Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant open certain files after discovering viruses and pups


  • Please log in to reply
10 replies to this topic

#1 p-riggs

p-riggs

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 02 September 2012 - 06:10 AM

couple weeks ago i was having trouble with pc, slow, unfamilar files , unfamilar reg keys, and just over all a bad feelin pc was dirty. i was using mse so i decided to get Avast free and give it a go. Avast found several viruses it reported. MSIL:BHO (Troj)- JS:scriptIp.inf (Troj)- VBS:malware.gen - BV:malware.gen - Win32IBryte PUP - Win32GameVance PUP. Have run several times in last couple weeks and know Avast is saying it cant open certain files cause of encryption which it didnt say before or any other time. plus several files im unable to view myself. the system is still not runnin up to par and i an seeing processes in task manager that look like they shouldnt be running when they are. on my wifes side i noticed her pc usage almost maxing out and only down to 50 or 60% on low end. this is really my first time on the site so im not sure if u guys could help look at a log or dump to see something im not trained to see. thanks in advance for any help u my or my not be able to provide. will search site for info as well. B)
ps: by the way i also was online when i was hit with fake alert and clicked the X by habit quickly and turned off pc. went into SAFE Mode and started DL of Avast then. Plus ran a boot scan and said file was corrupt but didnt write it down. figured it would b in log and wasnt.

[Moderator edit and note: topic moved to more appropriate forum. jgw]

Edited by jgweed, 02 September 2012 - 07:27 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 02 September 2012 - 07:53 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 p-riggs

p-riggs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 02 September 2012 - 05:15 PM

