Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Once Trojans are removed how do you get back to normal


  • Please log in to reply
14 replies to this topic

#1 TinyTechy

TinyTechy

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 29 August 2012 - 09:41 PM

I ran Microsoft security essentials it found
1) Winwebsec
2) Win32/Medfos.gen!A
3) Win32/Medfos.b
4) Win32/Sirefef.AZ
5) Win32/Sirefef.AQ
6) Win32/Sirefef.AL

I know all of these are Trojans and according to Norton antivirus scan and Microsoft Security Essentials My Dell Windows Xp media edition is free of these pains in my.......

I can now access my firewall
I can now turn on security

What I can not do
1) is get rid of the lag
2) Most web pages I go to they can't be opened
3) there are boxes were pictures should be

I am new if I posted wrong please forgive me and let me know if there is anything else I can do. Thanks for your time.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:54 AM

Posted 29 August 2012 - 09:50 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 TinyTechy

TinyTechy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 29 August 2012 - 10:39 PM

Scans are coming shortly I am waiting for the avast to finish now. Thanks again for your assistance.

#4 TinyTechy

TinyTechy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 30 August 2012 - 12:20 AM

The last program you are having me scan has found more threats do I just report the scan log or do I hit fix?

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:54 AM

Posted 30 August 2012 - 12:21 AM

Hit fix

#6 TinyTechy

TinyTechy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 30 August 2012 - 12:22 AM

Thanks :thumbup2:

#7 TinyTechy

TinyTechy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 30 August 2012 - 02:57 AM

Sorry it took awhile. Here are the scans.


