Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer acting strangely


  • This topic is locked This topic is locked
29 replies to this topic

#1 tide_belle

tide_belle

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:08:07 PM

Posted 09 October 2012 - 07:34 AM

I am running Windows XP HE 2002 Sp 3 on a Dell B110. Using Firefox as browser, using MBAM, SuperAntiSpyware, and Microsoft Security Essentials.

Using the computer this weekend, we noticed that sites looked differently than when they were previously viewed. Computer is giving the red shield with an X in it that says the computer is not protected, even though Microsoft Security Essentials is running. Ran MBAM in Safe mode and it found nothing. Ran SAS yesterday and this morning in regular mode and it found threats; trojans, fake svchost, HKCR.exe, etc. a total of 4 threats for both days. Internet is still acting erratically as certain pages keep reloading. Please advise, thank you!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:07 PM

Posted 09 October 2012 - 07:36 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:08:07 PM

Posted 09 October 2012 - 08:03 AM

For ESET should I allow it to fix threats?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:07 PM

Posted 09 October 2012 - 08:04 AM

yes

#5 Dolby

Dolby

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 09 October 2012 - 08:40 AM

...after you get it cleaned up, another thing that can make your MSE shield show red (not protected) is if you are cleaning the logs. If you use CCleaner there are 2 boxes you should leave unchecked in the "applications" panel,
Microsoft Security Client
Microsoft Anti-Malware
or any other 3rd party disk cleaner (look for something in the settings that looks like that", because if you clean those logs, Windows reports that you haven't run a scan in awhile, in which if that be the case of the red, all you should have to do to get it green again is run a MSE scan, (short or long). Windows "Disk Cleanup" shouldn't affect those logs if that's all you use...