tdsskiller.exe

14:38:27.0343 2716 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:38:27.0359 2716 ============================================================
14:38:27.0359 2716 Current date / time: 2012/09/02 14:38:27.0359
14:38:27.0359 2716 SystemInfo:
14:38:27.0359 2716
14:38:27.0359 2716 OS Version: 5.1.2600 ServicePack: 3.0
14:38:27.0359 2716 Product type: Workstation
14:38:27.0359 2716 ComputerName: USER-0DF0AB7DE6
14:38:27.0359 2716 UserName: Randy
14:38:27.0359 2716 Windows directory: C:\WINDOWS
14:38:27.0359 2716 System windows directory: C:\WINDOWS
14:38:27.0359 2716 Processor architecture: Intel x86
14:38:27.0359 2716 Number of processors: 2
14:38:27.0359 2716 Page size: 0x1000
14:38:27.0359 2716 Boot type: Normal boot
14:38:27.0359 2716 ============================================================
14:38:28.0265 2716 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:38:28.0296 2716 ============================================================
14:38:28.0296 2716 \Device\Harddisk0\DR0:
14:38:28.0296 2716 MBR partitions:
14:38:28.0296 2716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
14:38:28.0296 2716 ============================================================
14:38:28.0343 2716 C: <-> \Device\Harddisk0\DR0\Partition1
14:38:28.0343 2716 ============================================================
14:38:28.0343 2716 Initialize success
14:38:28.0343 2716 ============================================================
14:39:03.0328 2920 ============================================================
14:39:03.0328 2920 Scan started
14:39:03.0328 2920 Mode: Manual; TDLFS;
14:39:03.0328 2920 ============================================================
14:39:03.0890 2920 ================ Scan system memory ========================
14:39:03.0906 2920 System memory - ok
14:39:03.0906 2920 ================ Scan services =============================
14:39:04.0031 2920 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
14:39:04.0031 2920 6to4 - ok
14:39:04.0109 2920 [ 0B27AE82C113D3687024D18459440426 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
14:39:04.0109 2920 Aavmker4 - ok
14:39:04.0125 2920 Abiosdsk - ok
14:39:04.0125 2920 abp480n5 - ok
14:39:04.0187 2920 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:39:04.0187 2920 ACPI - ok
14:39:04.0234 2920 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:39:04.0234 2920 ACPIEC - ok
14:39:04.0312 2920 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:39:04.0312 2920 AdobeFlashPlayerUpdateSvc - ok
14:39:04.0328 2920 adpu160m - ok
14:39:04.0359 2920 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:39:04.0359 2920 aec - ok
14:39:04.0421 2920 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:39:04.0421 2920 AFD - ok
14:39:04.0531 2920 [ 91B76D91C781E9DD49D9D03A2AB3E8C3 ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
14:39:04.0546 2920 AffinegyService - ok
14:39:04.0546 2920 AFGMp50 - ok
14:39:04.0578 2920 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] AFGSp50 C:\WINDOWS\system32\Drivers\AFGSp50.sys
14:39:04.0578 2920 AFGSp50 - ok
14:39:04.0593 2920 Aha154x - ok
14:39:04.0593 2920 aic78u2 - ok
14:39:04.0609 2920 aic78xx - ok
14:39:04.0671 2920 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:39:04.0671 2920 Alerter - ok
14:39:04.0703 2920 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:39:04.0703 2920 ALG - ok
14:39:04.0718 2920 AliIde - ok
14:39:04.0718 2920 amsint - ok
14:39:04.0796 2920 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:39:04.0796 2920 Apple Mobile Device - ok
14:39:04.0843 2920 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:39:04.0859 2920 AppMgmt - ok
14:39:04.0859 2920 asc - ok
14:39:04.0875 2920 asc3350p - ok
14:39:04.0875 2920 asc3550 - ok
14:39:05.0234 2920 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:39:05.0265 2920 aspnet_state - ok
14:39:05.0312 2920 [ 1C1F3D6DDDC046C920C493A779649F66 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:39:05.0312 2920 aswFsBlk - ok
14:39:05.0359 2920 [ 9E912FE7B41650701EF2B227ACA440F3 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
14:39:05.0359 2920 aswMon2 - ok
14:39:05.0406 2920 [ 982E275D1C5801042FE94209FB0160FB ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
14:39:05.0421 2920 AswRdr - ok
14:39:05.0484 2920 [ 73DBCF808E00580F2A47F93DD9B03876 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
14:39:05.0484 2920 aswSnx - ok
14:39:05.0515 2920 [ 6CBD7D3A33F498D09C831CDD732DA2E0 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
14:39:05.0531 2920 aswSP - ok
14:39:05.0546 2920 [ 7109A9AA551F37CD168C02368465957E ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
14:39:05.0546 2920 aswTdi - ok
14:39:05.0593 2920 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:39:05.0593 2920 AsyncMac - ok
14:39:05.0640 2920 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:39:05.0640 2920 atapi - ok
14:39:05.0656 2920 Atdisk - ok
14:39:05.0734 2920 [ 465874CA7CE49A2154104509A5A42936 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:39:05.0734 2920 Ati HotKey Poller - ok
14:39:05.0796 2920 [ 3483E6D18B811229A337FF1D105270D9 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
14:39:05.0796 2920 ATI Smart - ok
14:39:05.0921 2920 [ 7790F8D1000FCE5CFD33CCF4F861928F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:39:05.0937 2920 ati2mtag - ok
14:39:05.0984 2920 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:39:05.0984 2920 Atmarpc - ok
14:39:06.0046 2920 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:39:06.0046 2920 AudioSrv - ok
14:39:06.0078 2920 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:39:06.0078 2920 audstub - ok
14:39:06.0125 2920 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:39:06.0125 2920 avast! Antivirus - ok
14:39:06.0250 2920 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
14:39:06.0265 2920 BBSvc - ok
14:39:06.0296 2920 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
14:39:06.0296 2920 BBUpdate - ok
14:39:06.0343 2920 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:39:06.0343 2920 Beep - ok
14:39:06.0421 2920 [ DEFCE42FE9EED1A0DC4A28FDDFF603C9 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
14:39:06.0421 2920 Belkin Local Backup Service - ok
14:39:06.0421 2920 [ E23AF2900A4E3CA7FF22F1C80A013305 ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
14:39:06.0437 2920 Belkin Network USB Helper - ok
14:39:06.0484 2920 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:39:06.0484 2920 BITS - ok
14:39:06.0562 2920 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:39:06.0562 2920 Bonjour Service - ok
14:39:06.0609 2920 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:39:06.0609 2920 Browser - ok
14:39:06.0609 2920 BTCFilterService - ok
14:39:06.0625 2920 bymxhlem - ok
14:39:06.0656 2920 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:39:06.0656 2920 cbidf2k - ok
14:39:06.0734 2920 [ 20F89E232173985A455BC9A5F70D1166 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
14:39:06.0734 2920 CCALib8 - ok
14:39:06.0750 2920 cd20xrnt - ok
14:39:06.0796 2920 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:39:06.0796 2920 Cdaudio - ok
14:39:06.0843 2920 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:39:06.0843 2920 Cdfs - ok
14:39:06.0890 2920 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:39:06.0890 2920 Cdrom - ok
14:39:06.0921 2920 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
14:39:06.0921 2920 cercsr6 - ok
14:39:06.0921 2920 Changer - ok
14:39:06.0968 2920 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:39:06.0968 2920 CiSvc - ok
14:39:07.0015 2920 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:39:07.0015 2920 ClipSrv - ok
14:39:07.0093 2920 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:39:07.0218 2920 clr_optimization_v2.0.50727_32 - ok
14:39:07.0250 2920 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:39:07.0437 2920 clr_optimization_v4.0.30319_32 - ok
14:39:07.0437 2920 CmdIde - ok
14:39:07.0453 2920 COMSysApp - ok
14:39:07.0468 2920 Cpqarray - ok
14:39:07.0515 2920 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:39:07.0515 2920 CryptSvc - ok
14:39:07.0515 2920 dac2w2k - ok
14:39:07.0531 2920 dac960nt - ok
14:39:07.0578 2920 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:39:07.0578 2920 DcomLaunch - ok
14:39:07.0671 2920 [ 3430EAD65BBE8516572EB7C8B82ED8CD ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
14:39:07.0671 2920 DeviceMonitorService - ok
