031 1728 \Device\Harddisk0\DR0\Partition0 - ok
21:39:21.0109 1728 Boot (0x1200) (0dfe86ac683595bc71c5549997c79252) \Device\Harddisk0\DR0\Partition1
21:39:21.0125 1728 \Device\Harddisk0\DR0\Partition1 - ok
21:39:21.0125 1728 ============================================================
21:39:21.0125 1728 Scan finished
21:39:21.0125 1728 ============================================================
21:39:21.0140 3516 Detected object count: 1
21:39:21.0140 3516 Actual detected object count: 1
21:41:18.0796 3516 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:41:18.0953 3516 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
21:41:19.0000 3516 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
21:41:19.0015 3516 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
21:41:19.0250 3516 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
21:41:19.0718 3516 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
21:42:52.0843 3976 Deinitialize success

aswMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 21:44:38
-----------------------------
21:44:38.906 OS Version: Windows 5.1.2600 Service Pack 3
21:44:38.906 Number of processors: 1 586 0x409
21:44:38.921 ComputerName: D7C1CCB1 UserName: Jodi
21:44:41.406 Initialize success
21:51:28.312 AVAST engine defs: 12080501
21:53:57.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:53:57.078 Disk 0 Vendor: ST3802110A 3.ADH Size: 76293MB BusType: 3
21:53:57.125 Disk 0 MBR read successfully
21:53:57.125 Disk 0 MBR scan
21:53:57.562 Disk 0 unknown MBR code
21:53:57.625 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:53:57.750 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53968 MB offset 80325
21:53:57.828 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19053 MB offset 110607525
21:53:57.953 Disk 0 Partition 4 00 DB CP/M / CTOS MSDOS5.0 3223 MB offset 149629410
21:53:58.109 Disk 0 scanning sectors +156232125
21:53:59.781 Disk 0 scanning C:\WINDOWS\system32\drivers
21:55:14.625 Service scanning
21:57:39.296 Modules scanning
21:59:39.468 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
21:59:49.312 Disk 0 trace - called modules:
21:59:49.343 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
21:59:49.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fd2ab8]
21:59:49.359 3 CLASSPNP.SYS[f75d6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f86b00]
21:59:50.968 AVAST engine scan C:\WINDOWS
22:01:31.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jodi\Desktop\MBR.dat"
22:01:31.703 The log file has been saved successfully to "C:\Documents and Settings\Jodi\Desktop\aswMBR.txt"


ESET On this scan I did uncheck "Delete threats"

C:\TDSSKiller_Quarantine\05.08.2012_21.36.49\tdlfs0000\tsk0004.dta a variant of Win32/Olmarik.ADZ trojan

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:03 AM

Posted 06 August 2012 - 10:28 AM

ESET On this scan I did uncheck "Delete threats"


Please delete the TDSSkiller quarantine folder from your C drive

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:09:03 AM

Posted 06 August 2012 - 11:07 AM

narenxp,
Isn't Adware a virus or am I thinking about something else? Will do the above suggested this evening. Thanks.

#6 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:09:03 AM

Posted 07 August 2012 - 08:19 AM

Good morning narenxp,
Here are the logs of the results. Is there a way to tell when this virus was installed so I can trace it back to a page or site? What application is this virus associated with? I've seen several others with this same problem.

Minitoolbar results
MiniToolBox by Farbar Version: 23-07-2012
Ran by Jodi (administrator) on 07-08-2012 at 07:29:13
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15176 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : D7C1CCB1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-16-76-97-B8-75

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Tuesday, August 07, 2012 6:32:55 AM

Lease Expires . . . . . . . . . . : Tuesday, August 07, 2012 9:32:55 AM

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.228.1, 74.125.228.3, 74.125.228.2, 74.125.228.6
74.125.228.5, 74.125.228.4, 74.125.228.9, 74.125.228.7, 74.125.228.8
74.125.228.14, 74.125.228.0



Pinging google.com [74.125.228.4] with 32 bytes of data:



Reply from 74.125.228.4: bytes=32 time=40ms TTL=55

Reply from 74.125.228.4: bytes=32 time=40ms TTL=55



Ping statistics for 74.125.228.4:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 40ms, Average = 40ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=93ms TTL=52

Reply from 209.191.122.70: bytes=32 time=92ms TTL=52



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 92ms, Maximum = 93ms, Average = 92ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 76 97 b8 75 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.100 192.168.0.100 20
192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 20
192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.100 192.168.0.100 20
224.0.0.0 240.0.0.0 192.168.0.100 192.168.0.100 20
255.255.255.255 255.255.255.255 192.168.0.100 192.168.0.100 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/05/2012 10:01:47 PM) (Source: ESENT) (User: )
Description: Catalog Database (1044) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb was partially detached. Error -1032 encountered updating database headers.

