Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Live Security Platinum won't uninstall


  • Please log in to reply
25 replies to this topic

#1 hyperboreal

hyperboreal

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 08 August 2012 - 06:45 AM

Before going to bed tonight, I was browsing the internet on my parents' computer (so I really don't know how this got onto the computer) when a pop-up from "Live Security Platinum" appeared and said something about the computer having a virus. I immediately knew it was bad, so I brought up Task Manager and closed the window then tried to open MalwareBytes and then MSE. Neither would work, and another pop-up came up and said the computer had dozens of trojans and viruses. When I tried MSE and MB again, a pop-up from Live Security Platform said those programs were infected.

Then I went onto bleepingcomputer's Remove Live Security Platinum guide and made it all the way to step 10. When I press "Change/Remove," the little 'waiting' thing comes up and nothing happens.

I tried to uninstall something else; this window came up:
"The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance."

What gives? Google isn't really giving me any answers. Is there anything that I can do?

edit: The computer is an older Dell with Windows XP.

Edited by hyperboreal, 08 August 2012 - 06:53 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:38 PM

Posted 08 August 2012 - 06:51 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 hyperboreal

hyperboreal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 08 August 2012 - 02:54 PM

Thank you for those links!

I finished the first two scans so I will post the logs later. As for ESET, it gives two options: "Remove found threats" and "Scan archives." Should I choose either of those options before I start the scan?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:38 PM

Posted 08 August 2012 - 02:56 PM

Select remove found threats

#5 hyperboreal

hyperboreal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 08 August 2012 - 06:12 PM

TDSSKiller log file:

06:02:17.0671 0956 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
06:02:18.0062 0956 ============================================================
06:02:18.0062 0956 Current date / time: 2012/08/08 06:02:18.0062
06:02:18.0062 0956 SystemInfo:
06:02:18.0062 0956
06:02:18.0062 0956 OS Version: 5.1.2600 ServicePack: 3.0
06:02:18.0062 0956 Product type: Workstation
06:02:18.0078 0956 ComputerName: RUSTY
06:02:18.0078 0956 UserName: Laurel
06:02:18.0078 0956 Windows directory: C:\WINDOWS
06:02:18.0078 0956 System windows directory: C:\WINDOWS
06:02:18.0078 0956 Processor architecture: Intel x86
06:02:18.0078 0956 Number of processors: 1
06:02:18.0078 0956 Page size: 0x1000
06:02:18.0078 0956 Boot type: Safe boot with network
06:02:18.0078 0956 ============================================================
06:02:21.0500 0956 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:02:21.0500 0956 ============================================================
06:02:21.0500 0956 \Device\Harddisk0\DR0:
06:02:21.0500 0956 MBR partitions:
06:02:21.0500 0956 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x445C7EE
06:02:21.0500 0956 ============================================================
06:02:21.0578 0956 C: <-> \Device\Harddisk0\DR0\Partition0
06:02:21.0640 0956 ============================================================
06:02:21.0640 0956 Initialize success
06:02:21.0640 0956 ============================================================
06:02:42.0625 1972 ============================================================
06:02:42.0625 1972 Scan started
06:02:42.0625 1972 Mode: Manual; TDLFS;
06:02:42.0625 1972 ============================================================
06:02:43.0734 1972 Abiosdsk - ok
06:02:43.0812 1972 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
06:02:43.0812 1972 abp480n5 - ok
06:02:43.0890 1972 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:02:43.0906 1972 ACPI - ok
06:02:44.0000 1972 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:02:44.0000 1972 ACPIEC - ok
06:02:44.0125 1972 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:02:44.0140 1972 AdobeFlashPlayerUpdateSvc - ok
06:02:44.0218 1972 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
06:02:44.0218 1972 adpu160m - ok
06:02:44.0281 1972 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:02:44.0296 1972 aec - ok
06:02:44.0375 1972 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:02:44.0375 1972 AFD - ok
06:02:44.0421 1972 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
06:02:44.0421 1972 agp440 - ok
06:02:44.0468 1972 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
06:02:44.0468 1972 agpCPQ - ok
06:02:44.0546 1972 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
06:02:44.0546 1972 Aha154x - ok
06:02:44.0609 1972 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
06:02:44.0609 1972 aic78u2 - ok
06:02:44.0656 1972 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
06:02:44.0656 1972 aic78xx - ok
06:02:44.0734 1972 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
06:02:44.0750 1972 Alerter - ok
06:02:44.0781 1972 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
06:02:44.0781 1972 ALG - ok
06:02:44.0890 1972 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:02:44.0890 1972 AliIde - ok
06:02:44.0937 1972 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
06:02:44.0937 1972 alim1541 - ok
06:02:44.0968 1972 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
06:02:44.0968 1972 amdagp - ok
06:02:45.0015 1972 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
06:02:45.0015 1972 amsint - ok
06:02:45.0046 1972 AppMgmt - ok
06:02:45.0125 1972 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
06:02:45.0125 1972 asc - ok
06:02:45.0171 1972 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
06:02:45.0171 1972 asc3350p - ok
06:02:45.0218 1972 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
06:02:45.0218 1972 asc3550 - ok
06:02:45.0281 1972 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
06:02:45.0281 1972 ASCTRM - ok
06:02:45.0484 1972 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:02:45.0484 1972 aspnet_state - ok
06:02:45.0546 1972 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:02:45.0562 1972 AsyncMac - ok
06:02:45.0593 1972 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:02:45.0593 1972 atapi - ok
06:02:45.0640 1972 Atdisk - ok
06:02:45.0687 1972 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:02:45.0703 1972 Atmarpc - ok
06:02:45.0750 1972 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
06:02:45.0765 1972 AudioSrv - ok
06:02:45.0843 1972 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:02:45.0843 1972 audstub - ok
06:02:45.0906 1972 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:02:45.0906 1972 Beep - ok
06:02:46.0031 1972 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
06:02:46.0046 1972 Bonjour Service - ok
06:02:46.0125 1972 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
06:02:46.0125 1972 Browser - ok
06:02:46.0171 1972 bvrp_pci - ok
06:02:46.0234 1972 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
06:02:46.0234 1972 cbidf - ok
06:02:46.0281 1972 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:02:46.0281 1972 cbidf2k - ok
06:02:46.0343 1972 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
06:02:46.0343 1972 cd20xrnt - ok
06:02:46.0375 1972 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:02:46.0375 1972 Cdaudio - ok
06:02:46.0421 1972 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:02:46.0421 1972 Cdfs - ok
06:02:46.0500 1972 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
06:02:46.0500 1972 Cdr4_xp - ok
06:02:46.0546 1972 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
06:02:46.0546 1972 Cdralw2k - ok
06:02:46.0625 1972 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:02:46.0625 1972 Cdrom - ok
06:02:46.0703 1972 cdudf_xp (8c7746acde6225a46b58ed7ae09ec166) C:\WINDOWS\system32\drivers\cdudf_xp.sys
06:02:46.0703 1972 cdudf_xp - ok
06:02:46.0750 1972 Changer - ok
06:02:46.0796 1972 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
06:02:46.0796 1972 CiSvc - ok
06:02:46.0875 1972 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
06:02:46.0875 1972 ClipSrv - ok
06:02:47.0015 1972 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:02:47.0015 1972 clr_optimization_v2.0.50727_32 - ok
06:02:47.0093 1972 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
06:02:47.0093 1972 CmdIde - ok
06:02:47.0140 1972 COMSysApp - ok
06:02:47.0234 1972 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
06:02:47.0234 1972 Cpqarray - ok
06:02:47.0265 1972 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
06:02:47.0265 1972 CryptSvc - ok
06:02:47.0375 1972 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
06:02:47.0390 1972 dac2w2k - ok
06:02:47.0437 1972 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
06:02:47.0437 1972 dac960nt - ok
06:02:47.0531 1972 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
06:02:47.0640 1972 DcomLaunch - ok
06:02:47.0734 1972 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
06:02:47.0734 1972 Dhcp - ok
06:02:47.0781 1972 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:02:47.0781 1972 Disk - ok
06:02:47.0796 1972 dmadmin - ok
06:02:47.0906 1972 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:02:47.0953 1972 dmboot - ok
06:02:48.0000 1972 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:02:48.0015 1972 dmio - ok
06:02:48.0078 1972 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:02:48.0078 1972 dmload - ok
06:02:48.0125 1972 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
06:02:48.0125 1972 dmserver - ok
06:02:48.0187 1972 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:02:48.0187 1972 DMusic - ok
06:02:48.0265 1972 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
06:02:48.0265 1972 Dnscache - ok
06:02:48.0406 1972 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
06:02:48.0468 1972 Dot3svc - ok
06:02:48.0546 1972 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
06:02:48.0546 1972 dpti2o - ok
06:02:48.0593 1972 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:02:48.0593 1972 drmkaud - ok
06:02:48.0734 1972 dvd_2K (800de2dfa19db3fd87aa95308ba0c17b) C:\WINDOWS\system32\drivers\dvd_2K.sys
06:02:48.0734 1972 dvd_2K - ok
06:02:48.0812 1972 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
06:02:48.0812 1972 E100B - ok
06:02:48.0890 1972 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
06:02:48.0906 1972 EapHost - ok