14:39:07.0734 2920 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:39:07.0734 2920 Dhcp - ok
14:39:07.0765 2920 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:39:07.0765 2920 Disk - ok
14:39:07.0765 2920 dmadmin - ok
14:39:07.0828 2920 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:39:07.0828 2920 dmboot - ok
14:39:07.0843 2920 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:39:07.0843 2920 dmio - ok
14:39:07.0859 2920 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:39:07.0859 2920 dmload - ok
14:39:07.0921 2920 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:39:07.0921 2920 dmserver - ok
14:39:07.0937 2920 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:39:07.0937 2920 DMusic - ok
14:39:07.0968 2920 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:39:07.0968 2920 Dnscache - ok
14:39:08.0015 2920 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:39:08.0015 2920 Dot3svc - ok
14:39:08.0031 2920 dpti2o - ok
14:39:08.0078 2920 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:39:08.0078 2920 drmkaud - ok
14:39:08.0109 2920 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:39:08.0125 2920 E100B - ok
14:39:08.0140 2920 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:39:08.0140 2920 EapHost - ok
14:39:08.0187 2920 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:39:08.0187 2920 ERSvc - ok
14:39:08.0234 2920 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:39:08.0250 2920 Eventlog - ok
14:39:08.0265 2920 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:39:08.0281 2920 EventSystem - ok
14:39:08.0312 2920 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:39:08.0312 2920 Fastfat - ok
14:39:08.0375 2920 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:39:08.0375 2920 FastUserSwitchingCompatibility - ok
14:39:08.0406 2920 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:39:08.0406 2920 Fdc - ok
14:39:08.0453 2920 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:39:08.0453 2920 Fips - ok
14:39:08.0484 2920 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:39:08.0484 2920 Flpydisk - ok
14:39:08.0515 2920 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:39:08.0515 2920 FltMgr - ok
14:39:08.0562 2920 [ 8EFA9BFC940D9EB9348D9DAFB839FE25 ] FlyUsb C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
14:39:08.0562 2920 FlyUsb - ok
14:39:08.0640 2920 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:39:08.0640 2920 FontCache3.0.0.0 - ok
14:39:08.0656 2920 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:39:08.0656 2920 Fs_Rec - ok
14:39:08.0687 2920 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:39:08.0687 2920 Ftdisk - ok
14:39:08.0718 2920 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:39:08.0734 2920 GEARAspiWDM - ok
14:39:08.0781 2920 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:39:08.0781 2920 Gpc - ok
14:39:08.0875 2920 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9b1a4a9d200f8 C:\Program Files\Google\Update\GoogleUpdate.exe
14:39:08.0875 2920 gupdate1c9b1a4a9d200f8 - ok
14:39:08.0890 2920 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:39:08.0890 2920 gupdatem - ok
14:39:08.0984 2920 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:39:08.0984 2920 helpsvc - ok
14:39:09.0046 2920 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:39:09.0046 2920 HidServ - ok
14:39:09.0109 2920 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:39:09.0109 2920 HidUsb - ok
14:39:09.0156 2920 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:39:09.0156 2920 hkmsvc - ok
14:39:09.0171 2920 hpn - ok
14:39:09.0187 2920 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:39:09.0187 2920 HPZid412 - ok
14:39:09.0218 2920 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:39:09.0218 2920 HPZipr12 - ok
14:39:09.0234 2920 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:39:09.0234 2920 HPZius12 - ok
14:39:09.0234 2920 HTCAND32 - ok
14:39:09.0281 2920 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:39:09.0281 2920 HTTP - ok
14:39:09.0312 2920 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:39:09.0312 2920 HTTPFilter - ok
14:39:09.0328 2920 i2omgmt - ok
14:39:09.0328 2920 i2omp - ok
14:39:09.0375 2920 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:39:09.0375 2920 i8042prt - ok
14:39:09.0500 2920 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:39:09.0515 2920 idsvc - ok
14:39:09.0562 2920 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:39:09.0562 2920 Imapi - ok
14:39:09.0609 2920 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:39:09.0609 2920 ImapiService - ok
14:39:09.0625 2920 ini910u - ok
14:39:09.0703 2920 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
14:39:09.0703 2920 IntelC51 - ok
14:39:09.0750 2920 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
14:39:09.0750 2920 IntelC52 - ok
14:39:09.0765 2920 [ DE2686C0E012E6AE24ACD6E79EB7FF5D ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
14:39:09.0765 2920 IntelC53 - ok
14:39:09.0796 2920 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:39:09.0796 2920 IntelIde - ok
14:39:09.0843 2920 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:39:09.0843 2920 intelppm - ok
14:39:09.0859 2920 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:39:09.0859 2920 Ip6Fw - ok
14:39:09.0890 2920 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:39:09.0890 2920 IpFilterDriver - ok
14:39:09.0890 2920 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:39:09.0906 2920 IpInIp - ok
14:39:09.0921 2920 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:39:09.0921 2920 IpNat - ok
14:39:10.0015 2920 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:39:10.0015 2920 iPod Service - ok
14:39:10.0046 2920 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:39:10.0046 2920 IPSec - ok
14:39:10.0109 2920 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:39:10.0109 2920 IRENUM - ok
14:39:10.0140 2920 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:39:10.0140 2920 isapnp - ok
14:39:10.0250 2920 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:39:10.0250 2920 JavaQuickStarterService - ok
14:39:10.0265 2920 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:39:10.0265 2920 Kbdclass - ok
14:39:10.0281 2920 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:39:10.0281 2920 kbdhid - ok
14:39:10.0312 2920 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:39:10.0312 2920 kmixer - ok
14:39:10.0343 2920 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:39:10.0343 2920 KSecDD - ok
14:39:10.0390 2920 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:39:10.0390 2920 lanmanserver - ok
14:39:10.0437 2920 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:39:10.0437 2920 lanmanworkstation - ok
14:39:10.0453 2920 lbrtfdc - ok
14:39:10.0515 2920 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:39:10.0515 2920 LmHosts - ok
14:39:10.0593 2920 [ D1D8CFBEF7C608B2D40D0E0E9FBC8E52 ] lxdmCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe
14:39:10.0593 2920 lxdmCATSCustConnectService - ok
14:39:10.0609 2920 lxdm_device - ok
14:39:10.0687 2920 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
14:39:10.0687 2920 McComponentHostService - ok
14:39:10.0734 2920 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:39:10.0734 2920 Messenger - ok
14:39:10.0765 2920 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:39:10.0765 2920 mnmdd - ok
14:39:10.0812 2920 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:39:10.0812 2920 mnmsrvc - ok
14:39:10.0828 2920 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:39:10.0828 2920 Modem - ok
14:39:10.0859 2920 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:39:10.0859 2920 MODEMCSA - ok
14:39:10.0875 2920 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
14:39:10.0875 2920 mohfilt - ok
14:39:10.0921 2920 [ 0A43169E115B5E9346A4BA1EFFCB04CB ] motandroidusb C:\WINDOWS\system32\Drivers\motoandroid.sys
14:39:10.0921 2920 motandroidusb - ok
14:39:10.0921 2920 motccgp - ok
14:39:10.0937 2920 motccgpfl - ok
14:39:10.0937 2920 MotDev - ok
14:39:10.0953 2920 motmodem - ok
14:39:11.0046 2920 [ A8FD4605AACF006BBA3B2B90AC9565B2 ] Motorola Device Manager C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
14:39:11.0046 2920 Motorola Device Manager - ok
14:39:11.0062 2920 MotoSwitchService - ok
14:39:11.0062 2920 Motousbnet - ok
14:39:11.0093 2920 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:39:11.0093 2920 Mouclass - ok
14:39:11.0125 2920 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:39:11.0125 2920 mouhid - ok