#6 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:08:07 PM

Posted 09 October 2012 - 03:06 PM

TDSSKiller
07:43:29.0203 1592 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
07:43:29.0781 1592 ============================================================
07:43:29.0781 1592 Current date / time: 2012/10/09 07:43:29.0781
07:43:29.0781 1592 SystemInfo:
07:43:29.0781 1592
07:43:29.0781 1592 OS Version: 5.1.2600 ServicePack: 3.0
07:43:29.0781 1592 Product type: Workstation
07:43:29.0781 1592 ComputerName: D7C1CCB1
07:43:29.0781 1592 UserName: Jodi
07:43:29.0781 1592 Windows directory: C:\WINDOWS
07:43:29.0781 1592 System windows directory: C:\WINDOWS
07:43:29.0781 1592 Processor architecture: Intel x86
07:43:29.0781 1592 Number of processors: 1
07:43:29.0781 1592 Page size: 0x1000
07:43:29.0781 1592 Boot type: Normal boot
07:43:29.0781 1592 ============================================================
07:43:34.0093 1592 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:43:34.0156 1592 ============================================================
07:43:34.0156 1592 \Device\Harddisk0\DR0:
07:43:34.0156 1592 MBR partitions:
07:43:34.0156 1592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x69682E0
07:43:34.0156 1592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x697BCA5, BlocksNum 0x2536D3D
07:43:34.0156 1592 ============================================================
07:43:34.0250 1592 C: <-> \Device\Harddisk0\DR0\Partition1
07:43:34.0296 1592 D: <-> \Device\Harddisk0\DR0\Partition2
07:43:34.0296 1592 ============================================================
07:43:34.0296 1592 Initialize success
07:43:34.0296 1592 ============================================================
07:44:14.0265 2756 ============================================================
07:44:14.0265 2756 Scan started
07:44:14.0265 2756 Mode: Manual; TDLFS;
07:44:14.0265 2756 ============================================================
07:44:14.0531 2756 ================ Scan system memory ========================
07:44:14.0531 2756 System memory - ok
07:44:14.0531 2756 ================ Scan services =============================
07:44:14.0734 2756 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
07:44:14.0765 2756 !SASCORE - ok
07:44:15.0265 2756 Abiosdsk - ok
07:44:15.0328 2756 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:44:15.0343 2756 abp480n5 - ok
07:44:15.0453 2756 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:44:15.0515 2756 ACPI - ok
07:44:15.0578 2756 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
07:44:15.0593 2756 ACPIEC - ok
07:44:15.0781 2756 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:44:15.0781 2756 AdobeFlashPlayerUpdateSvc - ok
07:44:15.0937 2756 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:44:16.0000 2756 adpu160m - ok
07:44:16.0109 2756 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:44:16.0156 2756 aec - ok
07:44:16.0296 2756 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:44:16.0328 2756 AFD - ok
07:44:16.0390 2756 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
07:44:16.0437 2756 agp440 - ok
07:44:16.0468 2756 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:44:16.0484 2756 agpCPQ - ok
07:44:16.0531 2756 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:44:16.0546 2756 Aha154x - ok
07:44:16.0593 2756 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:44:16.0609 2756 aic78u2 - ok
07:44:16.0640 2756 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:44:16.0671 2756 aic78xx - ok
07:44:16.0734 2756 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:44:16.0734 2756 Alerter - ok
07:44:16.0796 2756 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
07:44:16.0812 2756 ALG - ok
07:44:16.0875 2756 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
07:44:16.0906 2756 AliIde - ok
07:44:16.0937 2756 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:44:16.0953 2756 alim1541 - ok
07:44:17.0015 2756 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:44:17.0031 2756 amdagp - ok
07:44:17.0046 2756 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
07:44:17.0062 2756 amsint - ok
07:44:17.0265 2756 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:44:17.0265 2756 Apple Mobile Device - ok
07:44:17.0328 2756 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
07:44:17.0343 2756 asc - ok
07:44:17.0375 2756 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:44:17.0375 2756 asc3350p - ok
07:44:17.0406 2756 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:44:17.0406 2756 asc3550 - ok
07:44:17.0625 2756 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:44:17.0796 2756 aspnet_state - ok
07:44:17.0859 2756 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:44:17.0890 2756 AsyncMac - ok
07:44:17.0984 2756 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:44:18.0000 2756 atapi - ok
07:44:18.0015 2756 Atdisk - ok
07:44:18.0093 2756 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:44:18.0156 2756 Atmarpc - ok