Error: (08/05/2012 10:01:47 PM) (Source: ESENT) (User: )
Description: Catalog Database (1044) Unable to write a shadowed header for file C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error -1032.

Error: (08/05/2012 10:01:47 PM) (Source: ESENT) (User: )
Description: svchost (1044) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/02/2012 08:33:39 AM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (07/30/2012 08:04:50 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (07/22/2012 08:31:24 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (07/22/2012 03:10:47 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (07/22/2012 07:57:36 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (07/15/2012 02:43:17 PM) (Source: McLogEvent) (User: )
Description: The McShield service terminated unexpectedly.

Please review event 5019 or 5051 for details.
The McShield service will be restarted in 5 seconds;

Error: (07/15/2012 02:42:57 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 1148 (0x47c)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.13.3.2.128 / 5400.1158
Object being scanned = \Device\HarddiskVolume2\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_D7C1CCB1.xml
by C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)


System errors:
=============
Error: (08/07/2012 06:13:48 AM) (Source: Service Control Manager) (User: )
Description: The Adobe Flash Player Update Service service failed to start due to the following error:
%%1053

Error: (08/07/2012 06:13:14 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the AdobeFlashPlayerUpdateSvc service.

Error: (08/06/2012 06:13:48 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Flash Player Update Service service failed to start due to the following error:
%%1053

Error: (08/06/2012 06:13:14 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the AdobeFlashPlayerUpdateSvc service.

Error: (08/06/2012 06:08:16 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (08/06/2012 06:08:08 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (08/06/2012 06:08:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (08/06/2012 05:05:43 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (08/06/2012 05:05:12 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (08/06/2012 05:03:59 PM) (Source: Service Control Manager) (User: )
Description: The lxdnCATSCustConnectService service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (08/05/2012 10:01:47 PM) (Source: ESENT)(User: )
Description: Catalog Database1044C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032

Error: (08/05/2012 10:01:47 PM) (Source: ESENT)(User: )
Description: Catalog Database1044C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032

Error: (08/05/2012 10:01:47 PM) (Source: ESENT)(User: )
Description: svchost1044C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/02/2012 08:33:39 AM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000

Error: (07/30/2012 08:04:50 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Only one instance of service process is allowed.

Error: (07/22/2012 08:31:24 PM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Only one instance of service process is allowed.

Error: (07/22/2012 03:10:47 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (07/22/2012 07:57:36 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (07/15/2012 02:43:17 PM) (Source: McLogEvent)(User: )
Description: 5

Error: (07/15/2012 02:42:57 PM) (Source: McLogEvent)(User: NT AUTHORITY)NT AUTHORITY
Description: C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe900001148 (0x47c)0x7C90E514
Build VSCORE.13.3.2.128 / 5400.1158
Object being scanned = \Device\HarddiskVolume2\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_D7C1CCB1.xml
by C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)


=========================== Installed Programs ============================

924PLC32 (Version: 1.0.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.41612)
Ad-Aware Antivirus (Version: 10.2.21.3698)
Ad-Aware Browsing Protection (Version: 0.9.0.2)
Ad-Aware Security Toolbar (Version: 0.9.1.8)
Adobe AIR (Version: 2.0.4.13090)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.270)
Adobe Flash Player 11 Plugin (Version: 11.3.300.270)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Adobe® Photoshop® Album Starter Edition 3.0 (Version: 3.00.000)
Angry Birds Rio (Version: 1.4.4)
AOLIcon (Version: 1.00.0000)
Apple Application Support (Version: 2.1.9)
Apple Software Update (Version: 2.1.3.127)
Awakening: Moonfell Wood
Big Fish Games: Game Manager (Version: 3.0.1.60)
Bonjour (Version: 3.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Diagnostic for Windows 1.24
Dell Digital Jukebox Driver
Dell Driver Download Manager - 1 (Version: 3.0.0.0)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Support Center (Support Software) (Version: 2.2.09085)
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Digital Content Portal (Version: 1.00.0000)
Digital Line Detect (Version: 1.10)
Documentation & Support Launcher (Version: 1.00.0000)
Dream Chronicles
Dream Chronicles ™ 2: The Eternal Maze
Dream Chronicles: The Book of Air
Dream Chronicles: The Book of Water
Dream Chronicles: The Chosen Child
ELIcon (Version: 1.00.0000)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.115)
Hodgepodge Hollow
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections (Version: 8.00.5000)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
LeapFrog Connect (Version: 3.2.19.13664)
LeapFrog Didj Plugin (Version: 3.2.19.13664)
Learn2 Player (Uninstall Only)
Lexmark 2600 Series
LiveUpdate 2.6 (Symantec Corporation) (Version: 2.6.14.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
McAfee VirusScan Enterprise (Version: 8.6.0)
MCU (Version: 1.00.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper (Version: 2.40)
Mozilla Firefox 14.0.1 (x86 en-GB) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetWaiting (Version: 2.5.12)
Philips Songbird (Version: 2.5.6 Build: 5.6.2119)
QuickTime (Version: 7.72.80.56)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealUpgrade 1.1 (Version: 1.1.0)
Roxio DLA (Version: 5.2.0)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
Search Assist (Version: 1.00.0000)
Segoe UI (Version: 14.0.4327.805)
SmartDraw 2012
Sonic Activation Module (Version: 1.0)
Sonic Update Manager (Version: 3.0.0)
SoundMAX (Version: 5.12.01.7000)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.6 (Version: 4.6.0)
SUPERAntiSpyware Free Edition (Version: 3.9.0.1008)
swMSM (Version: 12.0.0.1)
System Requirements Lab for Intel (Version: 4.5.3.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
URL Assistant
Use the entry named LeapFrog Connect to uninstall (LeapFrog Didj Plugin)
Virtools 3D Life Player (Version: 4.0.0.x)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Wandering Willows
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 19.3.2010.5)
Xiph QuickTime Components