14:39:11.0156 2920 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:39:11.0156 2920 MountMgr - ok
14:39:11.0156 2920 MozillaMaintenance - ok
14:39:11.0203 2920 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:39:11.0203 2920 MpFilter - ok
14:39:11.0218 2920 mraid35x - ok
14:39:11.0218 2920 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:39:11.0218 2920 MRxDAV - ok
14:39:11.0265 2920 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:39:11.0265 2920 MRxSmb - ok
14:39:11.0312 2920 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:39:11.0312 2920 MSDTC - ok
14:39:11.0328 2920 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:39:11.0328 2920 Msfs - ok
14:39:11.0343 2920 MSIServer - ok
14:39:11.0390 2920 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:39:11.0390 2920 MSKSSRV - ok
14:39:11.0468 2920 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:39:11.0468 2920 MsMpSvc - ok
14:39:11.0484 2920 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:39:11.0484 2920 MSPCLOCK - ok
14:39:11.0500 2920 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:39:11.0500 2920 MSPQM - ok
14:39:11.0546 2920 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:39:11.0546 2920 mssmbios - ok
14:39:11.0593 2920 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:39:11.0593 2920 Mup - ok
14:39:11.0625 2920 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:39:11.0640 2920 napagent - ok
14:39:11.0671 2920 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:39:11.0671 2920 NDIS - ok
14:39:11.0703 2920 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:39:11.0703 2920 NdisTapi - ok
14:39:11.0765 2920 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:39:11.0765 2920 Ndisuio - ok
14:39:11.0781 2920 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:39:11.0781 2920 NdisWan - ok
14:39:11.0828 2920 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:39:11.0828 2920 NDProxy - ok
14:39:11.0843 2920 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:39:11.0843 2920 NetBIOS - ok
14:39:11.0875 2920 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:39:11.0875 2920 NetBT - ok
14:39:11.0937 2920 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:39:11.0937 2920 NetDDE - ok
14:39:11.0953 2920 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:39:11.0953 2920 NetDDEdsdm - ok
14:39:12.0000 2920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:39:12.0000 2920 Netlogon - ok
14:39:12.0031 2920 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:39:12.0031 2920 Netman - ok
14:39:12.0078 2920 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:39:12.0093 2920 NetTcpPortSharing - ok
14:39:12.0140 2920 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:39:12.0140 2920 Nla - ok
14:39:12.0218 2920 Norton PC Checkup Application Launcher - ok
14:39:12.0265 2920 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] npf C:\WINDOWS\system32\drivers\npf.sys
14:39:12.0265 2920 npf - ok
14:39:12.0312 2920 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:39:12.0312 2920 Npfs - ok
14:39:12.0328 2920 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:39:12.0343 2920 Ntfs - ok
14:39:12.0375 2920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:39:12.0375 2920 NtLmSsp - ok
14:39:12.0437 2920 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:39:12.0437 2920 NtmsSvc - ok
14:39:12.0453 2920 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:39:12.0453 2920 Null - ok
14:39:12.0515 2920 [ 2C2FD0E6B0180F94C260DD26706AA5F4 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
14:39:12.0515 2920 NWCWorkstation - ok
14:39:12.0531 2920 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:39:12.0546 2920 NwlnkFlt - ok
14:39:12.0546 2920 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:39:12.0546 2920 NwlnkFwd - ok
14:39:12.0609 2920 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
14:39:12.0609 2920 NwlnkIpx - ok
14:39:12.0625 2920 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
14:39:12.0625 2920 NwlnkNb - ok
14:39:12.0640 2920 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
14:39:12.0640 2920 NwlnkSpx - ok
14:39:12.0703 2920 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
14:39:12.0703 2920 NWRDR - ok
14:39:12.0718 2920 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:39:12.0718 2920 Parport - ok
14:39:12.0765 2920 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:39:12.0765 2920 PartMgr - ok
14:39:12.0812 2920 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:39:12.0812 2920 ParVdm - ok
14:39:12.0859 2920 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
14:39:12.0859 2920 PCCUJobMgr - ok
14:39:12.0875 2920 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:39:12.0875 2920 PCI - ok
14:39:12.0890 2920 PCIDump - ok
14:39:12.0921 2920 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:39:12.0921 2920 PCIIde - ok
14:39:12.0937 2920 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:39:12.0937 2920 Pcmcia - ok
14:39:12.0953 2920 PDCOMP - ok
14:39:12.0968 2920 PDFRAME - ok
14:39:12.0968 2920 PDRELI - ok
14:39:12.0984 2920 PDRFRAME - ok
14:39:12.0984 2920 perc2 - ok
14:39:13.0000 2920 perc2hib - ok
14:39:13.0031 2920 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:39:13.0031 2920 PlugPlay - ok
14:39:13.0046 2920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:39:13.0046 2920 PolicyAgent - ok
14:39:13.0062 2920 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:39:13.0062 2920 PptpMiniport - ok
14:39:13.0078 2920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:39:13.0078 2920 ProtectedStorage - ok
14:39:13.0093 2920 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:39:13.0093 2920 PSched - ok
14:39:13.0125 2920 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:39:13.0125 2920 Ptilink - ok
14:39:13.0125 2920 ql1080 - ok
14:39:13.0140 2920 Ql10wnt - ok
14:39:13.0140 2920 ql12160 - ok
14:39:13.0156 2920 ql1240 - ok
14:39:13.0171 2920 ql1280 - ok
14:39:13.0187 2920 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:39:13.0187 2920 RasAcd - ok
14:39:13.0234 2920 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:39:13.0234 2920 RasAuto - ok
14:39:13.0250 2920 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:39:13.0250 2920 Rasl2tp - ok
14:39:13.0312 2920 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:39:13.0312 2920 RasMan - ok
14:39:13.0343 2920 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:39:13.0343 2920 RasPppoe - ok
14:39:13.0359 2920 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:39:13.0359 2920 Raspti - ok
14:39:13.0406 2920 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:39:13.0406 2920 Rdbss - ok
14:39:13.0437 2920 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:39:13.0437 2920 RDPCDD - ok
14:39:13.0453 2920 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:39:13.0453 2920 rdpdr - ok
14:39:13.0515 2920 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:39:13.0515 2920 RDPWD - ok
14:39:13.0562 2920 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:39:13.0562 2920 RDSessMgr - ok
14:39:13.0578 2920 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:39:13.0593 2920 redbook - ok
14:39:13.0640 2920 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:39:13.0640 2920 RemoteAccess - ok
14:39:13.0687 2920 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:39:13.0687 2920 RemoteRegistry - ok
14:39:13.0703 2920 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
14:39:13.0703 2920 RpcLocator - ok
14:39:13.0750 2920 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:39:13.0765 2920 RpcSs - ok
14:39:13.0812 2920 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:39:13.0812 2920 RSVP - ok
14:39:13.0828 2920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:39:13.0828 2920 SamSs - ok
14:39:13.0859 2920 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:39:13.0859 2920 SCardSvr - ok
14:39:13.0890 2920 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:39:13.0906 2920 Schedule - ok
14:39:13.0937 2920 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:39:13.0937 2920 Secdrv - ok
14:39:13.0984 2920 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:39:13.0984 2920 seclogon - ok
14:39:14.0046 2920 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
14:39:14.0062 2920 senfilt - ok
14:39:14.0109 2920 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:39:14.0109 2920 SENS - ok
14:39:14.0140 2920 [ 227DF2E68510D25462EE80136722374E ] ser2plms C:\WINDOWS\system32\DRIVERS\ser2plms.sys
