Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Virus, Redirecting


  • Please log in to reply
15 replies to this topic

#1 macobi

macobi

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 26 September 2012 - 01:15 PM

Two days ago, while watching youtube, an FBI virus page covered my screen. It said I received the message because I had either downloaded copyrighted material or looked at child pornographic images. It demanded I pay a $200.00 fine to remove my name from the list and have my pc work right again. I tried to start the task manager, but it'd only blinked briefly on screen. To keep the task manager displayed on the screen, I had to "hold ctrl+alt+del" down while simultaneously using the mouse in the task manager to end the process tree from the program that was listed as "Active X". I then restarted my pc. This time right after I logged on, the FBI page appeared again prohibiting all other functions on my desktop. So I did the "ctrl+alt+del" again while simultaneously ending the process tree in the task manager. I then restored my computer to an earlier date. My pc worked fine for the remainder of that day.

Yesterday, my pc worked fine. I did notice that it took a while to pull up Internet Explorer.

Today, internet explorer was slow coming up. In addition, when I google something and click on the link, I'm now redirected to other sites. Some have ads others just a list of company names. I've had a previous problem earlier this year with a ghost audio virus and google redirecting. Both problems were fixed on this forum. Today while browsing under the "virus removal" tab on bleepingcomputer.com, I downloaded and scanned my using kapernsky, and it found no threats. I also downloaded the malwarebytes anti-malware software and scanned my pc twice. That program found and removed two threats the first time. The second scan resulted in no threats. However, the internet is still constantly redirecting.

I'm infected, what do I do?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:51 PM

Posted 26 September 2012 - 01:20 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 macobi

macobi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 26 September 2012 - 03:13 PM

TDSSkiller scan results:

13:54:11.0687 4248 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:54:13.0406 4248 ============================================================
13:54:13.0406 4248 Current date / time: 2012/09/26 13:54:13.0406
13:54:13.0406 4248 SystemInfo:
13:54:13.0406 4248
13:54:13.0406 4248 OS Version: 5.1.2600 ServicePack: 3.0
13:54:13.0406 4248 Product type: Workstation
13:54:13.0406 4248 ComputerName: FRONTOFFICEPC
13:54:13.0406 4248 UserName: Clerical Asst III
13:54:13.0406 4248 Windows directory: C:\WINDOWS
13:54:13.0406 4248 System windows directory: C:\WINDOWS
13:54:13.0406 4248 Processor architecture: Intel x86
13:54:13.0406 4248 Number of processors: 2
13:54:13.0406 4248 Page size: 0x1000
13:54:13.0406 4248 Boot type: Normal boot
13:54:13.0406 4248 ============================================================
13:54:15.0375 4248 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:54:15.0375 4248 ============================================================
13:54:15.0375 4248 \Device\Harddisk0\DR0:
13:54:15.0375 4248 MBR partitions:
13:54:15.0375 4248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A011FC
13:54:15.0375 4248 ============================================================
13:54:15.0421 4248 C: <-> \Device\Harddisk0\DR0\Partition1
13:54:15.0421 4248 ============================================================
13:54:15.0421 4248 Initialize success
13:54:15.0421 4248 ============================================================
13:54:17.0750 4424 ============================================================
13:54:17.0750 4424 Scan started
13:54:17.0750 4424 Mode: Manual;
13:54:17.0750 4424 ============================================================
13:54:18.0953 4424 ================ Scan system memory ========================
13:54:18.0968 4424 System memory - ok
13:54:18.0968 4424 ================ Scan services =============================
13:54:19.0078 4424 Abiosdsk - ok
13:54:19.0078 4424 abp480n5 - ok
13:54:19.0140 4424 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:54:19.0156 4424 ACPI - ok
13:54:19.0203 4424 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:54:19.0203 4424 ACPIEC - ok
13:54:19.0250 4424 [ F959F333A01F5C109E9D644C3BD8301C ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
13:54:19.0250 4424 ADIHdAudAddService - ok
13:54:19.0359 4424 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:54:19.0375 4424 AdobeFlashPlayerUpdateSvc - ok
13:54:19.0375 4424 adpu160m - ok
13:54:19.0406 4424 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:54:19.0421 4424 aec - ok
13:54:19.0468 4424 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:54:19.0484 4424 AFD - ok
13:54:19.0484 4424 Aha154x - ok
13:54:19.0500 4424 aic78u2 - ok
13:54:19.0515 4424 aic78xx - ok
13:54:19.0546 4424 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:54:19.0546 4424 Alerter - ok
13:54:19.0578 4424 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:54:19.0578 4424 ALG - ok
13:54:19.0578 4424 AliIde - ok
13:54:19.0593 4424 amsint - ok
13:54:19.0656 4424 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:54:19.0656 4424 AppMgmt - ok
13:54:19.0671 4424 asc - ok
13:54:19.0671 4424 asc3350p - ok
13:54:19.0687 4424 asc3550 - ok
13:54:19.0796 4424 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:54:19.0796 4424 aspnet_state - ok
13:54:19.0843 4424 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:54:19.0843 4424 AsyncMac - ok
13:54:19.0875 4424 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:54:19.0890 4424 atapi - ok
13:54:19.0890 4424 Atdisk - ok
13:54:19.0953 4424 [ C23082B890F21267037CA6111C385FF3 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
13:54:19.0968 4424 Ati HotKey Poller - ok
13:54:20.0031 4424 [ CEC65FA2556ADE70544B32D65FC76D07 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
13:54:20.0140 4424 ATI Smart - ok
13:54:20.0421 4424 [ F5FC6AC1E7BC776871361D463FC86BE2 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:54:20.0531 4424 ati2mtag - ok
13:54:20.0625 4424 ATICDSDr - ok
13:54:20.0671 4424 [ 1842B56B3D3F195C36F62708D266B95E ] atiide C:\WINDOWS\system32\DRIVERS\atiide.sys
13:54:20.0671 4424 atiide - ok
13:54:20.0718 4424 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:54:20.0718 4424 Atmarpc - ok
13:54:20.0765 4424 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:54:20.0765 4424 AudioSrv - ok
13:54:20.0828 4424 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:54:20.0828 4424 audstub - ok
13:54:21.0000 4424 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
13:54:21.0000 4424 BBSvc - ok
13:54:21.0062 4424 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
13:54:21.0062 4424 BBUpdate - ok
13:54:21.0125 4424 [ 78E7B52DA292FA90BAD2F887BBF22159 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
13:54:21.0125 4424 bcm4sbxp - ok
13:54:21.0296 4424 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
13:54:21.0296 4424 BcmSqlStartupSvc - ok
13:54:21.0359 4424 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:54:21.0359 4424 Beep - ok
13:54:21.0562 4424 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120919.001\BHDrvx86.sys
13:54:21.0593 4424 BHDrvx86 - ok
13:54:21.0656 4424 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:54:21.0671 4424 BITS - ok
13:54:21.0734 4424 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:54:21.0734 4424 Browser - ok
13:54:21.0781 4424 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:54:21.0781 4424 cbidf2k - ok
13:54:21.0890 4424 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\WINDOWS\system32\drivers\NIS\1308000.00E\ccSetx86.sys
13:54:21.0890 4424 ccSet_NIS - ok
13:54:21.0906 4424 cd20xrnt - ok
13:54:21.0953 4424 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:54:21.0953 4424 Cdaudio - ok
13:54:21.0968 4424 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:54:21.0984 4424 Cdfs - ok
13:54:22.0031 4424 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:54:22.0031 4424 Cdrom - ok
13:54:22.0078 4424 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
13:54:22.0078 4424 cercsr6 - ok
13:54:22.0078 4424 Changer - ok
13:54:22.0109 4424 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:54:22.0109 4424 CiSvc - ok
13:54:22.0140 4424 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:54:22.0140 4424 ClipSrv - ok
13:54:22.0218 4424 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:54:22.0265 4424 clr_optimization_v2.0.50727_32 - ok
13:54:22.0312 4424 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:54:22.0312 4424 clr_optimization_v4.0.30319_32 - ok
13:54:22.0328 4424 CmdIde - ok
13:54:22.0328 4424 COMSysApp - ok
13:54:22.0343 4424 Cpqarray - ok
13:54:22.0406 4424 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:54:22.0406 4424 CryptSvc - ok
13:54:22.0421 4424 dac2w2k - ok
13:54:22.0421 4424 dac960nt - ok
13:54:22.0500 4424 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:54:22.0500 4424 DcomLaunch - ok
13:54:22.0812 4424 DellBIOS - ok
13:54:22.0859 4424 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:54:22.0859 4424 Dhcp - ok
13:54:22.0921 4424 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:54:22.0921 4424 Disk - ok
13:54:22.0984 4424 [ 0659E6E0A95564F958D9DF7313F7701E ] DLABMFSM C:\WINDOWS\system32\DLA\DLABMFSM.SYS
13:54:22.0984 4424 DLABMFSM - ok
13:54:23.0000 4424 [ 8691C78908F0BD66170669DB268369F2 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
13:54:23.0000 4424 DLABOIOM - ok
13:54:23.0015 4424 [ 76167B5EB2DFFC729EDC36386876B40B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
13:54:23.0015 4424 DLACDBHM - ok
13:54:23.0046 4424 [ 5615744A1056933B90E6AC54FEB86F35 ] DLADResM C:\WINDOWS\system32\DLA\DLADResM.SYS
13:54:23.0046 4424 DLADResM - ok
13:54:23.0062 4424 [ 1AECA2AFA5005CE4A550CF8EB55A8C88 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
13:54:23.0062 4424 DLAIFS_M - ok
13:54:23.0078 4424 [ 840E7F6ABB885C72B9FFDDB022EF5B6D ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
13:54:23.0078 4424 DLAOPIOM - ok
13:54:23.0078 4424 [ 0294D18731AC05DA80132CE88F8A876B ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
13:54:23.0093 4424 DLAPoolM - ok
13:54:23.0093 4424 [ 91886FED52A3F9966207BCE46CFD794F ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
13:54:23.0093 4424 DLARTL_M - ok
13:54:23.0109 4424 [ CCA4E121D599D7D1706A30F603731E59 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
13:54:23.0109 4424 DLAUDFAM - ok
13:54:23.0125 4424 [ 7DAB85C33135DF24419951DA4E7D38E5 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
13:54:23.0125 4424 DLAUDF_M - ok
13:54:23.0140 4424 [ C1E8F827343C65957F76487677711DFA ] DM150Drv C:\WINDOWS\system32\DRIVERS\DM150Drv.sys
13:54:23.0156 4424 DM150Drv - ok
13:54:23.0156 4424 dmadmin - ok
13:54:23.0203 4424 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:54:23.0218 4424 dmboot - ok
13:54:23.0218 4424 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:54:23.0234 4424 dmio - ok
13:54:23.0250 4424 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:54:23.0250 4424 dmload - ok
13:54:23.0296 4424 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:54:23.0296 4424 dmserver - ok
13:54:23.0296 4424 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:54:23.0312 4424 DMusic - ok
13:54:23.0359 4424 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:54:23.0359 4424 Dnscache - ok
13:54:23.0375 4424 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:54:23.0390 4424 Dot3svc - ok
13:54:23.0421 4424 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
13:54:23.0437 4424 dot4 - ok
13:54:23.0453 4424 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
13:54:23.0453 4424 Dot4Print - ok
13:54:23.0468 4424 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
13:54:23.0468 4424 dot4usb - ok
13:54:23.0468 4424 dpti2o - ok
13:54:23.0515 4424 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:54:23.0515 4424 drmkaud - ok
13:54:23.0531 4424 [ C00440385CF9F3D142917C63F989E244 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
13:54:23.0531 4424 DRVMCDB - ok
13:54:23.0546 4424 [ 6E6AB29D3C06E64CE81FEACDA85394B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
13:54:23.0546 4424 DRVNDDM - ok
13:54:23.0578 4424 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:54:23.0578 4424 EapHost - ok
13:54:23.0671 4424 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:54:23.0687 4424 eeCtrl - ok
13:54:23.0718 4424 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:54:23.0718 4424 EraserUtilRebootDrv - ok
13:54:23.0750 4424 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:54:23.0750 4424 ERSvc - ok
13:54:23.0796 4424 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:54:23.0796 4424 Eventlog - ok
13:54:23.0859 4424 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:54:23.0859 4424 EventSystem - ok
13:54:23.0890 4424 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:54:23.0906 4424 Fastfat - ok
13:54:23.0937 4424 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:54:23.0953 4424 FastUserSwitchingCompatibility - ok
13:54:23.0968 4424 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:54:23.0968 4424 Fdc - ok
13:54:24.0031 4424 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:54:24.0031 4424 Fips - ok
13:54:24.0093 4424 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:54:24.0109 4424 FLEXnet Licensing Service - ok