TDSSKILLER Scan

23:11:01.0171 1076 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:11:02.0421 1076 ============================================================
23:11:02.0421 1076 Current date / time: 2012/08/29 23:11:02.0421
23:11:02.0421 1076 SystemInfo:
23:11:02.0421 1076
23:11:02.0421 1076 OS Version: 5.1.2600 ServicePack: 3.0
23:11:02.0421 1076 Product type: Workstation
23:11:02.0421 1076 ComputerName: MINE-C801AF845E
23:11:02.0421 1076 UserName: Administrator
23:11:02.0421 1076 Windows directory: C:\WINDOWS
23:11:02.0421 1076 System windows directory: C:\WINDOWS
23:11:02.0421 1076 Processor architecture: Intel x86
23:11:02.0421 1076 Number of processors: 1
23:11:02.0421 1076 Page size: 0x1000
23:11:02.0421 1076 Boot type: Normal boot
23:11:02.0421 1076 ============================================================
23:11:06.0171 1076 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:11:06.0203 1076 ============================================================
23:11:06.0203 1076 \Device\Harddisk0\DR0:
23:11:06.0203 1076 MBR partitions:
23:11:06.0203 1076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
23:11:06.0203 1076 ============================================================
23:11:06.0250 1076 C: <-> \Device\Harddisk0\DR0\Partition1
23:11:06.0250 1076 ============================================================
23:11:06.0250 1076 Initialize success
23:11:06.0250 1076 ============================================================
23:11:13.0718 1744 ============================================================
23:11:13.0718 1744 Scan started
23:11:13.0718 1744 Mode: Manual; TDLFS;
23:11:13.0718 1744 ============================================================
23:11:14.0203 1744 ================ Scan system memory ========================
23:11:18.0046 1744 System memory - ok
23:11:18.0046 1744 ================ Scan services =============================
23:11:18.0250 1744 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
23:11:18.0250 1744 6to4 - ok
23:11:18.0265 1744 Abiosdsk - ok
23:11:18.0281 1744 abp480n5 - ok
23:11:18.0328 1744 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:11:18.0328 1744 ACPI - ok
23:11:18.0375 1744 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:11:18.0390 1744 ACPIEC - ok
23:11:18.0421 1744 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:11:18.0421 1744 AdobeFlashPlayerUpdateSvc - ok
23:11:18.0421 1744 adpu160m - ok
23:11:18.0468 1744 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:11:18.0484 1744 aec - ok
23:11:18.0531 1744 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:11:18.0562 1744 AFD - ok
23:11:18.0562 1744 Aha154x - ok
23:11:18.0578 1744 aic78u2 - ok
23:11:18.0593 1744 aic78xx - ok
23:11:18.0625 1744 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:11:18.0640 1744 Alerter - ok
23:11:18.0671 1744 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:11:18.0671 1744 ALG - ok
23:11:18.0687 1744 AliIde - ok
23:11:18.0687 1744 amsint - ok
23:11:18.0734 1744 [ 0FA3B0CE7ED0AFE0B38C65FC53B0FC66 ] analog C:\WINDOWS\system32\DRIVERS\analog.sys
23:11:18.0765 1744 analog - ok
23:11:18.0796 1744 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:11:18.0859 1744 AppMgmt - ok
23:11:18.0859 1744 asc - ok
23:11:18.0875 1744 asc3350p - ok
23:11:18.0890 1744 asc3550 - ok
23:11:19.0015 1744 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:11:19.0015 1744 aspnet_state - ok
23:11:19.0046 1744 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:11:19.0062 1744 AsyncMac - ok
23:11:19.0109 1744 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:11:19.0109 1744 atapi - ok
23:11:19.0109 1744 Atdisk - ok
23:11:19.0140 1744 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:11:19.0171 1744 Atmarpc - ok
23:11:19.0218 1744 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:11:19.0218 1744 AudioSrv - ok
23:11:19.0265 1744 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:11:19.0281 1744 audstub - ok
23:11:19.0437 1744 [ 6D440FF3F44CA72EDFD6176C6D6A89C0 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
23:11:19.0515 1744 AVGIDSAgent - ok
23:11:19.0546 1744 [ 6699ECE24FE4B3F752A66C66A602EE86 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
23:11:19.0562 1744 avgwd - ok
23:11:19.0593 1744 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:11:19.0625 1744 Beep - ok
23:11:19.0671 1744 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\System32\qmgr.dll
23:11:19.0718 1744 BITS - ok
23:11:19.0765 1744 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:11:19.0765 1744 Browser - ok
23:11:19.0781 1744 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:11:19.0796 1744 cbidf2k - ok
23:11:19.0812 1744 cd20xrnt - ok
23:11:19.0843 1744 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:11:19.0890 1744 Cdaudio - ok
23:11:19.0937 1744 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:11:19.0984 1744 Cdfs - ok
23:11:20.0000 1744 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:11:20.0046 1744 Cdrom - ok
23:11:20.0078 1744 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
23:11:20.0093 1744 cercsr6 - ok
23:11:20.0109 1744 Changer - ok
23:11:20.0140 1744 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:11:20.0171 1744 CiSvc - ok
23:11:20.0187 1744 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:11:20.0234 1744 ClipSrv - ok
23:11:20.0281 1744 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:11:20.0296 1744 clr_optimization_v2.0.50727_32 - ok
23:11:20.0390 1744 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:11:20.0390 1744 clr_optimization_v4.0.30319_32 - ok
23:11:20.0406 1744 CmdIde - ok
23:11:20.0421 1744 COMSysApp - ok
23:11:20.0437 1744 Cpqarray - ok
23:11:20.0468 1744 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:11:20.0468 1744 CryptSvc - ok
23:11:20.0500 1744 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
23:11:20.0500 1744 ctxusbm - ok
23:11:20.0515 1744 dac2w2k - ok
23:11:20.0531 1744 dac960nt - ok
23:11:20.0578 1744 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:11:20.0593 1744 DcomLaunch - ok
23:11:20.0640 1744 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:11:20.0656 1744 Dhcp - ok
23:11:20.0703 1744 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:11:20.0734 1744 Disk - ok
23:11:20.0750 1744 dmadmin - ok
23:11:20.0781 1744 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:11:20.0859 1744 dmboot - ok
23:11:20.0875 1744 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:11:20.0906 1744 dmio - ok
23:11:20.0921 1744 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:11:20.0937 1744 dmload - ok
23:11:20.0968 1744 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:11:20.0968 1744 dmserver - ok
23:11:21.0015 1744 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:11:21.0015 1744 DMusic - ok
23:11:21.0046 1744 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:11:21.0046 1744 Dnscache - ok
23:11:21.0109 1744 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:11:21.0203 1744 Dot3svc - ok
23:11:21.0218 1744 dpti2o - ok
23:11:21.0250 1744 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:11:21.0250 1744 drmkaud - ok
23:11:21.0281 1744 [ 692B04350DB045A929AA3C04F610F4ED ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:11:21.0281 1744 E100B - ok
23:11:21.0312 1744 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:11:21.0343 1744 EapHost - ok
23:11:21.0421 1744 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
23:11:21.0421 1744 ehRecvr - ok
23:11:21.0484 1744 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
23:11:21.0484 1744 ehSched - ok
23:11:21.0531 1744 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:11:21.0531 1744 ERSvc - ok
23:11:21.0578 1744 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:11:21.0578 1744 Eventlog - ok
23:11:21.0656 1744 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:11:21.0656 1744 EventSystem - ok