07:44:18.0218 2756 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:44:18.0234 2756 AudioSrv - ok
07:44:18.0328 2756 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:44:18.0328 2756 audstub - ok
07:44:18.0421 2756 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:44:18.0421 2756 Beep - ok
07:44:18.0625 2756 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
07:44:18.0750 2756 BITS - ok
07:44:19.0031 2756 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:44:19.0156 2756 Bonjour Service - ok
07:44:19.0281 2756 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
07:44:19.0281 2756 Browser - ok
07:44:19.0296 2756 bvrp_pci - ok
07:44:19.0625 2756 catchme - ok
07:44:19.0671 2756 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:44:19.0687 2756 cbidf - ok
07:44:19.0718 2756 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:44:19.0718 2756 cbidf2k - ok
07:44:19.0750 2756 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:44:19.0765 2756 cd20xrnt - ok
07:44:19.0828 2756 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:44:19.0843 2756 Cdaudio - ok
07:44:19.0921 2756 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:44:19.0953 2756 Cdfs - ok
07:44:19.0984 2756 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:44:20.0015 2756 Cdrom - ok
07:44:20.0031 2756 Changer - ok
07:44:20.0093 2756 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:44:20.0093 2756 CiSvc - ok
07:44:20.0171 2756 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:44:20.0187 2756 ClipSrv - ok
07:44:20.0328 2756 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:44:20.0765 2756 clr_optimization_v2.0.50727_32 - ok
07:44:20.0828 2756 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:44:20.0828 2756 CmdIde - ok
07:44:20.0843 2756 COMSysApp - ok
07:44:20.0921 2756 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:44:20.0921 2756 Cpqarray - ok
07:44:21.0015 2756 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
07:44:21.0125 2756 cpudrv - ok
07:44:21.0203 2756 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:44:21.0218 2756 CryptSvc - ok
07:44:21.0359 2756 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:44:21.0484 2756 dac2w2k - ok
07:44:21.0531 2756 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:44:21.0546 2756 dac960nt - ok
07:44:21.0734 2756 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:44:21.0968 2756 DcomLaunch - ok
07:44:22.0078 2756 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:44:22.0125 2756 Dhcp - ok
07:44:22.0203 2756 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:44:22.0218 2756 Disk - ok
07:44:22.0328 2756 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
07:44:22.0359 2756 DLABOIOM - ok
07:44:22.0437 2756 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
07:44:22.0453 2756 DLACDBHM - ok
07:44:22.0546 2756 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
07:44:22.0562 2756 DLADResN - ok
07:44:22.0609 2756 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
07:44:22.0718 2756 DLAIFS_M - ok
07:44:22.0750 2756 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
07:44:22.0812 2756 DLAOPIOM - ok
07:44:22.0843 2756 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
07:44:22.0906 2756 DLAPoolM - ok
07:44:22.0953 2756 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
07:44:23.0015 2756 DLARTL_N - ok
07:44:23.0062 2756 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
07:44:23.0171 2756 DLAUDFAM - ok
07:44:23.0203 2756 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
07:44:23.0312 2756 DLAUDF_M - ok
07:44:23.0312 2756 dmadmin - ok
07:44:23.0625 2756 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:44:23.0906 2756 dmboot - ok
07:44:24.0000 2756 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:44:24.0062 2756 dmio - ok
07:44:24.0109 2756 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:44:24.0125 2756 dmload - ok
07:44:24.0171 2756 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
07:44:24.0187 2756 dmserver - ok
07:44:24.0234 2756 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:44:24.0265 2756 DMusic - ok
07:44:24.0328 2756 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:44:24.0328 2756 Dnscache - ok
07:44:24.0437 2756 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:44:24.0500 2756 Dot3svc - ok
07:44:24.0531 2756 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:44:24.0531 2756 dpti2o - ok
07:44:24.0578 2756 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:44:24.0593 2756 drmkaud - ok
07:44:24.0640 2756 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
07:44:24.0687 2756 DRVMCDB - ok
07:44:24.0781 2756 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
07:44:26.0921 2756 DRVNDDM - ok
07:44:27.0015 2756 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
07:44:27.0046 2756 DSBrokerService - ok
07:44:27.0140 2756 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
07:44:27.0234 2756 DSproct - ok
07:44:27.0328 2756 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