06:02:48.0953 1972 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
06:02:48.0953 1972 ERSvc - ok
06:02:49.0015 1972 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
06:02:49.0015 1972 Eventlog - ok
06:02:49.0093 1972 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
06:02:49.0109 1972 EventSystem - ok
06:02:49.0250 1972 F-Secure BlackLight Sensor (e081184b8a58dc49bfe2200d56c297b2) C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe
06:02:49.0265 1972 F-Secure BlackLight Sensor - ok
06:02:49.0328 1972 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:02:49.0328 1972 Fastfat - ok
06:02:49.0390 1972 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:02:49.0406 1972 FastUserSwitchingCompatibility - ok
06:02:49.0484 1972 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
06:02:49.0500 1972 Fax - ok
06:02:49.0531 1972 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:02:49.0531 1972 Fdc - ok
06:02:49.0593 1972 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:02:49.0593 1972 Fips - ok
06:02:49.0656 1972 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:02:49.0656 1972 Flpydisk - ok
06:02:49.0718 1972 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:02:49.0718 1972 FltMgr - ok
06:02:49.0843 1972 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:02:49.0843 1972 FontCache3.0.0.0 - ok
06:02:49.0984 1972 fsbl - ok
06:02:50.0062 1972 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:02:50.0062 1972 Fs_Rec - ok
06:02:50.0140 1972 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:02:50.0156 1972 Ftdisk - ok
06:02:50.0234 1972 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys
06:02:50.0234 1972 GcKernel - ok
06:02:50.0312 1972 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
06:02:50.0312 1972 GEARAspiWDM - ok
06:02:50.0359 1972 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:02:50.0359 1972 Gpc - ok
06:02:50.0453 1972 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:02:50.0453 1972 helpsvc - ok
06:02:50.0500 1972 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
06:02:50.0500 1972 HidServ - ok
06:02:50.0562 1972 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
06:02:50.0562 1972 HIDSwvd - ok
06:02:50.0609 1972 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:02:50.0609 1972 HidUsb - ok
06:02:50.0656 1972 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
06:02:50.0671 1972 hkmsvc - ok
06:02:50.0765 1972 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
06:02:50.0765 1972 hpn - ok
06:02:50.0875 1972 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:02:50.0890 1972 HTTP - ok
06:02:50.0953 1972 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
06:02:50.0953 1972 HTTPFilter - ok
06:02:51.0031 1972 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
06:02:51.0031 1972 i2omgmt - ok
06:02:51.0109 1972 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
06:02:51.0125 1972 i2omp - ok
06:02:51.0156 1972 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:02:51.0156 1972 i8042prt - ok
06:02:51.0296 1972 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
06:02:51.0359 1972 ialm - ok
06:02:51.0562 1972 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
06:02:51.0562 1972 IDriverT - ok
06:02:51.0765 1972 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:02:51.0796 1972 idsvc - ok
06:02:51.0968 1972 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
06:02:51.0968 1972 Imapi - ok
06:02:52.0031 1972 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\Imapi.exe
06:02:52.0046 1972 ImapiService - ok
06:02:52.0140 1972 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
06:02:52.0140 1972 ini910u - ok
06:02:52.0250 1972 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
06:02:52.0296 1972 IntelC51 - ok
06:02:52.0359 1972 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
06:02:52.0421 1972 IntelC52 - ok
06:02:52.0468 1972 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
06:02:52.0484 1972 IntelC53 - ok
06:02:52.0531 1972 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:02:52.0546 1972 IntelIde - ok
06:02:52.0593 1972 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:02:52.0593 1972 intelppm - ok
06:02:52.0656 1972 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:02:52.0671 1972 Ip6Fw - ok
06:02:52.0734 1972 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:02:52.0734 1972 IpFilterDriver - ok
06:02:52.0781 1972 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:02:52.0781 1972 IpInIp - ok
06:02:52.0828 1972 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:02:52.0843 1972 IpNat - ok
06:02:52.0984 1972 iPod Service (1cb96e83fd76eb5580451cef29e24303) C:\Program Files\iPod\bin\iPodService.exe
06:02:53.0000 1972 iPod Service - ok
06:02:53.0062 1972 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:02:53.0062 1972 IPSec - ok
06:02:53.0156 1972 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:02:53.0156 1972 IRENUM - ok
06:02:53.0250 1972 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:02:53.0250 1972 isapnp - ok
06:02:53.0421 1972 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
06:02:53.0437 1972 JavaQuickStarterService - ok
06:02:53.0484 1972 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:02:53.0484 1972 Kbdclass - ok
06:02:53.0515 1972 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:02:53.0515 1972 kbdhid - ok
06:02:53.0562 1972 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:02:53.0578 1972 kmixer - ok
06:02:53.0656 1972 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:02:53.0656 1972 KSecDD - ok
06:02:53.0750 1972 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
06:02:53.0750 1972 lanmanserver - ok
06:02:53.0859 1972 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
06:02:53.0875 1972 lanmanworkstation - ok
06:02:53.0906 1972 lbrtfdc - ok
06:02:54.0031 1972 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
06:02:54.0031 1972 LmHosts - ok
06:02:54.0078 1972 lxcc_device - ok
06:02:54.0125 1972 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
06:02:54.0140 1972 MBAMSwissArmy - ok
06:02:54.0203 1972 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
06:02:54.0203 1972 Messenger - ok
06:02:54.0296 1972 mmc_2K (0a35ad036de912858a1c5e9637840724) C:\WINDOWS\system32\drivers\mmc_2K.sys
06:02:54.0296 1972 mmc_2K - ok
06:02:54.0375 1972 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:02:54.0375 1972 mnmdd - ok
06:02:54.0437 1972 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
06:02:54.0437 1972 mnmsrvc - ok
06:02:54.0484 1972 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:02:54.0500 1972 Modem - ok
06:02:54.0546 1972 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
06:02:54.0546 1972 MODEMCSA - ok
06:02:54.0609 1972 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
06:02:54.0609 1972 mohfilt - ok
06:02:54.0656 1972 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:02:54.0656 1972 Mouclass - ok
06:02:54.0718 1972 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:02:54.0718 1972 mouhid - ok
06:02:54.0765 1972 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:02:54.0781 1972 MountMgr - ok
06:02:54.0875 1972 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
06:02:54.0890 1972 MozillaMaintenance - ok
06:02:55.0000 1972 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
06:02:55.0015 1972 MpFilter - ok
06:02:55.0109 1972 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
06:02:55.0109 1972 mraid35x - ok
06:02:55.0171 1972 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:02:55.0187 1972 MRxDAV - ok
06:02:55.0281 1972 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:02:55.0296 1972 MRxSmb - ok
06:02:55.0359 1972 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
06:02:55.0359 1972 MSDTC - ok
06:02:55.0437 1972 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:02:55.0437 1972 Msfs - ok
06:02:55.0468 1972 MSIServer - ok
06:02:55.0515 1972 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:02:55.0515 1972 MSKSSRV - ok
06:02:55.0578 1972 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:02:55.0578 1972 MSPCLOCK - ok
06:02:55.0625 1972 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:02:55.0625 1972 MSPQM - ok
06:02:55.0687 1972 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:02:55.0687 1972 mssmbios - ok
06:02:55.0750 1972 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:02:55.0765 1972 Mup - ok
06:02:55.0828 1972 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
06:02:55.0843 1972 napagent - ok