13:54:24.0156 4424 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:54:24.0156 4424 Flpydisk - ok
13:54:24.0218 4424 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:54:24.0234 4424 FltMgr - ok
13:54:24.0312 4424 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:54:24.0312 4424 FontCache3.0.0.0 - ok
13:54:24.0359 4424 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:54:24.0359 4424 Fs_Rec - ok
13:54:24.0359 4424 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:54:24.0375 4424 Ftdisk - ok
13:54:24.0453 4424 [ 8F6AE606EB0CC884EE12C41948424422 ] GoToAssist C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
13:54:24.0453 4424 GoToAssist - ok
13:54:24.0515 4424 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:54:24.0515 4424 Gpc - ok
13:54:24.0578 4424 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:54:24.0578 4424 gupdate - ok
13:54:24.0578 4424 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:54:24.0578 4424 gupdatem - ok
13:54:24.0640 4424 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:54:24.0656 4424 gusvc - ok
13:54:24.0671 4424 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:54:24.0671 4424 HDAudBus - ok
13:54:24.0781 4424 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:54:24.0796 4424 helpsvc - ok
13:54:24.0796 4424 HidServ - ok
13:54:24.0812 4424 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:54:24.0812 4424 hidusb - ok
13:54:24.0859 4424 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:54:24.0859 4424 hkmsvc - ok
13:54:24.0875 4424 hpn - ok
13:54:24.0890 4424 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
13:54:24.0890 4424 HSFHWBS2 - ok
13:54:24.0953 4424 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
13:54:24.0984 4424 HSF_DP - ok
13:54:25.0031 4424 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:54:25.0031 4424 HTTP - ok
13:54:25.0078 4424 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:54:25.0078 4424 HTTPFilter - ok
13:54:25.0093 4424 i2omgmt - ok
13:54:25.0093 4424 i2omp - ok
13:54:25.0109 4424 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
13:54:25.0109 4424 i8042prt - ok
13:54:25.0187 4424 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:54:25.0203 4424 idsvc - ok
13:54:25.0421 4424 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120925.001\IDSxpx86.sys
13:54:25.0437 4424 IDSxpx86 - ok
13:54:25.0468 4424 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:54:25.0468 4424 Imapi - ok
13:54:25.0531 4424 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:54:25.0531 4424 ImapiService - ok
13:54:25.0546 4424 ini910u - ok
13:54:25.0562 4424 IntelIde - ok
13:54:25.0625 4424 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:54:25.0625 4424 intelppm - ok
13:54:25.0656 4424 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:54:25.0671 4424 Ip6Fw - ok
13:54:25.0687 4424 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:54:25.0687 4424 IpFilterDriver - ok
13:54:25.0703 4424 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:54:25.0703 4424 IpInIp - ok
13:54:25.0750 4424 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:54:25.0750 4424 IpNat - ok
13:54:25.0765 4424 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:54:25.0765 4424 IPSec - ok
13:54:25.0812 4424 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:54:25.0812 4424 IRENUM - ok
13:54:25.0843 4424 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:54:25.0843 4424 isapnp - ok
13:54:25.0953 4424 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
13:54:25.0953 4424 JavaQuickStarterService - ok
13:54:26.0015 4424 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:54:26.0015 4424 Kbdclass - ok
13:54:26.0031 4424 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:54:26.0031 4424 kbdhid - ok
13:54:26.0078 4424 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:54:26.0078 4424 kmixer - ok
13:54:26.0125 4424 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:54:26.0125 4424 KSecDD - ok
13:54:26.0156 4424 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:54:26.0171 4424 lanmanserver - ok
13:54:26.0187 4424 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:54:26.0187 4424 lanmanworkstation - ok
13:54:26.0187 4424 lbrtfdc - ok
13:54:26.0265 4424 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:54:26.0265 4424 LmHosts - ok
13:54:26.0312 4424 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
13:54:26.0312 4424 MBAMProtector - ok
13:54:26.0375 4424 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:54:26.0390 4424 MBAMScheduler - ok
13:54:26.0421 4424 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:54:26.0437 4424 MBAMService - ok
13:54:26.0468 4424 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:54:26.0484 4424 mdmxsdk - ok
13:54:26.0531 4424 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:54:26.0531 4424 Messenger - ok
13:54:26.0578 4424 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:54:26.0578 4424 mnmdd - ok
13:54:26.0625 4424 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:54:26.0625 4424 mnmsrvc - ok
13:54:26.0687 4424 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:54:26.0687 4424 Modem - ok
13:54:26.0734 4424 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:54:26.0734 4424 MODEMCSA - ok
13:54:26.0765 4424 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:54:26.0765 4424 Mouclass - ok
13:54:26.0828 4424 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:54:26.0828 4424 mouhid - ok
13:54:26.0875 4424 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:54:26.0875 4424 MountMgr - ok
13:54:26.0890 4424 mraid35x - ok
13:54:26.0921 4424 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:54:26.0921 4424 MRxDAV - ok
13:54:26.0953 4424 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:54:26.0953 4424 MRxSmb - ok
13:54:26.0984 4424 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:54:27.0000 4424 MSDTC - ok
13:54:27.0031 4424 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:54:27.0031 4424 Msfs - ok
13:54:27.0031 4424 MSIServer - ok
13:54:27.0062 4424 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:54:27.0078 4424 MSKSSRV - ok
13:54:27.0078 4424 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:54:27.0093 4424 MSPCLOCK - ok
13:54:27.0093 4424 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:54:27.0093 4424 MSPQM - ok
13:54:27.0109 4424 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:54:27.0125 4424 mssmbios - ok
13:54:27.0187 4424 MSSQL$MSSMLBIZ - ok
13:54:27.0250 4424 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:54:27.0250 4424 MSSQLServerADHelper - ok
13:54:27.0281 4424 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:54:27.0281 4424 Mup - ok
13:54:27.0296 4424 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:54:27.0312 4424 napagent - ok
13:54:27.0390 4424 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120926.002\NAVENG.SYS
13:54:27.0406 4424 NAVENG - ok
13:54:27.0453 4424 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120926.002\NAVEX15.SYS
13:54:27.0484 4424 NAVEX15 - ok
13:54:27.0531 4424 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:54:27.0531 4424 NDIS - ok
13:54:27.0593 4424 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:54:27.0593 4424 NdisTapi - ok
13:54:27.0609 4424 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:54:27.0609 4424 Ndisuio - ok
13:54:27.0625 4424 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:54:27.0625 4424 NdisWan - ok
13:54:27.0687 4424 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:54:27.0687 4424 NDProxy - ok
13:54:27.0750 4424 [ F7C14F5077BF2BC476C348B88A7F74E2 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
13:54:27.0750 4424 Net Driver HPZ12 - ok
13:54:27.0765 4424 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:54:27.0765 4424 NetBIOS - ok
13:54:27.0781 4424 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:54:27.0781 4424 NetBT - ok
13:54:27.0828 4424 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:54:27.0843 4424 NetDDE - ok
13:54:27.0843 4424 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:54:27.0843 4424 NetDDEdsdm - ok
13:54:27.0890 4424 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:54:27.0890 4424 Netlogon - ok
13:54:27.0953 4424 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:54:27.0953 4424 Netman - ok
13:54:28.0000 4424 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:54:28.0000 4424 NetTcpPortSharing - ok
13:54:28.0125 4424 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
13:54:28.0125 4424 NIS - ok
13:54:28.0187 4424 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:54:28.0187 4424 Nla - ok
13:54:28.0250 4424 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:54:28.0250 4424 Npfs - ok
13:54:28.0312 4424 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:54:28.0312 4424 Ntfs - ok
13:54:28.0328 4424 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:54:28.0328 4424 NtLmSsp - ok
13:54:28.0375 4424 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:54:28.0390 4424 NtmsSvc - ok
13:54:28.0453 4424 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:54:28.0453 4424 Null - ok
13:54:28.0500 4424 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:54:28.0500 4424 NwlnkFlt - ok
13:54:28.0515 4424 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:54:28.0515 4424 NwlnkFwd - ok
13:54:28.0593 4424 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:54:28.0609 4424 odserv - ok
13:54:28.0640 4424 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:54:28.0656 4424 ose - ok
13:54:28.0687 4424 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:54:28.0687 4424 Parport - ok
13:54:28.0703 4424 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:54:28.0703 4424 PartMgr - ok
13:54:28.0765 4424 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:54:28.0765 4424 ParVdm - ok
13:54:28.0781 4424 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:54:28.0781 4424 PCI - ok
13:54:28.0781 4424 PCIDump - ok
13:54:28.0828 4424 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:54:28.0828 4424 PCIIde - ok
13:54:28.0843 4424 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:54:28.0843 4424 Pcmcia - ok
13:54:28.0859 4424 PDCOMP - ok
13:54:28.0859 4424 PDFRAME - ok
13:54:28.0875 4424 PDRELI - ok
13:54:28.0890 4424 PDRFRAME - ok
13:54:28.0890 4424 perc2 - ok
13:54:28.0906 4424 perc2hib - ok
13:54:28.0953 4424 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:54:28.0953 4424 PlugPlay - ok
13:54:28.0984 4424 [ E638656001C52A1FAA34F92E6D3A086B ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
13:54:28.0984 4424 Pml Driver HPZ12 - ok
13:54:29.0000 4424 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:54:29.0000 4424 PolicyAgent - ok
13:54:29.0015 4424 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:54:29.0015 4424 PptpMiniport - ok
13:54:29.0015 4424 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:54:29.0015 4424 ProtectedStorage - ok
13:54:29.0031 4424 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:54:29.0031 4424 PSched - ok
13:54:29.0062 4424 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:54:29.0062 4424 Ptilink - ok
13:54:29.0078 4424 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:54:29.0078 4424 PxHelp20 - ok
13:54:29.0078 4424 ql1080 - ok