07:44:27.0328 2756 dsunidrv - ok
07:44:27.0453 2756 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:44:27.0515 2756 E100B - ok
07:44:27.0578 2756 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:44:27.0593 2756 EapHost - ok
07:44:27.0656 2756 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:44:27.0671 2756 ERSvc - ok
07:44:27.0765 2756 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
07:44:27.0812 2756 Eventlog - ok
07:44:27.0953 2756 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
07:44:28.0015 2756 EventSystem - ok
07:44:28.0125 2756 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:44:28.0171 2756 Fastfat - ok
07:44:28.0281 2756 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:44:28.0312 2756 FastUserSwitchingCompatibility - ok
07:44:28.0468 2756 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
07:44:28.0546 2756 Fax - ok
07:44:28.0609 2756 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
07:44:28.0625 2756 Fdc - ok
07:44:28.0687 2756 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:44:28.0703 2756 Fips - ok
07:44:28.0765 2756 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:44:28.0765 2756 Flpydisk - ok
07:44:28.0875 2756 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
07:44:28.0906 2756 FltMgr - ok
07:44:29.0031 2756 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:44:29.0062 2756 FontCache3.0.0.0 - ok
07:44:29.0140 2756 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
07:44:29.0156 2756 fssfltr - ok
07:44:29.0562 2756 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
07:44:29.0796 2756 fsssvc - ok
07:44:29.0843 2756 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:44:29.0859 2756 Fs_Rec - ok
07:44:29.0968 2756 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:44:30.0015 2756 Ftdisk - ok
07:44:30.0109 2756 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
07:44:30.0125 2756 GEARAspiWDM - ok
07:44:30.0265 2756 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:44:30.0281 2756 Gpc - ok
07:44:30.0468 2756 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:44:30.0515 2756 gupdate - ok
07:44:30.0562 2756 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:44:30.0562 2756 gupdatem - ok
07:44:30.0703 2756 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:44:30.0718 2756 helpsvc - ok
07:44:30.0734 2756 HidServ - ok
07:44:30.0812 2756 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:44:30.0812 2756 HidUsb - ok
07:44:30.0968 2756 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:44:30.0984 2756 hkmsvc - ok
07:44:31.0031 2756 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
07:44:31.0046 2756 hpn - ok
07:44:31.0171 2756 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
07:44:31.0250 2756 HSFHWBS2 - ok
07:44:31.0593 2756 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
07:44:31.0968 2756 HSF_DP - ok
07:44:32.0109 2756 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:44:32.0187 2756 HTTP - ok
07:44:32.0234 2756 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:44:32.0250 2756 HTTPFilter - ok
07:44:32.0312 2756 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
07:44:32.0328 2756 i2omgmt - ok
07:44:32.0375 2756 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:44:32.0390 2756 i2omp - ok
07:44:32.0421 2756 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:44:32.0437 2756 i8042prt - ok
07:44:32.0937 2756 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:44:33.0437 2756 ialm - ok
07:44:33.0812 2756 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:44:34.0093 2756 idsvc - ok
07:44:34.0171 2756 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:44:34.0203 2756 Imapi - ok
07:44:34.0328 2756 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
07:44:34.0375 2756 ImapiService - ok
07:44:34.0437 2756 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:44:34.0437 2756 ini910u - ok
07:44:34.0500 2756 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
07:44:34.0500 2756 IntelIde - ok
07:44:34.0578 2756 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:44:34.0593 2756 intelppm - ok
07:44:34.0671 2756 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
07:44:34.0718 2756 Ip6Fw - ok
07:44:34.0781 2756 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:44:34.0796 2756 IpFilterDriver - ok
07:44:34.0843 2756 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:44:34.0859 2756 IpInIp - ok
07:44:34.0953 2756 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:44:35.0000 2756 IpNat - ok
07:44:35.0343 2756 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:44:35.0625 2756 iPod Service - ok
07:44:35.0687 2756 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:44:35.0703 2756 IPSec - ok
07:44:35.0781 2756 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:44:35.0828 2756 IRENUM - ok
07:44:35.0906 2756 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:44:35.0921 2756 isapnp - ok
07:44:36.0265 2756 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