14:39:14.0140 2920 ser2plms - ok
14:39:14.0187 2920 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:39:14.0187 2920 serenum - ok
14:39:14.0250 2920 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:39:14.0250 2920 Serial - ok
14:39:14.0296 2920 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:39:14.0296 2920 Sfloppy - ok
14:39:14.0406 2920 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:39:14.0406 2920 SharedAccess - ok
14:39:14.0437 2920 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:39:14.0437 2920 ShellHWDetection - ok
14:39:14.0453 2920 Simbad - ok
14:39:14.0515 2920 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
14:39:14.0515 2920 smwdm - ok
14:39:14.0531 2920 Sparrow - ok
14:39:14.0562 2920 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:39:14.0562 2920 splitter - ok
14:39:14.0625 2920 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:39:14.0625 2920 Spooler - ok
14:39:14.0656 2920 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:39:14.0656 2920 sr - ok
14:39:14.0718 2920 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:39:14.0718 2920 srservice - ok
14:39:14.0796 2920 [ 58CA0690268B85EBA331ABAAA577239E ] SRS_AE_Service C:\WINDOWS\system32\drivers\SRS_AE_i386.sys
14:39:14.0796 2920 SRS_AE_Service - ok
14:39:14.0859 2920 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:39:14.0859 2920 Srv - ok
14:39:14.0890 2920 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:39:14.0890 2920 SSDPSRV - ok
14:39:14.0921 2920 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:39:14.0921 2920 stisvc - ok
14:39:14.0937 2920 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:39:14.0937 2920 swenum - ok
14:39:15.0046 2920 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:39:15.0062 2920 SwitchBoard - ok
14:39:15.0109 2920 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:39:15.0109 2920 swmidi - ok
14:39:15.0125 2920 SwPrv - ok
14:39:15.0187 2920 [ C8A43978DADCF12B7E40A0577227DFBC ] sxuptp C:\WINDOWS\system32\DRIVERS\sxuptp.sys
14:39:15.0187 2920 sxuptp - ok
14:39:15.0203 2920 symc810 - ok
14:39:15.0203 2920 symc8xx - ok
14:39:15.0218 2920 sym_hi - ok
14:39:15.0218 2920 sym_u3 - ok
14:39:15.0265 2920 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:39:15.0265 2920 sysaudio - ok
14:39:15.0312 2920 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:39:15.0312 2920 SysmonLog - ok
14:39:15.0328 2920 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:39:15.0343 2920 TapiSrv - ok
14:39:15.0390 2920 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:39:15.0406 2920 Tcpip - ok
14:39:15.0437 2920 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
14:39:15.0453 2920 Tcpip6 - ok
14:39:15.0500 2920 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:39:15.0500 2920 TDPIPE - ok
14:39:15.0515 2920 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:39:15.0515 2920 TDTCP - ok
14:39:15.0531 2920 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:39:15.0531 2920 TermDD - ok
14:39:15.0578 2920 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:39:15.0578 2920 TermService - ok
14:39:15.0625 2920 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:39:15.0625 2920 Themes - ok
14:39:15.0656 2920 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:39:15.0671 2920 TlntSvr - ok
14:39:15.0671 2920 TosIde - ok
14:39:15.0687 2920 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:39:15.0687 2920 TrkWks - ok
14:39:15.0718 2920 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
14:39:15.0718 2920 tunmp - ok
14:39:15.0734 2920 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:39:15.0734 2920 Udfs - ok
14:39:15.0734 2920 ultra - ok
14:39:15.0765 2920 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:39:15.0781 2920 Update - ok
14:39:15.0812 2920 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:39:15.0812 2920 upnphost - ok
14:39:15.0843 2920 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:39:15.0843 2920 UPS - ok
14:39:15.0906 2920 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
14:39:15.0906 2920 USBAAPL - ok
14:39:15.0968 2920 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:39:15.0968 2920 usbccgp - ok
14:39:15.0984 2920 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:39:15.0984 2920 usbehci - ok
14:39:16.0031 2920 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:39:16.0031 2920 usbhub - ok
14:39:16.0062 2920 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:39:16.0062 2920 usbprint - ok
14:39:16.0125 2920 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:39:16.0125 2920 usbscan - ok
14:39:16.0125 2920 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:39:16.0125 2920 USBSTOR - ok
14:39:16.0140 2920 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:39:16.0140 2920 usbuhci - ok
14:39:16.0156 2920 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
14:39:16.0156 2920 usb_rndisx - ok
14:39:16.0171 2920 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:39:16.0187 2920 VgaSave - ok
14:39:16.0187 2920 ViaIde - ok
14:39:16.0218 2920 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:39:16.0218 2920 VolSnap - ok
14:39:16.0265 2920 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:39:16.0265 2920 VSS - ok
14:39:16.0296 2920 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
14:39:16.0296 2920 W32Time - ok
14:39:16.0328 2920 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:39:16.0328 2920 Wanarp - ok
14:39:16.0390 2920 [ 4769596D7CC0F5FA447D2BABC239672A ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
14:39:16.0390 2920 Wdf01000 - ok
14:39:16.0406 2920 WDICA - ok
14:39:16.0421 2920 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:39:16.0421 2920 wdmaud - ok
14:39:16.0468 2920 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:39:16.0484 2920 WebClient - ok
14:39:16.0562 2920 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:39:16.0562 2920 winmgmt - ok
14:39:16.0609 2920 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:39:16.0609 2920 WmdmPmSN - ok
14:39:16.0671 2920 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:39:16.0671 2920 Wmi - ok
14:39:16.0703 2920 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:39:16.0703 2920 WmiApSrv - ok
14:39:16.0781 2920 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:39:16.0796 2920 WMPNetworkSvc - ok
14:39:16.0812 2920 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:39:16.0812 2920 WpdUsb - ok
14:39:16.0890 2920 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:39:16.0890 2920 WPFFontCache_v0400 - ok
14:39:16.0953 2920 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:39:16.0953 2920 wscsvc - ok
14:39:16.0968 2920 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:39:16.0984 2920 wuauserv - ok
14:39:17.0031 2920 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:39:17.0031 2920 WudfPf - ok
14:39:17.0078 2920 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:39:17.0078 2920 WudfRd - ok
14:39:17.0093 2920 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:39:17.0093 2920 WudfSvc - ok
14:39:17.0156 2920 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:39:17.0171 2920 WZCSVC - ok
14:39:17.0187 2920 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:39:17.0187 2920 xmlprov - ok
14:39:17.0250 2920 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:39:17.0265 2920 YahooAUService - ok
14:39:17.0265 2920 ================ Scan global ===============================
14:39:17.0312 2920 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:39:17.0375 2920 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:39:17.0390 2920 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:39:17.0406 2920 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:39:17.0406 2920 [Global] - ok
14:39:17.0406 2920 ================ Scan MBR ==================================
14:39:17.0421 2920 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:39:17.0703 2920 \Device\Harddisk0\DR0 - ok
14:39:17.0703 2920 ================ Scan VBR ==================================
14:39:17.0703 2920 [ 4685D5547AD2683C11EE296DFFF05D5C ] \Device\Harddisk0\DR0\Partition1
14:39:17.0703 2920 \Device\Harddisk0\DR0\Partition1 - ok
14:39:17.0703 2920 ============================================================
14:39:17.0703 2920 Scan finished
14:39:17.0703 2920 ============================================================
14:39:17.0718 2820 Detected object count: 0
14:39:17.0718 2820 Actual detected object count: 0
14:40:47.0703 2760 Deinitialize success