13:54:29.0093 4424 Ql10wnt - ok
13:54:29.0093 4424 ql12160 - ok
13:54:29.0109 4424 ql1240 - ok
13:54:29.0125 4424 ql1280 - ok
13:54:29.0156 4424 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:54:29.0156 4424 RasAcd - ok
13:54:29.0203 4424 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:54:29.0203 4424 RasAuto - ok
13:54:29.0234 4424 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:54:29.0234 4424 Rasl2tp - ok
13:54:29.0312 4424 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:54:29.0312 4424 RasMan - ok
13:54:29.0328 4424 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:54:29.0328 4424 RasPppoe - ok
13:54:29.0328 4424 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:54:29.0343 4424 Raspti - ok
13:54:29.0359 4424 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:54:29.0359 4424 Rdbss - ok
13:54:29.0375 4424 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:54:29.0375 4424 RDPCDD - ok
13:54:29.0390 4424 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:54:29.0390 4424 rdpdr - ok
13:54:29.0453 4424 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:54:29.0468 4424 RDPWD - ok
13:54:29.0515 4424 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:54:29.0515 4424 RDSessMgr - ok
13:54:29.0546 4424 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:54:29.0546 4424 redbook - ok
13:54:29.0609 4424 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:54:29.0609 4424 RemoteAccess - ok
13:54:29.0656 4424 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:54:29.0656 4424 RemoteRegistry - ok
13:54:29.0671 4424 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:54:29.0671 4424 RpcLocator - ok
13:54:29.0718 4424 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:54:29.0734 4424 RpcSs - ok
13:54:29.0796 4424 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:54:29.0796 4424 RSVP - ok
13:54:29.0812 4424 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:54:29.0812 4424 SamSs - ok
13:54:29.0843 4424 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:54:29.0843 4424 SCardSvr - ok
13:54:29.0890 4424 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:54:29.0890 4424 Schedule - ok
13:54:29.0921 4424 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:54:29.0937 4424 Secdrv - ok
13:54:29.0968 4424 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:54:29.0968 4424 seclogon - ok
13:54:30.0031 4424 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
13:54:30.0046 4424 SenFiltService - ok
13:54:30.0078 4424 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:54:30.0093 4424 SENS - ok
13:54:30.0093 4424 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:54:30.0093 4424 serenum - ok
13:54:30.0109 4424 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:54:30.0125 4424 Serial - ok
13:54:30.0140 4424 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:54:30.0156 4424 Sfloppy - ok
13:54:30.0203 4424 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:54:30.0203 4424 SharedAccess - ok
13:54:30.0265 4424 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:54:30.0265 4424 ShellHWDetection - ok
13:54:30.0265 4424 Simbad - ok
13:54:30.0281 4424 Sparrow - ok
13:54:30.0343 4424 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:54:30.0343 4424 splitter - ok
13:54:30.0406 4424 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:54:30.0406 4424 Spooler - ok
13:54:30.0421 4424 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:54:30.0421 4424 SQLBrowser - ok
13:54:30.0468 4424 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:54:30.0484 4424 SQLWriter - ok
13:54:30.0500 4424 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:54:30.0500 4424 sr - ok
13:54:30.0562 4424 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:54:30.0562 4424 srservice - ok
13:54:30.0703 4424 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1308000.00E\SRTSP.SYS
13:54:30.0718 4424 SRTSP - ok
13:54:30.0734 4424 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1308000.00E\SRTSPX.SYS
13:54:30.0734 4424 SRTSPX - ok
13:54:30.0781 4424 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:54:30.0781 4424 Srv - ok
13:54:30.0812 4424 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:54:30.0812 4424 SSDPSRV - ok
13:54:30.0859 4424 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:54:30.0875 4424 stisvc - ok
13:54:30.0921 4424 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:54:30.0921 4424 stllssvr - ok
13:54:30.0968 4424 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:54:30.0968 4424 swenum - ok
13:54:30.0984 4424 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:54:31.0078 4424 swmidi - ok
13:54:31.0078 4424 SwPrv - ok
13:54:31.0093 4424 symc810 - ok
13:54:31.0093 4424 symc8xx - ok
13:54:31.0187 4424 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\NIS\1308000.00E\SYMDS.SYS
13:54:31.0234 4424 SymDS - ok
13:54:31.0296 4424 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\NIS\1308000.00E\SYMEFA.SYS
13:54:31.0328 4424 SymEFA - ok
13:54:31.0375 4424 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
13:54:31.0375 4424 SymEvent - ok
13:54:31.0437 4424 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\NIS\1308000.00E\Ironx86.SYS
13:54:31.0437 4424 SymIRON - ok
13:54:31.0468 4424 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1308000.00E\SYMTDI.SYS
13:54:31.0468 4424 SYMTDI - ok
13:54:31.0484 4424 sym_hi - ok
13:54:31.0484 4424 sym_u3 - ok
13:54:31.0500 4424 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:54:31.0515 4424 sysaudio - ok
13:54:31.0562 4424 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:54:31.0562 4424 SysmonLog - ok
13:54:31.0609 4424 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:54:31.0609 4424 TapiSrv - ok
13:54:31.0687 4424 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:54:31.0687 4424 Tcpip - ok
13:54:31.0734 4424 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:54:31.0734 4424 TDPIPE - ok
13:54:31.0750 4424 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:54:31.0750 4424 TDTCP - ok
13:54:31.0796 4424 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:54:31.0796 4424 TermDD - ok
13:54:31.0812 4424 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:54:31.0828 4424 TermService - ok
13:54:31.0843 4424 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:54:31.0843 4424 Themes - ok
13:54:31.0875 4424 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:54:31.0875 4424 TlntSvr - ok
13:54:31.0875 4424 TosIde - ok
13:54:31.0890 4424 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:54:31.0906 4424 TrkWks - ok
13:54:31.0968 4424 [ 3831D5499AD1E61217ABB88E93BB17DC ] UdfReadr C:\WINDOWS\system32\drivers\UdfReadr.sys
13:54:31.0968 4424 UdfReadr - ok
13:54:32.0000 4424 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:54:32.0015 4424 Udfs - ok
13:54:32.0031 4424 ultra - ok
13:54:32.0046 4424 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:54:32.0062 4424 Update - ok
13:54:32.0093 4424 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:54:32.0109 4424 upnphost - ok
13:54:32.0109 4424 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:54:32.0109 4424 UPS - ok
13:54:32.0156 4424 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:54:32.0156 4424 usbccgp - ok
13:54:32.0187 4424 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:54:32.0187 4424 usbehci - ok
13:54:32.0250 4424 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:54:32.0265 4424 usbhub - ok
13:54:32.0281 4424 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:54:32.0281 4424 usbohci - ok
13:54:32.0312 4424 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:54:32.0312 4424 usbprint - ok
13:54:32.0343 4424 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:54:32.0343 4424 usbscan - ok
13:54:32.0359 4424 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:54:32.0359 4424 USBSTOR - ok
13:54:32.0390 4424 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:54:32.0406 4424 VgaSave - ok
13:54:32.0406 4424 ViaIde - ok
13:54:32.0421 4424 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:54:32.0421 4424 VolSnap - ok
13:54:32.0468 4424 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:54:32.0468 4424 VSS - ok
13:54:32.0500 4424 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:54:32.0500 4424 W32Time - ok
13:54:32.0562 4424 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:54:32.0562 4424 Wanarp - ok
13:54:32.0578 4424 WDICA - ok
13:54:32.0593 4424 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:54:32.0593 4424 wdmaud - ok
13:54:32.0625 4424 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:54:32.0625 4424 WebClient - ok
13:54:32.0687 4424 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:54:32.0718 4424 winachsf - ok
13:54:32.0843 4424 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:54:32.0843 4424 winmgmt - ok
13:54:32.0890 4424 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:54:32.0890 4424 WmdmPmSN - ok
13:54:32.0953 4424 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:54:32.0968 4424 Wmi - ok
13:54:33.0031 4424 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:54:33.0031 4424 WmiApSrv - ok
13:54:33.0125 4424 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:54:33.0140 4424 WMPNetworkSvc - ok
13:54:33.0171 4424 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:54:33.0171 4424 WpdUsb - ok
13:54:33.0281 4424 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:54:33.0296 4424 WPFFontCache_v0400 - ok
13:54:33.0359 4424 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:54:33.0359 4424 wscsvc - ok
13:54:33.0375 4424 WSearch - ok
13:54:33.0390 4424 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:54:33.0390 4424 wuauserv - ok
13:54:33.0468 4424 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:54:33.0468 4424 WudfPf - ok
13:54:33.0500 4424 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:54:33.0500 4424 WudfRd - ok
13:54:33.0546 4424 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:54:33.0546 4424 WudfSvc - ok
13:54:33.0609 4424 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:54:33.0625 4424 WZCSVC - ok
13:54:33.0656 4424 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:54:33.0656 4424 xmlprov - ok
13:54:33.0671 4424 ================ Scan global ===============================
13:54:33.0718 4424 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:54:33.0781 4424 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:54:33.0796 4424 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:54:33.0812 4424 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:54:33.0812 4424 [Global] - ok
13:54:33.0812 4424 ================ Scan MBR ==================================
13:54:33.0843 4424 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:54:34.0062 4424 \Device\Harddisk0\DR0 - ok
13:54:34.0062 4424 ================ Scan VBR ==================================
13:54:34.0062 4424 [ D90268C54DB72264A11644D2BDF3833F ] \Device\Harddisk0\DR0\Partition1
13:54:34.0062 4424 \Device\Harddisk0\DR0\Partition1 - ok
13:54:34.0062 4424 ============================================================
13:54:34.0062 4424 Scan finished
13:54:34.0062 4424 ============================================================
13:54:34.0093 6056 Detected object count: 0
13:54:34.0093 6056 Actual detected object count: 0