23:11:21.0687 1744 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:11:21.0703 1744 Fastfat - ok
23:11:21.0750 1744 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:11:21.0781 1744 FastUserSwitchingCompatibility - ok
23:11:21.0812 1744 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
23:11:21.0843 1744 Fdc - ok
23:11:21.0890 1744 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:11:21.0921 1744 Fips - ok
23:11:21.0937 1744 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:11:21.0968 1744 Flpydisk - ok
23:11:22.0000 1744 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:11:22.0031 1744 FltMgr - ok
23:11:22.0062 1744 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:11:22.0078 1744 FontCache3.0.0.0 - ok
23:11:22.0078 1744 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:11:22.0093 1744 Fs_Rec - ok
23:11:22.0109 1744 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:11:22.0125 1744 Ftdisk - ok
23:11:22.0156 1744 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:11:22.0187 1744 Gpc - ok
23:11:22.0265 1744 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:11:22.0281 1744 gupdate - ok
23:11:22.0296 1744 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:11:22.0296 1744 gupdatem - ok
23:11:22.0359 1744 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:11:22.0359 1744 gusvc - ok
23:11:22.0390 1744 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:11:22.0390 1744 HDAudBus - ok
23:11:22.0484 1744 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:11:22.0500 1744 helpsvc - ok
23:11:22.0546 1744 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:11:22.0546 1744 HidServ - ok
23:11:22.0593 1744 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:11:22.0609 1744 hidusb - ok
23:11:22.0687 1744 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:11:22.0734 1744 hkmsvc - ok
23:11:22.0734 1744 hpn - ok
23:11:22.0765 1744 [ C466021D31FF6C0A6069D12299D80C0B ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSF_HWB2.sys
23:11:22.0796 1744 HSFHWBS2 - ok
23:11:22.0859 1744 [ 60D45B3C61099F3814C9577D91B70B18 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:11:22.0921 1744 HSF_DP - ok
23:11:22.0937 1744 [ 60D45B3C61099F3814C9577D91B70B18 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:11:22.0953 1744 HSF_DPV - ok
23:11:23.0000 1744 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:11:23.0000 1744 HTTP - ok
23:11:23.0062 1744 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:11:23.0062 1744 HTTPFilter - ok
23:11:23.0062 1744 i2omgmt - ok
23:11:23.0078 1744 i2omp - ok
23:11:23.0156 1744 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:11:23.0187 1744 ialm - ok
23:11:23.0250 1744 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:11:23.0265 1744 idsvc - ok
23:11:23.0312 1744 [ F99A6AEB089DFF0856D6767746AA15CC ] iegdmini C:\WINDOWS\system32\DRIVERS\iegdmini.sys
23:11:23.0390 1744 iegdmini - ok
23:11:23.0421 1744 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:11:23.0468 1744 Imapi - ok
23:11:23.0531 1744 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:11:23.0531 1744 ImapiService - ok
23:11:23.0546 1744 ini910u - ok
23:11:23.0562 1744 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
23:11:23.0578 1744 IntelIde - ok
23:11:23.0609 1744 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:11:23.0640 1744 intelppm - ok
23:11:23.0687 1744 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:11:23.0687 1744 Ip6Fw - ok
23:11:23.0734 1744 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:11:23.0765 1744 IpFilterDriver - ok
23:11:23.0781 1744 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:11:23.0812 1744 IpInIp - ok
23:11:23.0843 1744 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:11:23.0843 1744 IpNat - ok
23:11:23.0875 1744 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:11:23.0921 1744 IPSec - ok
23:11:23.0953 1744 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:11:23.0968 1744 IRENUM - ok
23:11:24.0015 1744 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:11:24.0046 1744 isapnp - ok
23:11:24.0203 1744 [ 9A337AE3DB478034A7839E753BBFF1AB ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
23:11:24.0203 1744 JavaQuickStarterService - ok
23:11:24.0250 1744 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:11:24.0281 1744 Kbdclass - ok
23:11:24.0296 1744 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:11:24.0312 1744 kbdhid - ok
23:11:24.0328 1744 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:11:24.0328 1744 kmixer - ok
23:11:24.0390 1744 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:11:24.0437 1744 KSecDD - ok
23:11:24.0500 1744 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:11:24.0500 1744 lanmanserver - ok
23:11:24.0515 1744 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:11:24.0515 1744 lanmanworkstation - ok
23:11:24.0531 1744 lbrtfdc - ok
23:11:24.0578 1744 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:11:24.0578 1744 LmHosts - ok
23:11:24.0625 1744 [ A71AD0EB2FDC1710E465E13B8C2C39C9 ] LPCFilter C:\WINDOWS\system32\DRIVERS\LPCFilter.sys
23:11:24.0656 1744 LPCFilter - ok
23:11:24.0671 1744 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
23:11:24.0750 1744 LPDSVC - ok
23:11:24.0796 1744 [ DD155B04B76A168D07F56AB64BDCC8D0 ] lvds C:\WINDOWS\system32\DRIVERS\lvds.sys
23:11:24.0843 1744 lvds - ok
23:11:24.0890 1744 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
23:11:24.0906 1744 McrdSvc - ok
23:11:24.0937 1744 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:11:24.0953 1744 mdmxsdk - ok
23:11:24.0984 1744 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:11:25.0031 1744 Messenger - ok
23:11:25.0062 1744 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
23:11:25.0125 1744 MHN - ok
23:11:25.0156 1744 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:11:25.0171 1744 MHNDRV - ok
23:11:25.0218 1744 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:11:25.0234 1744 mnmdd - ok
23:11:25.0265 1744 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:11:25.0328 1744 mnmsrvc - ok
23:11:25.0375 1744 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:11:25.0375 1744 Modem - ok
23:11:25.0421 1744 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
23:11:25.0453 1744 MODEMCSA - ok
23:11:25.0484 1744 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:11:25.0515 1744 Mouclass - ok
23:11:25.0578 1744 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:11:25.0593 1744 mouhid - ok
23:11:25.0625 1744 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:11:25.0656 1744 MountMgr - ok
23:11:25.0703 1744 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
23:11:25.0703 1744 MpFilter - ok
23:11:25.0937 1744 [ A69630D039C38018689190234F866D77 ] MpKslbc1b2276 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA1D7D57-82CD-46E6-98FB-1BE1C2A87383}\MpKslbc1b2276.sys
23:11:25.0937 1744 MpKslbc1b2276 - ok
23:11:25.0953 1744 mraid35x - ok
23:11:25.0968 1744 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:11:25.0968 1744 MRxDAV - ok
23:11:26.0000 1744 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:11:26.0046 1744 MRxSmb - ok
23:11:26.0093 1744 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:11:26.0109 1744 MSDTC - ok
23:11:26.0125 1744 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:11:26.0218 1744 Msfs - ok
23:11:26.0218 1744 MSIServer - ok
23:11:26.0250 1744 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:11:26.0265 1744 MSKSSRV - ok
23:11:26.0328 1744 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:11:26.0328 1744 MsMpSvc - ok
23:11:26.0343 1744 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:11:26.0359 1744 MSPCLOCK - ok
23:11:26.0375 1744 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:11:26.0390 1744 MSPQM - ok
23:11:26.0437 1744 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:11:26.0437 1744 mssmbios - ok