aswmbr.txt


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-02 15:04:11
-----------------------------
15:04:11.500 OS Version: Windows 5.1.2600 Service Pack 3
15:04:11.500 Number of processors: 2 586 0x401
15:04:11.500 ComputerName: USER-0DF0AB7DE6 UserName: Administrator
15:04:12.437 Initialize success
15:04:12.671 AVAST engine defs: 12070300
15:04:22.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
15:04:22.437 Disk 0 Vendor: ST380815AS 3.AAD Size: 76319MB BusType: 3
15:04:22.453 Disk 0 MBR read successfully
15:04:22.453 Disk 0 MBR scan
15:04:22.453 Disk 0 Windows XP default MBR code
15:04:22.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
15:04:22.453 Disk 0 scanning sectors +156280320
15:04:22.578 Disk 0 scanning C:\WINDOWS\system32\drivers
15:04:44.468 Service scanning
15:05:04.000 Modules scanning
15:05:17.859 Disk 0 trace - called modules:
15:05:17.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:05:17.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a60cab8]
15:05:17.890 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a60dd98]
15:05:18.515 AVAST engine scan C:\WINDOWS
15:05:30.593 AVAST engine scan C:\WINDOWS\system32
15:10:07.828 AVAST engine scan C:\WINDOWS\system32\drivers
15:10:45.625 AVAST engine scan C:\Documents and Settings\Administrator
15:27:43.468 AVAST engine scan C:\Documents and Settings\All Users
15:32:39.906 Scan finished successfully
15:33:28.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\MBR.dat"
15:33:28.109 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\aswMBR.txt 1.txt"


eset online-scanner


C:\Documents and Settings\Administrator\Local Settings\Temp\29C5AA8B-BAB0-7891-A0D1-A2B0DFA7D672\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temp\77B6DA2E-BAB0-7891-B0B9-D9A4DC1EAA3E\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Documents and Settings\LESLIE RIGSBY\Local Settings\Temp\YontooSetup-S.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Randy\Desktop\7zip-setup.exe Win32/DownloadAdmin.A.Gen application cleaned by deleting - quarantined
C:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\WINDOWS\Temp\RegistryOptimizer.exe a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined


im not rebooting till i here something and im changin permissions on all users(should of done it a long time ago)but i needed admin perm for something while back and just keep on using admin account. hope this helps but hit me back on what i must run do next. and again thx so much. i actually enjoy gettin those evil little bastard.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 02 September 2012 - 09:58 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 p-riggs

p-riggs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 02 September 2012 - 10:24 PM

got instructions was just makin sure im on same page.should i b doin any of this in safe mode or was i right toassume ud of mentioned it? startin DL an scans now. Big thx again for support.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 02 September 2012 - 10:40 PM

All this should be done in normal mode

#7 p-riggs

p-riggs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 03 September 2012 - 03:51 PM

MalwareBytes Log 1




www.malwarebytes.org

Database version: v2012.09.03.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: USER-0DF0AB7DE6 [administrator]

Protection: Enabled

9/3/2012 12:02:43 AM
mbam-log-2012-09-03 (00-02-43).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 452218
Time elapsed: 2 hour(s), 47 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 45
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> No action taken.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> No action taken.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> No action taken.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> No action taken.
HKCR\escort.escortIEPane (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> No action taken.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> No action taken.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken.
HKCR\f (PUP.Funmoods) -> No action taken.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> No action taken.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> No action taken.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0003491.FBApi (PUP.CrossFire.Gen) -> No action taken.
HKCR\CrossriderApp0003491.FBApi.1 (PUP.CrossFire.Gen) -> No action taken.
HKCR\CrossriderApp0003491.Sandbox (PUP.CrossFire.Gen) -> No action taken.
HKCR\CrossriderApp0003491.Sandbox.1 (PUP.CrossFire.Gen) -> No action taken.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken.
HKCU\Software\Cr_Installer\3491 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> No action taken.
HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> No action taken.
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 02e17cc2f2d6595baf754a98623c0dba -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\All Users\Application Data\14168904 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Detected: 4
C:\Documents and Settings\Cindy\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> No action taken.
C:\Documents and Settings\Cindy\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> No action taken.
C:\Documents and Settings\Cindy\Local Settings\Temporary Internet Files\Content.IE5\97312T8M\DefaultTabSetup[1] (Adware.MySearchResults) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\14168904\pc14168904ins (Rogue.Multiple) -> Quarantined and deleted successfully.