aswMBR results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-26 13:57:24
-----------------------------
13:57:24.562 OS Version: Windows 5.1.2600 Service Pack 3
13:57:24.562 Number of processors: 2 586 0xF02
13:57:24.562 ComputerName: FRONTOFFICEPC UserName:
13:57:25.062 Initialize success
14:00:44.984 AVAST engine defs: 12092600
14:00:50.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
14:00:50.078 Disk 0 Vendor: WDC_WD1600AAJS-75M0A0 02.03E02 Size: 152587MB BusType: 3
14:00:50.109 Disk 0 MBR read successfully
14:00:50.109 Disk 0 MBR scan
14:00:50.125 Disk 0 Windows XP default MBR code
14:00:50.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152578 MB offset 63
14:00:50.125 Disk 0 scanning sectors +312480315
14:00:50.203 Disk 0 scanning C:\WINDOWS\system32\drivers
14:01:02.375 Service scanning
14:01:27.453 Modules scanning
14:01:36.328 Disk 0 trace - called modules:
14:01:36.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll atiide.sys PCIIDEX.SYS
14:01:36.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a764ab8]
14:01:36.343 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8a769d98]
14:01:36.781 AVAST engine scan C:\WINDOWS
14:01:41.234 AVAST engine scan C:\WINDOWS\system32
14:04:42.562 AVAST engine scan C:\WINDOWS\system32\drivers
14:05:03.718 AVAST engine scan C:\Documents and Settings\Clerical Asst III
14:27:06.312 AVAST engine scan C:\Documents and Settings\All Users
14:29:01.000 Scan finished successfully
14:32:58.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Clerical Asst III\Desktop\MBR.dat"
14:32:58.156 The log file has been saved successfully to "C:\Documents and Settings\Clerical Asst III\Desktop\aswMBR.txt"