23:11:26.0468 1744 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:11:26.0515 1744 Mup - ok
23:11:26.0546 1744 [ 363B85773D001E35DC977058956A1486 ] MxEFUF C:\WINDOWS\system32\DRIVERS\MxEFUF32.sys
23:11:26.0578 1744 MxEFUF - ok
23:11:26.0656 1744 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:11:26.0718 1744 napagent - ok
23:11:26.0765 1744 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:11:26.0812 1744 NDIS - ok
23:11:26.0859 1744 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:11:26.0890 1744 NdisTapi - ok
23:11:26.0890 1744 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:11:26.0921 1744 Ndisuio - ok
23:11:26.0921 1744 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:11:27.0000 1744 NdisWan - ok
23:11:27.0046 1744 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:11:27.0078 1744 NDProxy - ok
23:11:27.0109 1744 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:11:27.0140 1744 NetBIOS - ok
23:11:27.0156 1744 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:11:27.0234 1744 NetBT - ok
23:11:27.0250 1744 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:11:27.0343 1744 NetDDE - ok
23:11:27.0359 1744 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:11:27.0359 1744 NetDDEdsdm - ok
23:11:27.0375 1744 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:11:27.0375 1744 Netlogon - ok
23:11:27.0437 1744 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:11:27.0453 1744 Netman - ok
23:11:27.0484 1744 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:11:27.0484 1744 NetTcpPortSharing - ok
23:11:27.0515 1744 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:11:27.0531 1744 Nla - ok
23:11:27.0578 1744 [ DD0216110AE219F333D0F99079A4BE42 ] NMgamingmsFltr C:\WINDOWS\system32\drivers\NMgamingms.sys
23:11:27.0609 1744 NMgamingmsFltr - ok
23:11:27.0687 1744 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:11:27.0703 1744 Npfs - ok
23:11:27.0734 1744 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:11:27.0781 1744 Ntfs - ok
23:11:27.0796 1744 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:11:27.0796 1744 NtLmSsp - ok
23:11:27.0843 1744 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:11:27.0890 1744 NtmsSvc - ok
23:11:27.0921 1744 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:11:27.0937 1744 Null - ok
23:11:28.0000 1744 [ 2C2FD0E6B0180F94C260DD26706AA5F4 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
23:11:28.0000 1744 NWCWorkstation - ok
23:11:28.0031 1744 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:11:28.0046 1744 NwlnkFlt - ok
23:11:28.0062 1744 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:11:28.0093 1744 NwlnkFwd - ok
23:11:28.0125 1744 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
23:11:28.0171 1744 NwlnkIpx - ok
23:11:28.0187 1744 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
23:11:28.0234 1744 NwlnkNb - ok
23:11:28.0250 1744 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
23:11:28.0281 1744 NwlnkSpx - ok
23:11:28.0296 1744 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
23:11:28.0359 1744 NWRDR - ok
23:11:28.0406 1744 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
23:11:28.0406 1744 NwSapAgent - ok
23:11:28.0421 1744 OMCI - ok
23:11:28.0500 1744 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:11:28.0500 1744 ose - ok
23:11:28.0546 1744 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
23:11:28.0546 1744 Parport - ok
23:11:28.0562 1744 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:11:28.0593 1744 PartMgr - ok
23:11:28.0625 1744 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:11:28.0640 1744 ParVdm - ok
23:11:28.0671 1744 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:11:28.0718 1744 PCI - ok
23:11:28.0734 1744 PCIDump - ok
23:11:28.0765 1744 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
23:11:28.0781 1744 PCIIde - ok
23:11:28.0796 1744 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:11:28.0828 1744 Pcmcia - ok
23:11:28.0843 1744 PDCOMP - ok
23:11:28.0859 1744 PDFRAME - ok
23:11:28.0859 1744 PDRELI - ok
23:11:28.0875 1744 PDRFRAME - ok
23:11:28.0890 1744 perc2 - ok
23:11:28.0890 1744 perc2hib - ok
23:11:28.0937 1744 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:11:28.0937 1744 PlugPlay - ok
23:11:28.0953 1744 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:11:28.0953 1744 PolicyAgent - ok
23:11:28.0968 1744 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:11:29.0015 1744 PptpMiniport - ok
23:11:29.0015 1744 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:11:29.0015 1744 ProtectedStorage - ok
23:11:29.0031 1744 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:11:29.0078 1744 PSched - ok
23:11:29.0093 1744 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:11:29.0125 1744 Ptilink - ok
23:11:29.0156 1744 [ DB3B30C3A4CDCF07E164C14584D9D0F2 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:11:29.0171 1744 PxHelp20 - ok
23:11:29.0187 1744 ql1080 - ok
23:11:29.0187 1744 Ql10wnt - ok
23:11:29.0203 1744 ql12160 - ok
23:11:29.0218 1744 ql1240 - ok
23:11:29.0218 1744 ql1280 - ok
23:11:29.0265 1744 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:11:29.0265 1744 RasAcd - ok
23:11:29.0296 1744 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:11:29.0343 1744 RasAuto - ok
23:11:29.0359 1744 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:11:29.0406 1744 Rasl2tp - ok
23:11:29.0453 1744 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:11:29.0453 1744 RasMan - ok
23:11:29.0468 1744 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:11:29.0500 1744 RasPppoe - ok
23:11:29.0500 1744 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:11:29.0531 1744 Raspti - ok
23:11:29.0578 1744 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:11:29.0578 1744 Rdbss - ok
23:11:29.0640 1744 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:11:29.0640 1744 RDPCDD - ok
23:11:29.0656 1744 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:11:29.0671 1744 rdpdr - ok
23:11:29.0703 1744 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:11:29.0718 1744 RDPWD - ok
23:11:29.0734 1744 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:11:29.0812 1744 RDSessMgr - ok
23:11:29.0843 1744 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:11:29.0890 1744 redbook - ok
23:11:29.0921 1744 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:11:29.0984 1744 RemoteAccess - ok
23:11:30.0015 1744 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:11:30.0031 1744 RemoteRegistry - ok
23:11:30.0046 1744 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:11:30.0093 1744 RpcLocator - ok
23:11:30.0140 1744 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
23:11:30.0140 1744 RpcSs - ok
23:11:30.0187 1744 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:11:30.0250 1744 RSVP - ok
23:11:30.0281 1744 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:11:30.0281 1744 SamSs - ok
23:11:30.0312 1744 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:11:30.0375 1744 SCardSvr - ok
23:11:30.0421 1744 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:11:30.0421 1744 Schedule - ok
23:11:30.0468 1744 [ EC46C79441F691E1F4707541FAB51481 ] sdvo C:\WINDOWS\system32\DRIVERS\sdvo.sys
23:11:30.0515 1744 sdvo - ok
23:11:30.0546 1744 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:11:30.0562 1744 Secdrv - ok
23:11:30.0593 1744 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:11:30.0593 1744 seclogon - ok
23:11:30.0609 1744 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:11:30.0609 1744 SENS - ok
23:11:30.0640 1744 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
23:11:30.0640 1744 Serial - ok
23:11:30.0671 1744 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:11:30.0687 1744 Sfloppy - ok
23:11:30.0750 1744 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:11:30.0750 1744 SharedAccess - ok