========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 1021.98 MB
Available physical RAM: 403.9 MB
Total Pagefile: 1311.79 MB
Available Pagefile: 700.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.67 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:52.7 GB) (Free:34.09 GB) NTFS
2 Drive d: (Backup) (Fixed) (Total:18.61 GB) (Free:18.54 GB) NTFS

========================= Users: ========================================

User accounts for \\D7C1CCB1

Administrator Guest HelpAssistant
Jodi SUPPORT_388945a0


**** End of log ****

FSS
Farbar Service Scanner Version: 06-08-2012
Ran by Jodi (administrator) on 07-08-2012 at 07:39:54
Running from "C:\Documents and Settings\Jodi\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(9) Gpc(6) IPSec(4) mfetdik(8) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000800000005000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****

AdwCleaner
# AdwCleaner v1.800 - Logfile created 08/07/2012 at 07:45:43
# Updated 01/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jodi - D7C1CCB1
# Running from : C:\Documents and Settings\Jodi\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Trymedia
File Deleted : C:\WINDOWS\Uninstall.exe

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-GB)

Profile name : default
File : C:\Documents and Settings\Jodi\Application Data\Mozilla\Firefox\Profiles\0dgnvtoz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1830 octets] - [07/08/2012 07:45:43]

########## EOF - C:\AdwCleaner[S1].txt - [1958 octets] ##########

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:03 AM

Posted 07 August 2012 - 08:24 AM

Here are the logs of the results. Is there a way to tell when this virus was installed so I can trace it back to a page or site? What application is this virus associated with? I've seen several others with this same problem.


Its difficult to trace from the logs

Do you still have redirects?

Please post the MBAM log

#8 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:09:03 AM

Posted 07 August 2012 - 08:27 AM

Oh, sorry about that. the MBAM ran clean in safe mode and regular mode. What's next? I haven't been back on the internet until we got everything cleaned. I have my internet hooked up as a wireless. Did the Minitoolbar take care of anything that could be lingering on the modem/router?

Edited by tide_belle, 07 August 2012 - 08:28 AM.


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:03 AM

Posted 07 August 2012 - 08:44 AM

Run the fixit

http://go.microsoft.com/?linkid=9668866

Restart the PC.Start browsing and let me know if you still have redirects

Edited by narenxp, 07 August 2012 - 08:45 AM.


#10 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:09:03 AM

Posted 07 August 2012 - 09:56 AM

Ok, I ran the fixit and now WinPatrol is alerting me to a hosts file change and if I want to accept.

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:03 AM

Posted 07 August 2012 - 10:13 AM

Ok, I ran the fixit and now WinPatrol is alerting me to a hosts file change and if I want to accept.


Yes

#12 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:09:03 AM

Posted 07 August 2012 - 03:43 PM

narenxp,
So far no redirects. Updated and ran Spybot S&D and Spywareblaster to update the hosts file. I'm still scratching my head as how this one got through without WinPatrol or something else noticing something. The only application I've downloaded recently was AdAware Antivirus. I just wish I knew what site it came from so we can avoid it altogether. Thank you very much for all of your help! :thumbup2:

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:03 AM

Posted 07 August 2012 - 03:52 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#14 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:09:03 AM

Posted 08 August 2012 - 07:21 AM

Thank you again! I should have known something was wrong when my bookmark icons had changed to a red square with a white minus in the middle.

Edited by tide_belle, 08 August 2012 - 07:22 AM.


#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:03 AM

Posted 08 August 2012 - 07:38 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users