07:44:36.0312 2756 JavaQuickStarterService - ok
07:44:36.0390 2756 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:44:36.0406 2756 Kbdclass - ok
07:44:36.0484 2756 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:44:36.0500 2756 kbdhid - ok
07:44:36.0625 2756 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:44:36.0703 2756 kmixer - ok
07:44:36.0796 2756 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:44:36.0812 2756 KSecDD - ok
07:44:36.0906 2756 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
07:44:36.0921 2756 lanmanserver - ok
07:44:37.0031 2756 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:44:37.0062 2756 lanmanworkstation - ok
07:44:37.0109 2756 Lavasoft Kernexplorer - ok
07:44:37.0109 2756 Lbd - ok
07:44:37.0125 2756 lbrtfdc - ok
07:44:39.0578 2756 [ 4CCC8AABE7880C56BA10043B8FBCA3EB ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
07:44:42.0015 2756 LeapFrog Connect Device Service - ok
07:44:42.0125 2756 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:44:42.0125 2756 LmHosts - ok
07:44:42.0328 2756 [ AB694FA24E02246F9DDCDD729D6B9278 ] lxdnCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
07:44:42.0359 2756 lxdnCATSCustConnectService - ok
07:44:42.0375 2756 lxdn_device - ok
07:44:42.0406 2756 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:44:42.0406 2756 mdmxsdk - ok
07:44:42.0468 2756 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:44:42.0484 2756 Messenger - ok
07:44:42.0515 2756 mferkdk - ok
07:44:42.0562 2756 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:44:42.0562 2756 mnmdd - ok
07:44:42.0640 2756 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:44:42.0656 2756 mnmsrvc - ok
07:44:42.0718 2756 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:44:42.0718 2756 Modem - ok
07:44:42.0750 2756 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
07:44:42.0750 2756 MODEMCSA - ok
07:44:42.0828 2756 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:44:42.0843 2756 Mouclass - ok
07:44:42.0937 2756 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:44:42.0937 2756 mouhid - ok
07:44:42.0984 2756 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:44:43.0000 2756 MountMgr - ok
07:44:43.0109 2756 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:44:43.0140 2756 MozillaMaintenance - ok
07:44:43.0265 2756 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
07:44:43.0437 2756 MpFilter - ok
07:44:43.0671 2756 [ A69630D039C38018689190234F866D77 ] MpKsl1b483347 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36D294A1-4F35-4ACE-8AFA-31B633F58EBE}\MpKsl1b483347.sys
07:44:43.0671 2756 MpKsl1b483347 - ok
07:44:43.0703 2756 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:44:43.0703 2756 mraid35x - ok
07:44:43.0812 2756 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:44:43.0875 2756 MRxDAV - ok
07:44:44.0031 2756 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:44:44.0156 2756 MRxSmb - ok
07:44:44.0218 2756 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:44:44.0218 2756 MSDTC - ok
07:44:44.0296 2756 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:44:44.0296 2756 Msfs - ok
07:44:44.0312 2756 MSIServer - ok
07:44:44.0343 2756 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:44:44.0343 2756 MSKSSRV - ok
07:44:44.0484 2756 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:44:44.0484 2756 MsMpSvc - ok
07:44:44.0531 2756 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:44:44.0531 2756 MSPCLOCK - ok
07:44:44.0546 2756 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:44:44.0562 2756 MSPQM - ok
07:44:44.0625 2756 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:44:44.0625 2756 mssmbios - ok
07:44:44.0718 2756 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:44:44.0734 2756 Mup - ok
07:44:44.0890 2756 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:44:44.0984 2756 napagent - ok
07:44:45.0093 2756 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:44:45.0156 2756 NDIS - ok
07:44:45.0218 2756 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:44:45.0218 2756 NdisTapi - ok
07:44:45.0296 2756 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:44:45.0312 2756 Ndisuio - ok
07:44:45.0421 2756 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:44:45.0453 2756 NdisWan - ok
07:44:45.0531 2756 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:44:45.0531 2756 NDProxy - ok
07:44:45.0562 2756 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:44:45.0578 2756 NetBIOS - ok
07:44:45.0703 2756 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:44:45.0750 2756 NetBT - ok
07:44:45.0843 2756 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
07:44:45.0875 2756 NetDDE - ok
07:44:45.0921 2756 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:44:45.0921 2756 NetDDEdsdm - ok
07:44:46.0000 2756 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:44:46.0000 2756 Netlogon - ok
07:44:46.0140 2756 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