MalwareBytes Log 2


Database version: v2012.09.03.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: USER-0DF0AB7DE6 [administrator]

Protection: Enabled

9/3/2012 1:05:23 PM
mbam-log-2012-09-03 (13-05-23).txt

Scan type: Full scan (A:\|C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 451963
Time elapsed: 2 hour(s), 49 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
M

iniToolBox


MiniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 03-09-2012 at 16:15:25
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : user-0df0ab7de6

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Belkin



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-30-1E-1E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : 2601:0:6680:a:c1e7:1e26:adaa:c67e

IP Address. . . . . . . . . . . . : 2601:0:6680:a:213:20ff:fe30:1e1e

IP Address. . . . . . . . . . . . : fe80::213:20ff:fe30:1e1e%5

Default Gateway . . . . . . . . . : 192.168.2.1

fe80::a86:3bff:fe64:db9e%5

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Monday, September 03, 2012 4:10:40 PM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%4

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-02-03

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.2.3%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: router.Belkin
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.139.113, 74.125.139.138, 74.125.139.100, 74.125.139.102
74.125.139.139, 74.125.139.101



Pinging google.com [2001:4860:800a::65] with 32 bytes of data:



Reply from 2001:4860:800a::65: time=54ms

Reply from 2001:4860:800a::65: time=36ms



Ping statistics for 2001:4860:800a::65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 36ms, Maximum = 54ms, Average = 45ms

Server: router.Belkin
Address: 192.168.2.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=384ms TTL=47

Reply from 98.139.183.24: bytes=32 time=344ms TTL=47



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 344ms, Maximum = 384ms, Average = 364ms

Server: router.Belkin
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 13 20 30 1e 1e ...... Intel® PRO/100 VE Network Connection - avast! Firewall NDIS Filter Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.2.3 192.168.2.3 20
192.168.2.0 255.255.255.0 192.168.2.3 192.168.2.3 20
192.168.2.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.3 192.168.2.3 20
224.0.0.0 240.0.0.0 192.168.2.3 192.168.2.3 20
255.255.255.255 255.255.255.255 192.168.2.3 192.168.2.3 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/01/2012 01:12:36 PM) (Source: MsiInstaller) (User: USER-0DF0AB7DE6)USER-0DF0AB7DE6
Description: Product: Microsoft Office 2000 SR-1 Small Business -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Small Business. The Windows installer cannot continue.

Error: (08/31/2012 11:45:40 AM) (Source: ESENT) (User: )
Description: wuauclt (3544) Database recovery/restore failed with unexpected error -1032.

Error: (08/31/2012 11:45:40 AM) (Source: ESENT) (User: )
Description: wuauclt (3544) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/31/2012 11:45:23 AM) (Source: ESENT) (User: )
Description: wuauclt (3232) Database recovery/restore failed with unexpected error -1032.

Error: (08/31/2012 11:45:23 AM) (Source: ESENT) (User: )
Description: wuauclt (3232) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/30/2012 10:39:01 AM) (Source: ESENT) (User: )
Description: wuauclt (5880) Database recovery/restore failed with unexpected error -1032.

Error: (08/30/2012 10:39:01 AM) (Source: ESENT) (User: )
Description: wuauclt (5880) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb. Error -1032.

Error: (08/30/2012 10:39:01 AM) (Source: ESENT) (User: )
Description: wuauclt (5880) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/30/2012 10:38:50 AM) (Source: ESENT) (User: )
Description: wuauclt (5392) Database recovery/restore failed with unexpected error -1032.

Error: (08/30/2012 10:38:50 AM) (Source: ESENT) (User: )
Description: wuauclt (5392) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb. Error -1032.


System errors:
=============
Error: (09/03/2012 01:02:01 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (09/03/2012 01:01:54 PM) (Source: 0) (User: )
Description:

Error: (09/03/2012 00:23:52 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (09/03/2012 00:23:45 PM) (Source: 0) (User: )
Description:

Error: (09/03/2012 11:53:25 AM) (Source: 0) (User: )
Description:

Error: (09/03/2012 11:53:25 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (09/03/2012 11:53:24 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde

Error: (09/03/2012 11:53:16 AM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (09/02/2012 11:53:26 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (09/02/2012 11:53:01 PM) (Source: 0) (User: )
Description:


Microsoft Office Sessions:
=========================
Error: (09/01/2012 01:12:36 PM) (Source: MsiInstaller)(User: USER-0DF0AB7DE6)USER-0DF0AB7DE6
Description: Product: Microsoft Office 2000 SR-1 Small Business -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Small Business. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (08/31/2012 11:45:40 AM) (Source: ESENT)(User: )
Description: wuauclt3544-1032

Error: (08/31/2012 11:45:40 AM) (Source: ESENT)(User: )
Description: wuauclt3544C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/31/2012 11:45:23 AM) (Source: ESENT)(User: )
Description: wuauclt3232-1032

Error: (08/31/2012 11:45:23 AM) (Source: ESENT)(User: )
Description: wuauclt3232C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/30/2012 10:39:01 AM) (Source: ESENT)(User: )
Description: wuauclt5880-1032

Error: (08/30/2012 10:39:01 AM) (Source: ESENT)(User: )
Description: wuauclt5880C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1032

Error: (08/30/2012 10:39:01 AM) (Source: ESENT)(User: )
Description: wuauclt5880C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/30/2012 10:38:50 AM) (Source: ESENT)(User: )
Description: wuauclt5392-1032