23:11:30.0781 1744 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:11:30.0781 1744 ShellHWDetection - ok
23:11:30.0796 1744 Simbad - ok
23:11:30.0812 1744 [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP C:\WINDOWS\System32\snmp.exe
23:11:30.0812 1744 SNMP - ok
23:11:30.0843 1744 [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
23:11:30.0984 1744 SNMPTRAP - ok
23:11:31.0000 1744 Sparrow - ok
23:11:31.0015 1744 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:11:31.0015 1744 splitter - ok
23:11:31.0078 1744 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:11:31.0078 1744 Spooler - ok
23:11:31.0125 1744 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:11:31.0187 1744 sr - ok
23:11:31.0203 1744 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:11:31.0218 1744 srservice - ok
23:11:31.0250 1744 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:11:31.0250 1744 Srv - ok
23:11:31.0296 1744 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:11:31.0296 1744 SSDPSRV - ok
23:11:31.0343 1744 [ 2A2DC39623ADEF8AB3703AB9FAC4B440 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
23:11:31.0390 1744 STHDA - ok
23:11:31.0421 1744 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:11:31.0421 1744 stisvc - ok
23:11:31.0453 1744 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:11:31.0468 1744 swenum - ok
23:11:31.0484 1744 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:11:31.0484 1744 swmidi - ok
23:11:31.0484 1744 SwPrv - ok
23:11:31.0500 1744 symc810 - ok
23:11:31.0500 1744 symc8xx - ok
23:11:31.0515 1744 sym_hi - ok
23:11:31.0531 1744 sym_u3 - ok
23:11:31.0578 1744 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:11:31.0578 1744 sysaudio - ok
23:11:31.0609 1744 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:11:31.0671 1744 SysmonLog - ok
23:11:31.0718 1744 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:11:31.0765 1744 TapiSrv - ok
23:11:31.0812 1744 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:11:31.0859 1744 Tcpip - ok
23:11:31.0890 1744 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
23:11:31.0937 1744 Tcpip6 - ok
23:11:31.0953 1744 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:11:31.0953 1744 TDPIPE - ok
23:11:31.0968 1744 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:11:31.0968 1744 TDTCP - ok
23:11:32.0000 1744 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:11:32.0000 1744 TermDD - ok
23:11:32.0015 1744 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:11:32.0015 1744 TermService - ok
23:11:32.0031 1744 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:11:32.0046 1744 Themes - ok
23:11:32.0078 1744 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:11:32.0125 1744 TlntSvr - ok
23:11:32.0140 1744 TosIde - ok
23:11:32.0171 1744 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:11:32.0171 1744 TrkWks - ok
23:11:32.0390 1744 [ 67F888F5379CFFCA30878C8A57ADF156 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
23:11:32.0421 1744 TuneUp.UtilitiesSvc - ok
23:11:32.0437 1744 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
23:11:32.0437 1744 TuneUpUtilitiesDrv - ok
23:11:32.0468 1744 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
23:11:32.0484 1744 tunmp - ok
23:11:32.0531 1744 [ A17DD28E1EF1776692385F98C8FC94B9 ] tv C:\WINDOWS\system32\DRIVERS\tv.sys
23:11:32.0546 1744 tv - ok
23:11:32.0578 1744 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:11:32.0625 1744 Udfs - ok
23:11:32.0640 1744 ultra - ok
23:11:32.0687 1744 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:11:32.0765 1744 Update - ok
23:11:32.0796 1744 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:11:32.0859 1744 upnphost - ok
23:11:32.0875 1744 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:11:32.0968 1744 UPS - ok
23:11:33.0000 1744 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:11:33.0031 1744 usbccgp - ok
23:11:33.0062 1744 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:11:33.0093 1744 usbehci - ok
23:11:33.0109 1744 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:11:33.0156 1744 usbhub - ok
23:11:33.0187 1744 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:11:33.0218 1744 usbprint - ok
23:11:33.0250 1744 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:11:33.0265 1744 usbscan - ok
23:11:33.0312 1744 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:11:33.0343 1744 usbuhci - ok
23:11:33.0406 1744 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:11:33.0421 1744 VgaSave - ok
23:11:33.0437 1744 ViaIde - ok
23:11:33.0437 1744 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:11:33.0484 1744 VolSnap - ok
23:11:33.0531 1744 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:11:33.0593 1744 VSS - ok
23:11:33.0734 1744 [ 8ED347BAD8D1FB7C40B593BFB01786D2 ] vToolbarUpdater11.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
23:11:33.0750 1744 vToolbarUpdater11.2.0 - ok
23:11:33.0812 1744 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:11:33.0812 1744 W32Time - ok
23:11:33.0875 1744 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:11:33.0906 1744 Wanarp - ok
23:11:33.0921 1744 WDICA - ok
23:11:33.0937 1744 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:11:33.0937 1744 wdmaud - ok
23:11:33.0984 1744 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:11:33.0984 1744 WebClient - ok
23:11:34.0031 1744 [ 97FA8F7F2E9168E3A4F02DEE76709A29 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:11:34.0093 1744 winachsf - ok
23:11:34.0171 1744 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:11:34.0171 1744 winmgmt - ok
23:11:34.0234 1744 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
23:11:34.0343 1744 WinRM - ok
23:11:34.0390 1744 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:11:34.0421 1744 WmdmPmSN - ok
23:11:34.0468 1744 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:11:34.0484 1744 Wmi - ok
23:11:34.0515 1744 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:11:34.0640 1744 WmiApSrv - ok
23:11:34.0703 1744 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:11:35.0015 1744 WMPNetworkSvc - ok
23:11:35.0078 1744 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:11:35.0109 1744 WPFFontCache_v0400 - ok
23:11:35.0156 1744 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:11:35.0187 1744 wuauserv - ok
23:11:35.0203 1744 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:11:35.0281 1744 WudfPf - ok
23:11:35.0296 1744 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:11:35.0359 1744 WudfRd - ok
23:11:35.0375 1744 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:11:35.0406 1744 WudfSvc - ok
23:11:35.0453 1744 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:11:35.0484 1744 WZCSVC - ok
23:11:35.0515 1744 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:11:35.0562 1744 xmlprov - ok
23:11:35.0578 1744 ================ Scan global ===============================
23:11:35.0609 1744 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:11:35.0640 1744 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:11:35.0656 1744 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:11:35.0687 1744 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:11:35.0687 1744 [Global] - ok
23:11:35.0687 1744 ================ Scan MBR ==================================
23:11:35.0718 1744 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:11:35.0984 1744 \Device\Harddisk0\DR0 - ok
23:11:35.0984 1744 ================ Scan VBR ==================================
23:11:35.0984 1744 [ 9FD164A508DF4626FCE8069FC42CB827 ] \Device\Harddisk0\DR0\Partition1
23:11:35.0984 1744 \Device\Harddisk0\DR0\Partition1 - ok
23:11:36.0000 1744 ============================================================
23:11:36.0000 1744 Scan finished
23:11:36.0000 1744 ============================================================
23:11:36.0000 3724 Detected object count: 0
23:11:36.0000 3724 Actual detected object count: 0