06:02:55.0906 1972 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:02:55.0921 1972 NDIS - ok
06:02:56.0000 1972 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:02:56.0000 1972 NdisTapi - ok
06:02:56.0062 1972 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:02:56.0062 1972 Ndisuio - ok
06:02:56.0093 1972 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:02:56.0109 1972 NdisWan - ok
06:02:56.0171 1972 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:02:56.0171 1972 NDProxy - ok
06:02:56.0218 1972 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:02:56.0218 1972 NetBIOS - ok
06:02:56.0281 1972 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:02:56.0296 1972 NetBT - ok
06:02:56.0359 1972 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
06:02:56.0359 1972 NetDDE - ok
06:02:56.0390 1972 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
06:02:56.0406 1972 NetDDEdsdm - ok
06:02:56.0453 1972 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:02:56.0453 1972 Netlogon - ok
06:02:56.0500 1972 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
06:02:56.0515 1972 Netman - ok
06:02:56.0687 1972 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
06:02:56.0703 1972 NetSvc - ok
06:02:56.0828 1972 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:02:56.0828 1972 NetTcpPortSharing - ok
06:02:56.0921 1972 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
06:02:56.0937 1972 Nla - ok
06:02:57.0015 1972 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:02:57.0015 1972 Npfs - ok
06:02:57.0109 1972 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:02:57.0125 1972 Ntfs - ok
06:02:57.0218 1972 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:02:57.0218 1972 NtLmSsp - ok
06:02:57.0296 1972 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
06:02:57.0312 1972 NtmsSvc - ok
06:02:57.0390 1972 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:02:57.0390 1972 Null - ok
06:02:57.0531 1972 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:02:57.0578 1972 nv - ok
06:02:57.0812 1972 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:02:57.0812 1972 NwlnkFlt - ok
06:02:57.0859 1972 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:02:57.0859 1972 NwlnkFwd - ok
06:02:57.0953 1972 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
06:02:57.0953 1972 Parport - ok
06:02:58.0015 1972 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:02:58.0015 1972 PartMgr - ok
06:02:58.0078 1972 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:02:58.0078 1972 ParVdm - ok
06:02:58.0140 1972 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:02:58.0140 1972 PCI - ok
06:02:58.0203 1972 PCIDump - ok
06:02:58.0265 1972 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:02:58.0265 1972 PCIIde - ok
06:02:58.0343 1972 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:02:58.0343 1972 Pcmcia - ok
06:02:58.0375 1972 PDCOMP - ok
06:02:58.0421 1972 PDFRAME - ok
06:02:58.0453 1972 PDRELI - ok
06:02:58.0484 1972 PDRFRAME - ok
06:02:58.0546 1972 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
06:02:58.0546 1972 perc2 - ok
06:02:58.0593 1972 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
06:02:58.0593 1972 perc2hib - ok
06:02:58.0734 1972 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
06:02:58.0734 1972 PlugPlay - ok
06:02:58.0796 1972 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:02:58.0796 1972 PolicyAgent - ok
06:02:58.0921 1972 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:02:58.0937 1972 PptpMiniport - ok
06:02:58.0968 1972 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:02:58.0968 1972 ProtectedStorage - ok
06:02:59.0031 1972 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:02:59.0031 1972 PSched - ok
06:02:59.0093 1972 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:02:59.0093 1972 Ptilink - ok
06:02:59.0171 1972 pwd_2K (1840112f3f3b7ece84dbbd93a70c4135) C:\WINDOWS\system32\drivers\pwd_2K.sys
06:02:59.0171 1972 pwd_2K - ok
06:02:59.0234 1972 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:02:59.0250 1972 PxHelp20 - ok
06:02:59.0328 1972 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
06:02:59.0328 1972 ql1080 - ok
06:02:59.0406 1972 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
06:02:59.0406 1972 Ql10wnt - ok
06:02:59.0500 1972 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
06:02:59.0515 1972 ql12160 - ok
06:02:59.0546 1972 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
06:02:59.0546 1972 ql1240 - ok
06:02:59.0593 1972 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
06:02:59.0593 1972 ql1280 - ok
06:02:59.0656 1972 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:02:59.0687 1972 RasAcd - ok
06:02:59.0734 1972 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
06:02:59.0734 1972 RasAuto - ok
06:02:59.0781 1972 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:02:59.0781 1972 Rasl2tp - ok
06:02:59.0843 1972 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
06:02:59.0859 1972 RasMan - ok
06:02:59.0921 1972 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:02:59.0921 1972 RasPppoe - ok
06:02:59.0968 1972 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:02:59.0968 1972 Raspti - ok
06:03:00.0015 1972 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:03:00.0031 1972 Rdbss - ok
06:03:00.0078 1972 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:03:00.0078 1972 RDPCDD - ok
06:03:00.0156 1972 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:03:00.0171 1972 rdpdr - ok
06:03:00.0265 1972 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
06:03:00.0281 1972 RDPWD - ok
06:03:00.0359 1972 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
06:03:00.0375 1972 RDSessMgr - ok
06:03:00.0421 1972 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:03:00.0421 1972 redbook - ok
06:03:00.0484 1972 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
06:03:00.0484 1972 RemoteAccess - ok
06:03:00.0546 1972 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
06:03:00.0546 1972 RpcLocator - ok
06:03:00.0640 1972 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
06:03:00.0656 1972 RpcSs - ok
06:03:00.0734 1972 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
06:03:00.0750 1972 RSVP - ok
06:03:00.0812 1972 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:03:00.0812 1972 SamSs - ok
06:03:00.0890 1972 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
06:03:00.0890 1972 SbcpHid - ok
06:03:00.0937 1972 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
06:03:00.0937 1972 SCardSvr - ok
06:03:01.0015 1972 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
06:03:01.0031 1972 Schedule - ok
06:03:01.0109 1972 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:03:01.0109 1972 Secdrv - ok
06:03:01.0171 1972 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
06:03:01.0171 1972 seclogon - ok
06:03:01.0281 1972 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
06:03:01.0312 1972 senfilt - ok
06:03:01.0375 1972 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
06:03:01.0375 1972 SENS - ok
06:03:01.0421 1972 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:03:01.0421 1972 serenum - ok
06:03:01.0468 1972 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
06:03:01.0468 1972 Serial - ok
06:03:01.0578 1972 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:03:01.0578 1972 Sfloppy - ok
06:03:01.0656 1972 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:03:01.0671 1972 ShellHWDetection - ok
06:03:01.0703 1972 Simbad - ok
06:03:01.0765 1972 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
06:03:01.0765 1972 sisagp - ok
06:03:01.0875 1972 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
06:03:01.0890 1972 smwdm - ok
06:03:01.0984 1972 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
06:03:01.0984 1972 SONYPVU1 - ok
06:03:02.0109 1972 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
06:03:02.0109 1972 Sparrow - ok
06:03:02.0125 1972 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:03:02.0125 1972 splitter - ok
06:03:02.0187 1972 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
06:03:02.0187 1972 Spooler - ok
06:03:02.0328 1972 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys
06:03:02.0328 1972 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
06:03:02.0328 1972 sptd ( LockedFile.Multi.Generic ) - warning
06:03:02.0328 1972 sptd - detected LockedFile.Multi.Generic (1)
06:03:02.0375 1972 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:03:02.0375 1972 sr - ok