ESET online scanner results:

C:\Documents and Settings\Clerical Asst III\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadadadedhdcdidgdjgddfdbdedidagf\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Documents and Settings\Clerical Asst III\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadadadedhdcdidgdjgddfdbdedidagf\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:51 PM

Posted 26 September 2012 - 03:23 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and scan should start running.After scan gets completed,post the generated log here.

#5 macobi

macobi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 27 September 2012 - 09:12 AM

malwarebytes results:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.26.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Clerical Asst III :: FRONTOFFICEPC [administrator]

9/27/2012 8:09:10 AM
mbam-log-2012-09-27 (08-09-10).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 298032
Time elapsed: 57 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


mini toolbox results:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Clerical Asst III (administrator) on 27-09-2012 at 07:55:52
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Could not flush the DNS Resolver Cache: Function failed during execution.




========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : frontofficepc

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-1A-A0-3C-16-1E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 208.180.42.68

208.180.42.100

Lease Obtained. . . . . . . . . . : Wednesday, September 26, 2012 10:48:23 PM

Lease Expires . . . . . . . . . . : Thursday, September 27, 2012 10:48:23 PM

Server: rdns01.suddenlink.net
Address: 208.180.42.68

Name: google.com
Addresses: 74.125.227.0, 74.125.227.1, 74.125.227.2, 74.125.227.3
74.125.227.4, 74.125.227.5, 74.125.227.6, 74.125.227.7, 74.125.227.8
74.125.227.9, 74.125.227.14



Pinging google.com [74.125.227.3] with 32 bytes of data:



Reply from 74.125.227.3: bytes=32 time=21ms TTL=51

Reply from 74.125.227.3: bytes=32 time=20ms TTL=51



Ping statistics for 74.125.227.3:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 20ms, Maximum = 21ms, Average = 20ms

Server: rdns01.suddenlink.net
Address: 208.180.42.68

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=80ms TTL=47

Reply from 98.138.253.109: bytes=32 time=79ms TTL=47



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 79ms, Maximum = 80ms, Average = 79ms

Server: rdns01.suddenlink.net
Address: 208.180.42.68

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a a0 3c 16 1e ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.4 192.168.0.4 20
192.168.0.4 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.4 192.168.0.4 20
224.0.0.0 240.0.0.0 192.168.0.4 192.168.0.4 20
255.255.255.255 255.255.255.255 192.168.0.4 192.168.0.4 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/26/2012 00:59:17 PM) (Source: WmiAdapter) (User: FRONTOFFICEPC)FRONTOFFICEPC
Description: Open of service failed.

Error: (09/26/2012 00:59:02 PM) (Source: WmiAdapter) (User: FRONTOFFICEPC)FRONTOFFICEPC
Description: Open of service failed.

Error: (09/26/2012 10:52:09 AM) (Source: WmiAdapter) (User: FRONTOFFICEPC)FRONTOFFICEPC
Description: Open of service failed.

Error: (09/26/2012 10:51:46 AM) (Source: WmiAdapter) (User: FRONTOFFICEPC)FRONTOFFICEPC
Description: Open of service failed.

Error: (09/26/2012 09:43:36 AM) (Source: WmiAdapter) (User: FRONTOFFICEPC)FRONTOFFICEPC
Description: Open of service failed.

Error: (09/26/2012 09:42:57 AM) (Source: WmiAdapter) (User: FRONTOFFICEPC)FRONTOFFICEPC
Description: Open of service failed.

Error: (09/26/2012 08:05:55 AM) (Source: WmiAdapter) (User: FRONTOFFICEPC)FRONTOFFICEPC
Description: Open of service failed.

Error: (09/26/2012 08:05:21 AM) (Source: WmiAdapter) (User: FRONTOFFICEPC)FRONTOFFICEPC
Description: Open of service failed.

Error: (09/25/2012 08:01:49 AM) (Source: WmiAdapter) (User: FRONTOFFICEPC)FRONTOFFICEPC
Description: Open of service failed.

Error: (09/25/2012 08:01:35 AM) (Source: WmiAdapter) (User: FRONTOFFICEPC)FRONTOFFICEPC
Description: Open of service failed.


System errors:
=============
Error: (09/26/2012 10:48:52 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer PageManager PDF Writer failed to initialize because a suitable PageManager PDF Writer driver could not be found.

Error: (09/26/2012 10:48:38 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (09/26/2012 09:41:08 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer PageManager PDF Writer failed to initialize because a suitable PageManager PDF Writer driver could not be found.

Error: (09/26/2012 08:03:39 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer PageManager PDF Writer failed to initialize because a suitable PageManager PDF Writer driver could not be found.

Error: (09/25/2012 07:59:58 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer PageManager PDF Writer failed to initialize because a suitable PageManager PDF Writer driver could not be found.

Error: (09/24/2012 11:57:51 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer PageManager PDF Writer failed to initialize because a suitable PageManager PDF Writer driver could not be found.

Error: (09/24/2012 09:55:39 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (09/24/2012 09:55:39 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/24/2012 09:55:39 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

Error: (09/24/2012 09:55:33 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).


Microsoft Office Sessions:
=========================
Error: (01/04/2012 10:30:25 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 691 seconds with 240 seconds of active time. This session ended with a crash.

Error: (01/04/2012 10:01:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 280 seconds with 180 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

2007 Microsoft Office system (Version: 12.0.6612.1000)
32 Bit HP CIO Components Installer (Version: 8.1.4)
Adaptec UDF Reader
Adobe Acrobat 8 Standard (Version: 8.1.0)
Adobe Acrobat 8.1.0 Standard (Version: 8.1.0)
Adobe AIR (Version: 2.7.0.19480)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Reader X (10.1.0) (Version: 10.1.0)
ATI - Software Uninstall Utility (Version: 6.14.10.1015)
ATI Catalyst Control Center (Version: 1.2.2735.37383)
ATI Display Driver (Version: 8.263.5.1-060607a-035983C-Dell)
Audacity 2.0
Bing Bar (Version: 7.1.391.0)
Broadcom 440x 10/100 Integrated Controller (Version: 8.06.07)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Conexant D850 56K V.9x DFVc Modem
Dell Driver Download Manager (Version: 3.0.0.0)
Dell Resource CD (Version: 1.00.0000)
DSmobile 600 (Version: 1.2.9)
DSmobileSCAN II (Version: 2.0.7)
ESET Online Scanner v3
File Type Assistant
Free Audio Converter version 5.0.14.627 (Version: 5.0.14.627)
Google Chrome (Version: 22.0.1229.79)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
GoToAssist Corporate (Version: 9.1.0.615)
HP LaserJet 2200 Uninstaller
InstallIQ Updater (Version: 1.4.3.0)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Accounting 2007 (Version: 2.0.7503.0)
Microsoft Office Accounting ADP Payroll Addin (Version: 0.0.0.0)
Microsoft Office Accounting Equifax Addin (Version: 2.0.7416.00)
Microsoft Office Accounting Fixed Asset Manager (Version: 2.0.7416.00)
Microsoft Office Accounting PayPal Addin (Version: 2.0.7416.00)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSXML 6.0 Parser (Version: 6.00.3883.8)
Norton Internet Security (Version: 19.8.0.14)
PowerDVD DX (Version: 8.2.5711)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio Update Manager (Version: 3.0.0)
Sonic Activation Module (Version: 1.0)
SoundMAX (Version: 5.10.01.4541)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Widevine Media Transformer Plugin 4.5.0 (Version: 4.5.0.4049)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 2045.9 MB
Available physical RAM: 888.44 MB
Total Pagefile: 3937.38 MB
Available Pagefile: 2615.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.32 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:149 GB) (Free:125.86 GB) NTFS