aswMBR Scan
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-29 23:17:49
-----------------------------
23:17:49.765 OS Version: Windows 5.1.2600 Service Pack 3
23:17:49.765 Number of processors: 1 586 0x409
23:17:49.765 ComputerName: MINE-C801AF845E UserName: Administrator
23:17:51.031 Initialize success
23:38:26.562 AVAST engine defs: 12082901
23:50:39.546 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
23:51:07.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
23:51:07.171 Disk 0 Vendor: WDC_WD3200AAJS-00B4A0 01.03A01 Size: 305245MB BusType: 3
23:51:07.187 Disk 0 MBR read successfully
23:51:07.187 Disk 0 MBR scan
23:51:07.234 Disk 0 Windows XP default MBR code
23:51:07.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
23:51:07.234 Disk 0 scanning sectors +625121280
23:51:07.296 Disk 0 scanning C:\WINDOWS\system32\drivers
23:51:31.109 Service scanning
23:51:42.359 Service MpKslbc1b2276 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA1D7D57-82CD-46E6-98FB-1BE1C2A87383}\MpKslbc1b2276.sys **LOCKED** 32
23:51:55.953 Modules scanning
23:52:00.593 Disk 0 trace - called modules:
23:52:00.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
23:52:00.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a141ab8]
23:52:00.609 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a114b00]
23:52:01.296 AVAST engine scan C:\WINDOWS
23:52:09.625 AVAST engine scan C:\WINDOWS\system32
23:58:28.578 AVAST engine scan C:\WINDOWS\system32\drivers
23:59:01.765 AVAST engine scan C:\Documents and Settings\Administrator
00:02:22.484 AVAST engine scan C:\Documents and Settings\All Users
00:10:39.281 Scan finished successfully
00:19:59.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
00:19:59.953 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
ESET online scanner
C:\cache\iexplorer.exe Win32/TrojanProxy.Agent.NJC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Desktop\mediaplayer_1573.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3GCD85S3\platotv_com[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\51VX6FOI\cute-sleepy-kittens-meowing[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\51VX6FOI\polonerob_com[1].txt HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6O1JGGE8\firstload_com[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8ZJZC7OD\jquery.lazyload.min[1].js JS/Agent.NGM trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B7OA4O5X\33562668[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BGCCDQ46\88644886[1].html HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CHY5MA76\getbookinghotels_org[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CLQFWBIO\firstload_com[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GBYF83O2\index1[2].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GS8Q8GQB\firstload_com[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JDMCASGD\mx_nan_a[1].txt HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KL2J7X3T\mx_nan_a[1].txt HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NG20CEUJ\83934519[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NI46VFHQ\results[2].php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NUOZB3YB\mx_nan_a[1].txt HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OVSPPJ7U\platotv_com[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OVSPPJ7U\search_result[1].php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Q01RC62G\94524519[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Q01RC62G\search_result[1].php HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S63XCCSK\platotv_com[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VIVACJXA\7516fd43adaa5e0b8a65a672c39845d2[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WH5IRFKD\verify_test[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YK2ORZH2\iframe3CAQ8XRK9.htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\intel\cc.bat Win32/TrojanProxy.Agent.NJC trojan cleaned by deleting - quarantined
C:\intel\cc.js Win32/TrojanProxy.Agent.NJC trojan cleaned by deleting - quarantined
C:\intel\iexplorer.exe Win32/TrojanProxy.Agent.NJC trojan cleaned by deleting - quarantined