06:03:02.0437 1972 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
06:03:02.0453 1972 srservice - ok
06:03:02.0546 1972 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:03:02.0578 1972 Srv - ok
06:03:02.0656 1972 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
06:03:02.0656 1972 SSDPSRV - ok
06:03:02.0718 1972 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
06:03:02.0750 1972 stisvc - ok
06:03:02.0781 1972 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:03:02.0796 1972 swenum - ok
06:03:02.0859 1972 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:03:02.0859 1972 swmidi - ok
06:03:02.0890 1972 SwPrv - ok
06:03:02.0968 1972 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
06:03:02.0984 1972 symc810 - ok
06:03:03.0015 1972 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
06:03:03.0015 1972 symc8xx - ok
06:03:03.0046 1972 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
06:03:03.0046 1972 sym_hi - ok
06:03:03.0078 1972 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
06:03:03.0078 1972 sym_u3 - ok
06:03:03.0140 1972 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:03:03.0140 1972 sysaudio - ok
06:03:03.0203 1972 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
06:03:03.0203 1972 SysmonLog - ok
06:03:03.0265 1972 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
06:03:03.0281 1972 TapiSrv - ok
06:03:03.0343 1972 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:03:03.0359 1972 Tcpip - ok
06:03:03.0437 1972 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:03:03.0437 1972 TDPIPE - ok
06:03:03.0500 1972 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:03:03.0500 1972 TDTCP - ok
06:03:03.0562 1972 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:03:03.0562 1972 TermDD - ok
06:03:03.0671 1972 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
06:03:03.0687 1972 TermService - ok
06:03:03.0750 1972 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:03:03.0750 1972 Themes - ok
06:03:03.0828 1972 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
06:03:03.0828 1972 TosIde - ok
06:03:03.0937 1972 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
06:03:03.0937 1972 TrkWks - ok
06:03:04.0031 1972 UdfReadr_xp (e1b5bfba7f1cde1fc28934639e83b3cf) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
06:03:04.0046 1972 UdfReadr_xp - ok
06:03:04.0140 1972 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:03:04.0140 1972 Udfs - ok
06:03:04.0218 1972 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
06:03:04.0234 1972 ultra - ok
06:03:04.0281 1972 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:03:04.0296 1972 Update - ok
06:03:04.0359 1972 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
06:03:04.0375 1972 upnphost - ok
06:03:04.0421 1972 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
06:03:04.0421 1972 UPS - ok
06:03:04.0468 1972 USBAAPL - ok
06:03:04.0546 1972 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
06:03:04.0546 1972 usbaudio - ok
06:03:04.0640 1972 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:03:04.0640 1972 usbccgp - ok
06:03:04.0687 1972 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:03:04.0687 1972 usbehci - ok
06:03:04.0718 1972 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:03:04.0734 1972 usbhub - ok
06:03:04.0796 1972 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:03:04.0796 1972 usbprint - ok
06:03:04.0843 1972 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:03:04.0859 1972 usbscan - ok
06:03:04.0937 1972 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:03:04.0937 1972 USBSTOR - ok
06:03:05.0000 1972 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:03:05.0000 1972 usbuhci - ok
06:03:05.0078 1972 UxTuneUp (d3986793dedc6bb93db4da5a793e42ce) C:\WINDOWS\System32\uxtuneup.dll
06:03:05.0078 1972 UxTuneUp - ok
06:03:05.0125 1972 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:03:05.0125 1972 VgaSave - ok
06:03:05.0203 1972 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
06:03:05.0218 1972 viaagp - ok
06:03:05.0281 1972 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
06:03:05.0281 1972 ViaIde - ok
06:03:05.0343 1972 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:03:05.0343 1972 VolSnap - ok
06:03:05.0437 1972 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
06:03:05.0453 1972 VSS - ok
06:03:05.0500 1972 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
06:03:05.0515 1972 w32time - ok
06:03:05.0609 1972 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:03:05.0609 1972 Wanarp - ok
06:03:05.0656 1972 wanatw - ok
06:03:05.0703 1972 WDICA - ok
06:03:05.0750 1972 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:03:05.0765 1972 wdmaud - ok
06:03:05.0812 1972 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
06:03:05.0828 1972 WebClient - ok
06:03:05.0968 1972 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
06:03:05.0984 1972 winmgmt - ok
06:03:06.0078 1972 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
06:03:06.0078 1972 WmdmPmSN - ok
06:03:06.0187 1972 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:03:06.0203 1972 WmiApSrv - ok
06:03:06.0390 1972 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
06:03:06.0437 1972 WMPNetworkSvc - ok
06:03:06.0562 1972 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:03:06.0562 1972 WS2IFSL - ok
06:03:06.0593 1972 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:03:06.0609 1972 WudfPf - ok
06:03:06.0656 1972 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:03:06.0656 1972 WudfRd - ok
06:03:06.0734 1972 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
06:03:06.0734 1972 WudfSvc - ok
06:03:06.0796 1972 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
06:03:06.0812 1972 WZCSVC - ok
06:03:06.0875 1972 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
06:03:06.0890 1972 xmlprov - ok
06:03:06.0968 1972 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
06:03:07.0562 1972 \Device\Harddisk0\DR0 - ok
06:03:07.0609 1972 Boot (0x1200) (f1e789b7e2561aaee3e8befae321566f) \Device\Harddisk0\DR0\Partition0
06:03:07.0609 1972 \Device\Harddisk0\DR0\Partition0 - ok
06:03:07.0609 1972 ============================================================
06:03:07.0609 1972 Scan finished
06:03:07.0609 1972 ============================================================
06:03:07.0671 1444 Detected object count: 1
06:03:07.0671 1444 Actual detected object count: 1
06:04:37.0218 1444 sptd ( LockedFile.Multi.Generic ) - skipped by user
06:04:37.0218 1444 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
06:04:40.0125 1484 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-08 12:31:35
-----------------------------
12:31:35.359 OS Version: Windows 5.1.2600 Service Pack 3
12:31:35.359 Number of processors: 1 586 0x401
12:31:35.359 ComputerName: RUSTY UserName:
12:31:38.453 Initialize success
12:32:37.609 AVAST engine defs: 12080800
12:32:51.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:32:51.437 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3
12:32:51.500 Disk 0 MBR read successfully
12:32:51.515 Disk 0 MBR scan
12:32:51.750 Disk 0 unknown MBR code
12:32:51.765 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
12:32:51.796 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 35000 MB offset 80325
12:32:51.843 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3098 MB offset 71762355
12:32:51.859 Disk 0 scanning sectors +78108030
12:32:51.953 Disk 0 scanning C:\WINDOWS\system32\drivers
12:33:12.296 Service scanning
12:33:43.796 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
12:33:51.671 Modules scanning
12:34:10.125 Disk 0 trace - called modules:
12:34:10.203 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spgf.sys hal.dll >>UNKNOWN [0x8a346938]<<
12:34:10.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2bd290]
12:34:10.296 3 CLASSPNP.SYS[f76b7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a302d98]
12:34:10.703 AVAST engine scan C:\WINDOWS
12:34:28.906 AVAST engine scan C:\WINDOWS\system32
12:39:05.921 AVAST engine scan C:\WINDOWS\system32\drivers
12:39:33.046 AVAST engine scan C:\Documents and Settings\Laurel
13:43:01.562 AVAST engine scan C:\Documents and Settings\All Users
13:46:11.203 Scan finished successfully
13:46:46.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Laurel\My Documents\MBR.dat"
13:46:46.781 The log file has been saved successfully to "C:\Documents and Settings\Laurel\My Documents\aswMBR.txt"