========================= Users: ========================================

User accounts for \\FRONTOFFICEPC

Administrator ASPNET Clerical Asst III
Guest HelpAssistant SUPPORT_388945a0

========================= Restore Points ==================================

02-07-2012 17:07:20 System Checkpoint
03-07-2012 17:08:15 System Checkpoint
09-07-2012 17:05:28 System Checkpoint
10-07-2012 17:13:16 System Checkpoint
11-07-2012 21:23:54 Software Distribution Service 3.0
13-07-2012 17:07:21 System Checkpoint
16-07-2012 17:08:25 System Checkpoint
18-07-2012 16:47:27 System Checkpoint
19-07-2012 17:06:04 System Checkpoint
20-07-2012 17:11:06 System Checkpoint
23-07-2012 13:54:21 System Checkpoint
24-07-2012 14:06:21 System Checkpoint
25-07-2012 15:06:11 System Checkpoint
26-07-2012 16:07:19 System Checkpoint
27-07-2012 17:22:40 System Checkpoint
30-07-2012 13:39:55 System Checkpoint
31-07-2012 15:34:33 System Checkpoint
01-08-2012 16:12:37 System Checkpoint
02-08-2012 17:07:57 System Checkpoint
03-08-2012 18:05:04 System Checkpoint
07-08-2012 17:07:16 System Checkpoint
08-08-2012 17:20:17 System Checkpoint
10-08-2012 17:13:52 System Checkpoint
13-08-2012 13:41:56 System Checkpoint
14-08-2012 14:18:11 System Checkpoint
15-08-2012 15:04:32 System Checkpoint
15-08-2012 21:28:02 Software Distribution Service 3.0
17-08-2012 17:14:33 System Checkpoint
20-08-2012 14:18:31 System Checkpoint
21-08-2012 15:08:49 System Checkpoint
22-08-2012 17:08:12 System Checkpoint
23-08-2012 13:42:32 Installed DSmobileSCAN II
23-08-2012 13:44:58 Installed DSmobile 600
24-08-2012 14:28:10 System Checkpoint
27-08-2012 14:49:27 System Checkpoint
28-08-2012 15:14:14 System Checkpoint
31-08-2012 17:15:16 System Checkpoint
04-09-2012 17:23:15 System Checkpoint
05-09-2012 17:56:32 System Checkpoint
06-09-2012 19:48:42 System Checkpoint
10-09-2012 17:16:35 System Checkpoint
11-09-2012 17:21:21 System Checkpoint
12-09-2012 17:22:33 System Checkpoint
12-09-2012 21:30:01 Software Distribution Service 3.0
14-09-2012 13:51:04 System Checkpoint
17-09-2012 18:18:45 System Checkpoint
18-09-2012 21:49:19 System Checkpoint
20-09-2012 16:07:48 System Checkpoint
21-09-2012 17:12:20 System Checkpoint
24-09-2012 14:52:55 Restore Operation
24-09-2012 14:56:59 Software Distribution Service 3.0
25-09-2012 17:11:14 System Checkpoint
26-09-2012 14:41:39 Restore Operation

**** End of log ****


FSS results:

Farbar Service Scanner Version: 19-09-2012
Ran by Clerical Asst III (administrator) on 27-09-2012 at 07:57:21
Running from "C:\Documents and Settings\Clerical Asst III\Local Settings\Temporary Internet Files\Content.IE5\QAR1AMS6"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****


adware cleaner results:

# AdwCleaner v2.003 - Logfile created 09/27/2012 at 07:58:21
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Clerical Asst III - FRONTOFFICEPC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Clerical Asst III\Local Settings\Temporary Internet Files\Content.IE5\P6YL4KHR\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Yontoo Layers Runtime

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Clerical Asst III\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4106 octets] - [27/09/2012 07:58:21]

########## EOF - C:\AdwCleaner[S1].txt - [4166 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:51 PM

Posted 27 September 2012 - 09:17 AM

Junkware log?

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 macobi

macobi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 27 September 2012 - 09:33 AM

I'm having problems running junkware log. I have norton internet security, It must be blocking the download. What can I do?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:51 PM

Posted 27 September 2012 - 09:34 AM

Disable norton and run it

#9 macobi

macobi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 27 September 2012 - 10:49 AM

junkware log:

Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.1 (09.27.2012)
OS: Microsoft Windows XP x86
Ran by Clerical Asst III on Thu 09/27/2012 at 10:43:23.50
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}



*** Files: 0 Detections



*** Folders: 0 Detections



*** Ask Toolbar: - Remnants removed






*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Thu 09/27/2012 at 10:43:39.03
End of Report