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:54 AM

Posted 30 August 2012 - 05:31 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#9 TinyTechy

TinyTechy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 30 August 2012 - 01:21 PM

Minitoolbox


MiniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 30-08-2012 at 13:46:59
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : mine-c801af845e

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain_not_set.invalid



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : domain_not_set.invalid

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-D5-58-37

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::213:20ff:fed5:5837%4

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

165.166.8.54

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Thursday, August 30, 2012 10:47:38 AM

Lease Expires . . . . . . . . . . : Friday, August 31, 2012 10:47:38 AM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: dslmodem.domain
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.134.102, 74.125.134.113, 74.125.134.138, 74.125.134.139
74.125.134.100, 74.125.134.101



Pinging google.com [74.125.134.102] with 32 bytes of data:



Reply from 74.125.134.102: bytes=32 time=55ms TTL=48

Reply from 74.125.134.102: bytes=32 time=55ms TTL=48



Ping statistics for 74.125.134.102:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 55ms, Maximum = 55ms, Average = 55ms

Server: dslmodem.domain
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=1211ms TTL=50

Reply from 72.30.38.140: bytes=32 time=1079ms TTL=50



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1079ms, Maximum = 1211ms, Average = 1145ms

Server: dslmodem.domain
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 d5 58 37 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 20
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 20
224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 20
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/11/2012 09:06:17 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/11/2012 09:03:47 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/11/2012 08:45:07 PM) (Source: MsiInstaller) (User: MINE-C801AF845E)MINE-C801AF845E
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (02/11/2012 08:42:51 PM) (Source: MsiInstaller) (User: MINE-C801AF845E)MINE-C801AF845E
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (02/11/2012 08:42:32 PM) (Source: MsiInstaller) (User: MINE-C801AF845E)MINE-C801AF845E
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (02/11/2012 08:40:46 PM) (Source: MsiInstaller) (User: MINE-C801AF845E)MINE-C801AF845E
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (02/11/2012 08:40:39 PM) (Source: MsiInstaller) (User: MINE-C801AF845E)MINE-C801AF845E
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (02/11/2012 08:40:31 PM) (Source: MsiInstaller) (User: MINE-C801AF845E)MINE-C801AF845E
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (02/08/2012 10:20:17 PM) (Source: Application Hang) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/08/2012 06:03:34 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/11/2012 04:30:48 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (01/11/2012 04:28:47 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the following nonexistent service: AVGIDSDriver

Error: (12/30/2011 05:31:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (12/30/2011 05:29:47 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the following nonexistent service: AVGIDSDriver

Error: (12/30/2011 11:15:36 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (12/30/2011 11:13:52 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the following nonexistent service: AVGIDSDriver

Error: (12/24/2011 04:17:17 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (12/24/2011 04:15:32 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the following nonexistent service: AVGIDSDriver

Error: (12/21/2011 03:34:57 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (12/21/2011 03:33:13 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the following nonexistent service: AVGIDSDriver


Microsoft Office Sessions:
=========================
Error: (02/11/2012 09:06:17 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/11/2012 09:03:47 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset3.0.8402.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (02/11/2012 08:45:07 PM) (Source: MsiInstaller)(User: MINE-C801AF845E)MINE-C801AF845E
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

Error: (02/11/2012 08:42:51 PM) (Source: MsiInstaller)(User: MINE-C801AF845E)MINE-C801AF845E
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

Error: (02/11/2012 08:42:32 PM) (Source: MsiInstaller)(User: MINE-C801AF845E)MINE-C801AF845E
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

Error: (02/11/2012 08:40:46 PM) (Source: MsiInstaller)(User: MINE-C801AF845E)MINE-C801AF845E
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

Error: (02/11/2012 08:40:39 PM) (Source: MsiInstaller)(User: MINE-C801AF845E)MINE-C801AF845E
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

Error: (02/11/2012 08:40:31 PM) (Source: MsiInstaller)(User: MINE-C801AF845E)MINE-C801AF845E
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

Error: (02/08/2012 10:20:17 PM) (Source: Application Hang)(User: )
Description: msimn.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (02/08/2012 06:03:34 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