Edited by hyperboreal, 08 August 2012 - 06:13 PM.


#6 hyperboreal

hyperboreal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 08 August 2012 - 06:13 PM

ESET:

C:\Documents and Settings\All Users\Application Data\6F63A55702CCD08D0009452F7B07D329\6F63A55702CCD08D0009452F7B07D329.exe a variant of Win32/Kryptik.AJQQ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\4TY7C9MF\screensavers_28[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\Laurel\Local Settings\Application Data\{38d19d00-72da-9216-2bb6-9cb9307e3550}\n a variant of Win32/Kryptik.AJOX trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Laurel\Local Settings\Temp\NOD489.tmp a variant of Win32/Kryptik.AJOX trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AZKY3KU0\fw_dnslink_com[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ECHXXTJ8\firstload_com[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\WINDOWS\Installer\{38d19d00-72da-9216-2bb6-9cb9307e3550}\n a variant of Win32/Kryptik.AJOX trojan cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\Installer\{38d19d00-72da-9216-2bb6-9cb9307e3550}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{38d19d00-72da-9216-2bb6-9cb9307e3550}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan cleaned by deleting - quarantined
Operating memory multiple threats

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:38 PM

Posted 09 August 2012 - 12:40 AM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{38d19d00-72da-9216-2bb6-9cb9307e3550}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#8 hyperboreal

hyperboreal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 09 August 2012 - 07:40 PM

SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 07:02 on 09/08/2012 by Laurel
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\I386\SERVICES.EXE --a--c- 108032 bytes [01:13 10/05/2005] [10:00 04/08/2004] C6CE6EEC82F187615D1002BB3BB50ED4
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe --a---- 110592 bytes [22:19 15/04/2009] [11:06 06/02/2009] 020CEAAEDC8EB655B6506B8C70D53BB6
C:\WINDOWS\$NtServicePackUninstall$\services.exe -----c- 108032 bytes [12:00 15/08/2008] [10:00 04/08/2004] C6CE6EEC82F187615D1002BB3BB50ED4
C:\WINDOWS\$NtUninstallKB956572$\services.exe -----c- 108544 bytes [07:25 16/04/2009] [00:12 14/04/2008] 0E776ED5F7CC9F94299E70461B7B8185
C:\WINDOWS\ServicePackFiles\i386\services.exe -----c- 108544 bytes [01:38 05/08/2008] [00:12 14/04/2008] 0E776ED5F7CC9F94299E70461B7B8185
C:\WINDOWS\SYSTEM32\services.exe ------- 110592 bytes [10:00 04/08/2004] [11:11 06/02/2009] 65DF52F5B8B6E9BBD183505225C37315
C:\WINDOWS\SYSTEM32\DLLCACHE\services.exe ------- 110592 bytes [22:19 15/04/2009] [11:11 06/02/2009] 65DF52F5B8B6E9BBD183505225C37315

========== folderfind ==========

Searching for "{38d19d00-72da-9216-2bb6-9cb9307e3550}"
C:\Documents and Settings\Laurel\Local Settings\Application Data\{38d19d00-72da-9216-2bb6-9cb9307e3550} d--hs-- [10:00 04/08/2004]
C:\WINDOWS\Installer\{38d19d00-72da-9216-2bb6-9cb9307e3550} d--hs-- [10:00 04/08/2004]

-= EOF =-

I don't know if you need it, but here is the log for the first MalwayreBytes scan. The second one came back clean:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.09.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.5730.13
Laurel :: RUSTY [administrator]

8/9/2012 7:33:04 AM
mbam-log-2012-08-09 (12-22-01).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 393744
Time elapsed: 1 hour(s), 23 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Laurel\Local Settings\Application Data\{38d19d00-72da-9216-2bb6-9cb9307e3550}\n. -> No action taken.

Registry Data Items Detected: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{38d19d00-72da-9216-2bb6-9cb9307e3550}\n.) Good: (wbemess.dll) -> No action taken.

Folders Detected: 1
C:\Documents and Settings\Laurel\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> No action taken.

Files Detected: 3
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2298\A0437572.exe (Trojan.LameShield) -> No action taken.
C:\WINDOWS\Installer\{38d19d00-72da-9216-2bb6-9cb9307e3550}\U\800000cb.@ (Rootkit.0Access) -> No action taken.
C:\Documents and Settings\Laurel\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> No action taken.

(end)

Minitoolbox log:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Laurel (administrator) on 09-08-2012 at 17:58:41
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Rusty

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : mj.shawcable.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : mj.shawcable.net

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-E2-CE-26

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.108

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 64.59.176.15

64.59.177.227

Lease Obtained. . . . . . . . . . : Thursday, August 09, 2012 5:51:52 PM

Lease Expires . . . . . . . . . . : Friday, August 10, 2012 5:51:52 PM

Server: nsc2.nr.wp.shawcable.net
Address: 64.59.176.15

Name: google.com
Addresses: 74.125.225.2, 74.125.225.5, 74.125.225.9, 74.125.225.6
74.125.225.14, 74.125.225.4, 74.125.225.3, 74.125.225.0, 74.125.225.1
74.125.225.7, 74.125.225.8



Pinging google.com [74.125.225.2] with 32 bytes of data:



Reply from 74.125.225.2: bytes=32 time=37ms TTL=57

Reply from 74.125.225.2: bytes=32 time=38ms TTL=57



Ping statistics for 74.125.225.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 37ms, Maximum = 38ms, Average = 37ms

Server: nsc2.nr.wp.shawcable.net
Address: 64.59.176.15

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=93ms TTL=53

Reply from 72.30.38.140: bytes=32 time=131ms TTL=53



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 93ms, Maximum = 131ms, Average = 112ms