Error: (08/30/2012 10:38:50 AM) (Source: ESENT)(User: )
Description: wuauclt5392C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1032


=========================== Installed Programs ============================

7-Zip 9.20
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Widget Browser (Version: 2.0 Build 348)
Adobe Widget Browser (Version: 2.0.348)
Android SDK Tools (Version: 1.16)
APK Multi-Tools
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.778.0)
ATI Display Driver (Version: 8.432-071101a-054435C-ATI)
avast! Internet Security (Version: 7.0.1466.0)
Bejeweled 2 Deluxe
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center (Version: 1.1.3)
Bing Bar (Version: 7.1.391.0)
Bonjour (Version: 3.0.0.10)
Canon Camera Access Library (Version: 8.3.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.4.0.9)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.3.0.8)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.4.0.14)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.5.0.8)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.7.0.8)
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities PhotoStitch (Version: 3.1.19.43)
Canon Utilities ZoomBrowser EX (Version: 5.8.0.74)
Desktop Themes (Version: )
ESET Online Scanner v3
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
Google Chrome (Version: 21.0.1180.89)
Google Earth (Version: 6.1.0.5001)
Google Talk Plugin (Version: 3.5.1.8982)
Google Update Helper (Version: 1.3.21.115)
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
IrfanView (remove only)
iTunes (Version: 10.6.3.25)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Lexmark 5000 Series
Lexmark Toolbar (Version: 4.13.37.0)
Living Beaches Desktop Theme (Version: )
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
McAfee Security Scan Plus (Version: 3.0.207.4)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.6.0)
MotoCast (Version: 2.0.23)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Device Manager (Version: 2.2.28)
Motorola Device Software Update (Version: 1.0.40)
MOTOROLA MEDIA LINK (Version: 1.8.0021.0)
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0)
MSN
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Nero BurnLite 10 (Version: 10.0.10500.5.100)
Nero BurnLite 10 (Version: 10.0.10600)
Nero Control Center 10 (Version: 10.0.13100.3.1)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
Nero Core Components 10 (Version: 2.0.15100.0.1)
Nero Update (Version: 1.0.0018)
NetAssistant (Version: 3.8.3)
Notepad++ (Version: 6.1.6)
OLYMPUS Digital Camera Updater (Version: 1.0.1)
Olympus ib (Version: 1.3.2207)
OLYMPUS Viewer 2 (Version: 1.1.1)
OpenOffice.org 3.4 (Version: 3.4.9590)
PowerDVD 5.7
QFolder (Version: 1.00.0000)
QuickTime (Version: 7.72.80.56)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
RealUpgrade 1.0 (Version: 1.0.0)
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.34.57.2)
SoundMAX (Version: 5.12.01.5246)
Tweak UI
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Virtuous Ten Studio version 1.7.24 (Version: 1.7.24)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (Version: 09/09/2009 1.0.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPcap 4.1.2 (Version: 4.1.0.2001)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 2046.07 MB
Available physical RAM: 1091.5 MB
Total Pagefile: 4892.11 MB
Available Pagefile: 4124.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.98 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.52 GB) (Free:13.9 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-0DF0AB7DE6

Administrator ASPNET Cindy
Guest HelpAssistant LESLIE RIGSBY
Randy SUPPORT_388945a0


**** End of log ****

FSS Log


Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 03-09-2012 at 16:16:31
Running from "C:\Documents and Settings\Administrator\My Documents\MALWARE Utilities"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswFW(14) aswTdi(13) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(4) Tcpip6(11)
0x0E00000005000000010000000200000003000000040000000E0000000D0000000B0000000C000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

[center]Adware Log 1

# AdwCleaner v2.000 - Logfile created 09/03/2012 at 16:17:22
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - USER-0DF0AB7DE6
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\MALWARE Utilities\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\3sy9i2fd.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Cindy\Application Data\Mozilla\Firefox\Profiles\191w6fnd.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Family&Friends\Application Data\Mozilla\Firefox\Profiles\sn3s6bbv.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\LESLIE RIGSBY\Application Data\Mozilla\Firefox\Profiles\k4bud39f.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e7i4cgzc.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Cindy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [42373 octets] - [03/09/2012 12:20:33]
AdwCleaner[S2].txt - [1942 octets] - [03/09/2012 16:17:22]

########## EOF - C:\AdwCleaner[S2].txt - [2002 octets] ##########

Thank you so much for ur help so far. just let me know whats next when u get a chance. u guys r awesome

#8 p-riggs

p-riggs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 03 September 2012 - 03:53 PM

on first malwarebytes log i noticed it says no action taken. i did get them deleted but i didnt check all the boxes the first time when hitting delete thats why it say 'no action taken'

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 03 September 2012 - 04:10 PM

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

What are your current issues?

#10 p-riggs

p-riggs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 03 September 2012 - 04:45 PM

Rkill 2.3.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/03/2012 05:34:03 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/03/2012 05:34:58 PM
Execution time: 0 hours(s), 0 minute(s), and 54 seconds(s)

i believe i dont have any more issues if that is the last thing to run.and any suggestions on best antivirus protection free and paid ? and if there r any suggestions on anything u saw in any logs to fix or to have pc runnin smoother again id appreciate it. or if u can point me in right direction or link. i really cant thank u enough for ur help and time. if u can give me a link to drop a few bucks so u can use buy a beer or for the site. but will be Thursday. that payday. thx again

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 03 September 2012 - 05:07 PM

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

believe i dont have any more issues if that is the last thing to run.and any suggestions on best antivirus protection free and paid ? and if there r any suggestions on anything u saw in any logs to fix or to have pc runnin smoother again id appreciate it.


You have avast+malwarebytes which is good.

Choosing an antivirus or firewall

http://www.bleepingcomputer.com/forums/topic407147.html

How did i get infected

http://www.bleepingcomputer.com/forums/topic2520.html

i really cant thank u enough for ur help and time. if u can give me a link to drop a few bucks so u can use buy a beer or for the site. but will be Thursday. that payday. thx again


You're welcome :).Check your PM




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users