=========================== Installed Programs ============================

Adobe AIR (Version: 3.4.0.2540)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.1809)
AVG 2012 (Version: 12.0.1831)
AVG 2012 (Version: 12.0.1834)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.1869)
CardRd81 (Version: 4.00.0000.0004)
CCScore (Version: 5.00.0000.0011)
Citrix online plug-in - web (Version: 11.2.0.31560)
Citrix online plug-in (DV) (Version: 11.2.0.31560)
Citrix online plug-in (HDX) (Version: 11.2.0.31560)
Citrix online plug-in (USB) (Version: 11.2.0.31560)
Citrix online plug-in (Web) (Version: 11.2.0.31560)
Conexant D850 56K V.9x DFVc Modem
CR2 (Version: 4.00.0000.0003)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Resource CD (Version: 1.00.0000)
DivX Setup (Version: 2.5.0.8)
ESET Online Scanner v3
ESSBrwr (Version: 5.00.0000.0004)
ESSCDBK (Version: 5.00.0000.0004)
ESScore (Version: 5.00.0000.0037)
ESSCT (Version: 5.00.0000.0101)
ESSEMAIL (Version: 5.00.0000.0001)
ESSgui (Version: 5.00.0000.0013)
ESShelp (Version: 5.00.0000.0005)
ESSini (Version: 5.00.0000.0111)
ESSPCD (Version: 5.00.0000.0007)
ESSPDock (Version: 5.00.0000.0020)
ESSSONIC (Version: 5.00.0000.0002)
ESSTOOLS (Version: 5.00.0000.0004)
ESSTUTOR (Version: 5.00.0000.0102)
ESSvpaht (Version: 5.00.0000.0001)
ESSvpot (Version: 5.00.0000.0101)
Google Chrome (Version: 21.0.1180.83)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
HLPIndex (Version: 5.00.0000.0002)
HLPPDOCK (Version: 5.00.0000.0001)
HLPSFO (Version: 5.00.0000.0101)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543)
Intel® PRO Network Connections Drivers
Java 7 Update 6 (Version: 7.0.60)
Java Auto Updater (Version: 2.1.9.0)
Kodak EasyShare software
KSU (Version: 632.62.0002.0001)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mixer
Mouse Suite for Desktop Computers (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Notifier (Version: 5.00.0000.0101)
OfotoXMI (Version: 5.00.0000.0003)
OTtBP (Version: 5.00.0000.0003)
OTtBPSDK (Version: 4.00.0000.0000)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 5.10.0.6662)
SFR (Version: 5.00.0000.0005)
SHASTA (Version: 5.00.0000.0003)
SigmaTel Audio (Version: 5.10.4600.0)
SKIN0001 (Version: 5.00.0000.0007)
SKINXSDK (Version: 5.00.0000.0004)
Sonic Encoders (Version: 1.00)
Sound Blaster Audigy ADVANCED MB Demo
Spybot - Search & Destroy (Version: 1.6.2)
swMSM (Version: 12.0.0.1)
TuneUp Utilities 2012 (Version: 12.0.3600.104)
TuneUp Utilities Language Pack (en-US) (Version: 12.0.3600.104)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.0.1 (Version: 1.0.1)
VPRINTOL (Version: 5.00.0000.0002)
Wah Assistant (Version: 2.0.0.7)
WeatherBug (Version: 7.0.0.7)
WebFldrs XP (Version: 9.50.7523)
West At Home Gateway V2 (Version: 2.0.0.30)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
WIRELESS (Version: 5.00.0000.0001)

========================= Memory info: ===================================

Percentage of memory in use: 63%
Total physical RAM: 1270.08 MB
Available physical RAM: 461.71 MB
Total Pagefile: 3030.02 MB
Available Pagefile: 2354.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.28 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:298.08 GB) (Free:242.47 GB) NTFS

========================= Users: ========================================

User accounts for \\MINE-C801AF845E

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****

FSS

Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 30-08-2012 at 13:52:09
Running from "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\N0S6DU40"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(4) Tcpip6(8)
0x0B0000000500000001000000020000000300000004000000080000000B0000000600000007000000090000000A000000
IpSec Tag value is correct.

**** End of log ****



Adware

# AdwCleaner v2.000 - Logfile created 08/30/2012 at 13:54:52
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - MINE-C801AF845E
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RBXVUHJ8\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\boost_interprocess
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1066435
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={3C5D3438-D310-4AFA-92BE-56497D78BB2B}&mid=95a07e2022db47d196bcd15a6631b1c4-d69c99d2ce79e60f1fcc7c4cc9e92741021a60f1&lang=en&ds=AVG&pr=fr&d=2012-08-28 04:36:10&v=11.1.0.12&sap=nt --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6661 octets] - [30/08/2012 13:54:52]

########## EOF - C:\AdwCleaner[S1].txt - [6721 octets] ##########

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:54 AM

Posted 30 August 2012 - 01:31 PM

MBAM log?

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#11 TinyTechy

TinyTechy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 30 August 2012 - 01:36 PM

will do the other thing here is the log I forgot I ran it twice first was a full scan then this one.

Malwarebytes


Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.30.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: MINE-C801AF845E [administrator]

8/30/2012 10:49:33 AM
mbam-log-2012-08-30 (10-49-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 445100
Time elapsed: 2 hour(s), 50 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 TinyTechy

TinyTechy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 30 August 2012 - 01:42 PM

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/30/2012 02:38:35 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.
* No issues found.

Checking Windows Service Integrity:

* wscsvc [Missing Service]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\mqac.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 00:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 02:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 02:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Program finished at: 08/30/2012 02:39:34 PM
Execution time: 0 hours(s), 0 minute(s), and 58 seconds(s)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:54 AM

Posted 30 August 2012 - 01:50 PM

Download

wscsvc

Launch it,click YES

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#14 TinyTechy

TinyTechy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:54 AM

Posted 30 August 2012 - 01:53 PM

Thank You So much. I can already tell you it is running sooooo much better already. :thumbsup:

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:54 AM

Posted 30 August 2012 - 06:36 PM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users