Server: nsc2.nr.wp.shawcable.net
Address: 64.59.176.15

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 e2 ce 26 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.108 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.108 192.168.1.108 20
192.168.1.108 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.108 192.168.1.108 20
224.0.0.0 240.0.0.0 192.168.1.108 192.168.1.108 20
255.255.255.255 255.255.255.255 192.168.1.108 192.168.1.108 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/09/2012 06:42:41 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (08/09/2012 04:37:30 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (08/03/2012 08:37:10 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/03/2012 08:37:10 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/13/2012 07:07:35 AM) (Source: Bonjour Service) (User: )
Description: 224: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (07/13/2012 06:55:25 AM) (Source: Bonjour Service) (User: )
Description: 204: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (06/15/2012 02:55:02 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (05/30/2012 05:50:31 PM) (Source: Bonjour Service) (User: )
Description: 232: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (05/30/2012 05:44:32 PM) (Source: Bonjour Service) (User: )
Description: 240: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (05/30/2012 07:12:33 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 12.0.0.4493, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (08/09/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/09/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdudf_xp
Fips
intelppm
MpFilter
SbcpHid

Error: (08/09/2012 05:52:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/09/2012 00:43:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/09/2012 00:42:15 PM) (Source: Print) (User: NT AUTHORITY)
Description: Sharing printer failed + 1722, Printer LexmarkFax share name Printer2.

Error: (08/09/2012 00:40:45 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/09/2012 00:25:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/09/2012 00:25:07 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
abp480n5
adpu160m
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
AliIde
alim1541
amdagp
amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
cdudf_xp
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
Fips
hpn
i2omp
ini910u
IntelIde
intelppm
MpFilter
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
SbcpHid
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error: (08/09/2012 00:24:10 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/09/2012 00:22:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (08/09/2012 06:42:41 AM) (Source: WinMgmt)(User: )
Description:

Error: (08/09/2012 04:37:30 AM) (Source: WinMgmt)(User: )
Description:

Error: (08/03/2012 08:37:10 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/03/2012 08:37:10 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/13/2012 07:07:35 AM) (Source: Bonjour Service)(User: )
Description: 224: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (07/13/2012 06:55:25 AM) (Source: Bonjour Service)(User: )
Description: 204: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (06/15/2012 02:55:02 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (05/30/2012 05:50:31 PM) (Source: Bonjour Service)(User: )
Description: 232: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (05/30/2012 05:44:32 PM) (Source: Bonjour Service)(User: )
Description: 240: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (05/30/2012 07:12:33 AM) (Source: Application Hang)(User: )
Description: firefox.exe12.0.0.4493hungapp0.0.0.000000000


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.3.300.270)
Adobe Flash Player 9 ActiveX (Version: 9)
Adobe Reader 9.3 (Version: 9.3.0)
Adobe Shockwave Player (Version: 10.2.0.23)
Apple Application Support (Version: 1.3.1)
Apple Software Update (Version: 2.1.1.116)
Ask Toolbar (Version: 1.15.4.0)
Ask Toolbar Updater (Version: 1.2.2.23821)
Audacity 1.2.6
Barbarossa Kampagne Version 2.0
BIG-IP Edge Client Components (All Users) (Version: 70.2011.0622.1118)
Bonjour (Version: 2.0.2.0)
Bonjour Print Services (Version: 2.0.2.0)
Canadian Pacific Alco C630 Locomotives (Version: 1.0.0)
Canadian Pacific Holiday Train (Version: 1.1.0)
CD Box Labeler Pro (Version: 1.9.9G)
CPR AC4400 9590 (Version: 1.0.0)
CPR CLC-FM Locomotive Pack (Version: 1.0.0)
CPR GP38 3012 (Version: 1.0.0)
CPR Green Goat GG20B locomotives (Version: 1.0.0)
CPR Heritage RSD17 (Version: 1.0.0)
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell System Restore (Version: 2.00.0000)
DVD Photo Slideshow Pro 7.61 (Version: 7.61)
DVDVideoSoftTB Toolbar (Version: )
Easy CD Creator 5 Basic (Version: 5.0.0.0000)
ESET Online Scanner v3
European Air War
EZ Vinyl Converter 2.0.0 by MixMeister
Free Audio CD Burner version 1.3
Free Studio version 4.8
Free YouTube to MP3 Converter version 3.5
Game Console - WildGames
Handbrake 0.9.4 (Version: 0.9.4)
Intel® 537EP V9x DFV PCI Modem
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections (Version: 8.00.5000)
iPod for Windows 2006-01-10 (Version: 4.7.0)
iTunes (Version: 7.6.2.9)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Lexmark 3300 Series
Lexmark Fax Solutions
Mahjongg Platinum 2 (Version: 2.00.06.08.08)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft User-Mode Driver Framework Feature Pack 1.9
MLT Kicking Horse Pass CPR Demo Route (Version: 1.0.0)
Moraff's MahJongg 2005 Luxury Edition
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero Suite
Norton Security Scan (Version: 2.0.0)
Paint.NET v3.36 (Version: 3.36.0)
Pandrol Jackson Railgrinding Train (Version: 1.0.0)
QuickTax 2007 (Version: 1.00.0000)
QuickTax 2008 (Version: 1.00.0000)
QuickTax 2009 (Version: 1.00.0000)
QuickTime (Version: 7.4.5.67)
RealPlayer Basic
Royal Canadian Pacific Luxury Train (Version: 1.0.0)
Safari (Version: 5.33.17.8)
SD40-2_Content_Update (Version: 1.00.0000)
Segoe UI (Version: 14.0.4327.805)
Shaw Internet Update 3.3.1
Shaw Support 3.1.30
Sperry Rail Detector Car (Version: 1.0.0)
The CPR Canadian - 1955 (Version: 1.0.0)
The CPR Empress (Version: 1.0.0)
The Sims Deluxe Edition
TuneUp Utilities 2007 (Version: 6.0.2200)
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 1.0.3 (Version: 1.0.3)
WebFldrs XP (Version: 9.50.7523)
WildTangent Web Driver
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 10 Hotfix - KB895316
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WordPerfect Office 12 (Version: 12.0.0.238)

========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 1277.98 MB
Available physical RAM: 1007.79 MB
Total Pagefile: 1515.37 MB
Available Pagefile: 1426.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.46 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:34.18 GB) (Free:2.33 GB) NTFS

========================= Users: ========================================

User accounts for \\RUSTY

Administrator Guest HelpAssistant
Laurel SUPPORT_388945a0


**** End of log ****

#9 hyperboreal

hyperboreal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 09 August 2012 - 07:44 PM

Microsoft Security Essentials says "it isn't monitoring my PC because the program's service stopped." The real-time protection is off and the virus and spyware definitions are out of date. Can I turn it back on now?

FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by Laurel (administrator) on 09-08-2012 at 18:05:06
Running from "C:\Documents and Settings\Laurel\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

adware cleaner:

# AdwCleaner v1.800 - Logfile created 08/09/2012 at 18:25:25
# Updated 01/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Laurel - RUSTY
# Running from : C:\Documents and Settings\Laurel\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Laurel\Application Data\Mozilla\Firefox\Profiles\q40x7d3s.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Laurel\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [297 octets] - [09/08/2012 18:21:34]
AdwCleaner[S2].txt - [13495 octets] - [09/08/2012 18:21:56]
AdwCleaner[S3].txt - [1061 octets] - [09/08/2012 18:25:25]

########## EOF - C:\AdwCleaner[S3].txt - [1189 octets] ##########

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:38 PM

Posted 09 August 2012 - 08:35 PM

Open your C drive

On top,click on Tools-folder options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Documents and Settings\Laurel\Local Settings\Application Data\{38d19d00-72da-9216-2bb6-9cb9307e3550}
C:\WINDOWS\Installer\{38d19d00-72da-9216-2bb6-9cb9307e3550}

delete the folders

Download

Sharedaccess
wscsvc
BITS
wuauserv

Launch them,click YES

Restart the PC,post the new FSS log

#11 jrw1949

jrw1949

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 10 August 2012 - 04:22 PM

Hi - back after a relatively virus free life the past few years.

On the infected computer (Dell Optiplex) 270 GN running XP) the Live Security Platinum virus refuses to let you go online whether it be through the wi fi or the ethernet. So having followed the directions above, of course none of the five programs could get any live updates off the Web - so their effectiveness might be limited having to download onto a thumb drive and ported over.

FixExec - even the renamed dot com version blinked once said it found nothing and closed
Kaspersy ran and found nothing
TDS couldn't open ``because it was infected''
esetsmartinstaller couldn't open ``because it was infected''
asw scanned and found nothing.

Directions also say nothing about posting - or not - a HijackThis log - or however they call it now. Since HijackThis is not ComboFix I fugured the usual process of posting HJT log still applies all these years later. So it's posted below the other log just in case.

Log Below.

Jack.

Also - since not much of this appears to be working:

Is there a way to
1. just use another hard drive
2. install Windows from scratch on that
3. have that be the hard drive
4. mount the original hard drive into a caddy
5. attach the caddy to a clean computer
6. run the virus removal programs on there
7. re-install the original hard drive in the formerly infected computer?

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 13:48:18
-----------------------------
13:48:18.796 OS Version: Windows 5.1.2600 Service Pack 3
13:48:18.796 Number of processors: 2 586 0x304
13:48:18.796 ComputerName: USER-1A3E992A42 UserName: Administrator
13:48:19.328 Initialize success
13:48:28.218 AVAST engine download error: 0
13:48:36.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:48:36.187 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
13:48:36.203 Disk 0 MBR read successfully
13:48:36.203 Disk 0 MBR scan
13:48:36.203 Disk 0 Windows XP default MBR code
13:48:36.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76293 MB offset 63
13:48:36.203 Disk 0 scanning sectors +156248190
13:48:36.281 Disk 0 scanning C:\WINDOWS\system32\drivers
13:48:44.656 Service scanning
13:49:02.625 Modules scanning
13:49:09.859 Disk 0 trace - called modules:
13:49:09.875 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
13:49:09.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8735aab8]
13:49:09.875 3 CLASSPNP.SYS[f7757fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8735cd98]
13:49:09.875 Scan finished successfully
13:49:44.296 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
13:49:44.328 The log file has been saved successfully to "E:\aswMBR log 8-10-12.txt"


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:16:19 PM, on 8/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
E:\new killers\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120925093358.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O3 - Toolbar: (no name) - !{cf51de5b-eb36-4114-bb69-84df63fbadb4} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231795662274
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe

--
End of file - 6962 bytes

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:38 PM

Posted 10 August 2012 - 04:24 PM

jrw1949

create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Edited by narenxp, 10 August 2012 - 04:24 PM.


#13 hborea

hborea

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 12 August 2012 - 06:10 AM

I forgot my password and didn't want to use the infected computer to sign in...

I think saving that computer is impossible. I tried to access this forum to follow the next steps and it kept redirecting me to different websites. Google Cache worked, however, on other sites. After a quick Google search, I learned that redirect problems often come from rootkits... if I ran MalwareBytes and it supposedly got rid of the other rootkits, why is this suddenly happening? This didn't happen two days ago and the computer hasn't been on since then.

Is there any way to back up or save the photos and documents on that computer? Will the viruses/trojans/rootkits somehow be transferred to another computer from, say, a CD or a USB thumbdrive holding the backed up information? If I completely wiped the hard drive and re-installed Windows, would there still be rootkit/security problems?

Edited by hborea, 12 August 2012 - 06:10 AM.


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:38 PM

Posted 12 August 2012 - 06:13 AM

Do you have any issues following these steps?

Open your C drive

On top,click on Tools-folder options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Documents and Settings\Laurel\Local Settings\Application Data\{38d19d00-72da-9216-2bb6-9cb9307e3550}
C:\WINDOWS\Installer\{38d19d00-72da-9216-2bb6-9cb9307e3550}

delete the folders

Download

Sharedaccess
wscsvc
BITS
wuauserv

Launch them,click YES

Restart the PC,post the new FSS log



#15 hborea

hborea

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 12 August 2012 - 06:29 AM

No problems at all with that. I finished doing it but am now running another MalwareBytes scan to see if I can find anything about this redirect virus.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users