Autoruns:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acrobat Assistant 8.0" "AcroTray" "Adobe Systems Inc." "c:\program files\adobe\acrobat 8.0\acrobat\acrotray.exe"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "ATICCC" "" "" "c:\program files\ati technologies\ati.ace\clistart.exe"
+ "ISUSPM Startup" "InstallShield Update Service Update Manager" "InstallShield Software Corporation" "c:\program files\common files\installshield\updateservice\isuspm.exe"
+ "ISUSScheduler" "InstallShield Update Service Scheduler" "InstallShield Software Corporation" "c:\program files\common files\installshield\updateservice\issch.exe"
+ "PDVDDXSrv" "CyberLink PowerDVD Resident Program" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe"
+ "RoxioDragToDisc" "Drag To Disc Application" "Roxio" "c:\program files\roxio\drag-to-disc\drgtodsc.exe"
+ "SoundMAXPnP" "SMax4PNP" "Analog Devices, Inc." "c:\program files\analog devices\core\smax4pnp.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Windows Search.lnk" "Windows Search System Tray" "Microsoft Corporation" "c:\program files\windows desktop search\windowssearch.exe"
"C:\Documents and Settings\Clerical Asst III\Start Menu\Programs\Startup" "" "" ""
+ "DSmobileSCAN II.lnk" "DSmobileSCAN II" "Brother International" "c:\program files\brother\dsmobilescan ii\dsmobilescan.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe" "Microsoft® InfoTech CC Local DLL" "Microsoft Corporation" "c:\documents and settings\clerical asst iii\local settings\application data\amazon\adobe\unnmtr.dll"
+ "InstallIQUpdater" "InstallIQ Updater" "W3i, LLC" "c:\program files\w3i\installiqupdater\installiqupdater.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Windows Desktop Search Namespace Manager" "Windows Search Namespace Manager" "Microsoft Corporation" "c:\program files\windows desktop search\msnlnamespacemgr.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 8.0\acrobat elements\contextmenu.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "Roxio DragToDisc Shell Extension" "DirectCD Shell Extention DLL" "Roxio" "c:\program files\roxio\drag-to-disc\shellex.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Roxio DragToDisc Shell Extension" "DirectCD Shell Extention DLL" "Roxio" "c:\program files\roxio\drag-to-disc\shellex.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 8.0\acrobat elements\contextmenu.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\7.1.391.0\bingext.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll"
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\7.1.391.0\bingext.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "ATI Smart" "ATI Smart" "" "c:\windows\system32\ati2sgag.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files\microsoft\bingbar\7.1.391.0\bbsvc.exe"
+ "BBUpdate" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation." "c:\program files\microsoft\bingbar\7.1.391.0\seaport.exe"
+ "BcmSqlStartupSvc" "Controls the start of the Business Contact Manager SQL Server instance (MSSMLBIZ)." "Microsoft Corporation" "c:\program files\microsoft small business\business contact manager\bcmsqlstartupsvc.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "GoToAssist" "Citrix GoToAssist provides remote help to this PC." "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotoassist\615\g2aservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jqs.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "MSSQL$MSSMLBIZ" "Provides storage, processing and controlled access of data and rapid transaction processing." "Microsoft Corporation" "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "SQLBrowser" "Provides SQL Server connection information to client computers." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe"
+ "SQLWriter" "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ADIHdAudAddService" "High Definition Audio Function Driver" "Analog Devices, Inc." "c:\windows\system32\drivers\adihdaud.sys"
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
+ "ATICDSDr" "" "" "File not found: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ATICDSDr.sys"
+ "atiide" "ATI SATA(IDE Mode) Controller Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atiide.sys"
+ "bcm4sbxp" "Broadcom Corporation NDIS 5.1 ethernet driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcm4sbxp.sys"
+ "cercsr6" "DELL CERC SATA1.5/6ch Miniport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\cercsr6.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "DellBIOS" "" "" "File not found: C:\DOCUME~1\CLERIC~1\LOCALS~1\Temp\DellBIOS.Sys"
+ "DLABMFSM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dlabmfsm.sys"
+ "DLABOIOM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dlaboiom.sys"
+ "DLACDBHM" "Shared Driver Component" "Roxio" "c:\windows\system32\drivers\dlacdbhm.sys"
+ "DLADResM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dladresm.sys"
+ "DLAIFS_M" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dlaifs_m.sys"
+ "DLAOPIOM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dlaopiom.sys"
+ "DLAPoolM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dlapoolm.sys"
+ "DLARTL_M" "Shared Driver Component" "Roxio" "c:\windows\system32\drivers\dlartl_m.sys"
+ "DLAUDF_M" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dlaudf_m.sys"
+ "DLAUDFAM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dlaudfam.sys"
+ "DM150Drv" "DM150Drv Driver" "Pitney Bowes" "c:\windows\system32\drivers\dm150drv.sys"
+ "DRVMCDB" "Device Driver" "Sonic Solutions" "c:\windows\system32\drivers\drvmcdb.sys"
+ "DRVNDDM" "Device Driver Manager" "Roxio" "c:\windows\system32\drivers\drvnddm.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HSF_DP" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dp.sys"
+ "HSFHWBS2" "HSF_HWB2 WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwbs2.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "mdmxsdk" "Diagnostic Interface DRIVER" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SenFiltService" "Sensaura WDM 3D Audio Driver" "Sensaura" "c:\windows\system32\drivers\senfilt.sys"
+ "UdfReadr" "CD-UDF NT Filesystem Reader Driver" "Roxio" "c:\windows\system32\drivers\udfreadr.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "NewSoft Audio Encoder Filter" "Auido Encoder Filter" "NewSoft " "c:\program files\common files\newsoft\nsm2aenc.ax"
+ "NewSoft DeInterlace" "" "Newsoft" "c:\program files\common files\newsoft\nsdeinterlace.ax"
+ "NewSoft MPEG Video Decoder Filter" "NewSoft MPEG Video Decoder Filter" "NewSoft Corporation" "c:\program files\common files\newsoft\nsm2vdec.ax"
+ "NewSoft MPEG Video Encoder Filter" "MPEG Video Encoder Filter" "NewSoft " "c:\program files\common files\newsoft\nsm2venc.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "GoToAssist" "Citrix Online GoToAssist Corporate" "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotoassist\615\g2awinlogon.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port" "Acrobat ® PDF Port" "Adobe Systems Incorporated." "c:\windows\system32\adobepdf.dll"
+ "CPCA Language Monitor2" "CANON CP Language Monitor" "CANON INC." "c:\windows\system32\aucplmnt.dll"
+ "HP Master Monitor" "Win32 Master Monitor" "Hewlett-Packard" "c:\windows\system32\hpbmmon.dll"
+ "HP Standard TCP/IP Port" "Standard TCP/IP Port Monitor DLL" "Hewlett Packard" "c:\windows\system32\hptcpmon.dll"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:51 PM

Posted 27 September 2012 - 11:06 AM

RKILL log?

Launch Autoruns and uncheck this entry

"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe" "Microsoft® InfoTech CC Local DLL" "Microsoft Corporation" "c:\documents and settings\clerical asst iii\local settings\application data\amazon\adobe\unnmtr.dll"

Restart the PC and delete this file

c:\documents and settings\clerical asst iii\local settings\application data\amazon\adobe\unnmtr.dll

Let me know if you have any issues

#11 macobi

macobi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 27 September 2012 - 11:14 AM

RKILL won't download. An error message says the programs cannot download because it does not have a valid digital signal that verifies its publisher.

#12 macobi

macobi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 27 September 2012 - 11:26 AM

I unchecked the file in Autoruns.

I restarted the PC and deleted the "c:\documents and settings\clerical asst iii\local settings\application data\amazon\adobe\unnmtr.dll" file.

Still can't run RKILL.

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:51 PM

Posted 27 September 2012 - 12:53 PM

Try to run it in safemode

What happens when you launch it?

#14 macobi

macobi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 27 September 2012 - 01:06 PM

While it's downloading a box appears saying

"Windows has found a problem with this file.

Name: rkill.exe
Publisher: Unknown Publisher.

This file was locked because it does not have a valid digital signature that verifies its publisher.

I'll try to launch it in safe mode. And let you know what happens.

#15 macobi

macobi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 27 September 2012 - 01:12 PM

rkill results:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/27/2012 01:10:34 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* DNS Client (Dnscache) is not Running.
Startup Type set to: Disabled

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\mqac.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 00:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 01:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 01:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 09/27/2012 01:11:35 PM
Execution time: 0 hours(s), 1 minute(s), and 0 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users