07:44:46.0218 2756 Netman - ok
07:44:46.0421 2756 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
07:44:46.0578 2756 NetSvc - ok
07:44:46.0671 2756 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:44:46.0703 2756 NetTcpPortSharing - ok
07:44:46.0828 2756 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
07:44:46.0906 2756 Nla - ok
07:44:46.0984 2756 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:44:47.0000 2756 Npfs - ok
07:44:47.0250 2756 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:44:47.0453 2756 Ntfs - ok
07:44:47.0531 2756 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:44:47.0531 2756 NtLmSsp - ok
07:44:47.0734 2756 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:44:47.0875 2756 NtmsSvc - ok
07:44:47.0921 2756 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
07:44:47.0921 2756 Null - ok
07:44:48.0578 2756 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:44:49.0359 2756 nv - ok
07:44:49.0546 2756 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:44:49.0562 2756 NwlnkFlt - ok
07:44:49.0593 2756 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:44:49.0609 2756 NwlnkFwd - ok
07:44:49.0734 2756 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:44:49.0765 2756 ose - ok
07:44:49.0859 2756 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
07:44:49.0890 2756 Parport - ok
07:44:49.0968 2756 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:44:49.0968 2756 PartMgr - ok
07:44:50.0031 2756 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:44:50.0046 2756 ParVdm - ok
07:44:50.0125 2756 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:44:50.0156 2756 PCI - ok
07:44:50.0156 2756 PCIDump - ok
07:44:50.0234 2756 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:44:50.0234 2756 PCIIde - ok
07:44:50.0343 2756 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:44:50.0406 2756 Pcmcia - ok
07:44:50.0421 2756 PDCOMP - ok
07:44:50.0421 2756 PDFRAME - ok
07:44:50.0437 2756 PDRELI - ok
07:44:50.0453 2756 PDRFRAME - ok
07:44:50.0515 2756 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
07:44:50.0515 2756 perc2 - ok
07:44:50.0546 2756 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:44:50.0546 2756 perc2hib - ok
07:44:50.0656 2756 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
07:44:50.0656 2756 PlugPlay - ok
07:44:50.0687 2756 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:44:50.0687 2756 PolicyAgent - ok
07:44:50.0765 2756 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:44:50.0781 2756 PptpMiniport - ok
07:44:50.0796 2756 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:44:50.0796 2756 ProtectedStorage - ok
07:44:50.0890 2756 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:44:50.0906 2756 PSched - ok
07:44:50.0953 2756 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:44:50.0953 2756 Ptilink - ok
07:44:51.0078 2756 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:44:51.0078 2756 PxHelp20 - ok
07:44:51.0171 2756 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:44:51.0203 2756 ql1080 - ok
07:44:51.0343 2756 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:44:51.0500 2756 Ql10wnt - ok
07:44:51.0609 2756 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:44:51.0671 2756 ql12160 - ok
07:44:51.0718 2756 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:44:51.0765 2756 ql1240 - ok
07:44:51.0953 2756 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:44:52.0062 2756 ql1280 - ok
07:44:52.0125 2756 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:44:52.0125 2756 RasAcd - ok
07:44:52.0218 2756 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:44:52.0265 2756 RasAuto - ok
07:44:52.0343 2756 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:44:52.0359 2756 Rasl2tp - ok
07:44:52.0500 2756 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:44:52.0562 2756 RasMan - ok
07:44:52.0656 2756 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:44:52.0671 2756 RasPppoe - ok
07:44:52.0703 2756 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:44:52.0703 2756 Raspti - ok
07:44:52.0781 2756 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:44:52.0828 2756 Rdbss - ok
07:44:52.0859 2756 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:44:52.0859 2756 RDPCDD - ok
07:44:52.0984 2756 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:44:53.0046 2756 rdpdr - ok
07:44:53.0156 2756 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:44:53.0171 2756 RDPWD - ok
07:44:53.0296 2756 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:44:53.0343 2756 RDSessMgr - ok
07:44:53.0406 2756 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:44:53.0421 2756 redbook - ok
07:44:53.0500 2756 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:44:53.0515 2756 RemoteAccess - ok
07:44:53.0625 2756 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
07:44:53.0656 2756 RpcLocator - ok
07:44:53.0828 2756 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
07:44:53.0828 2756 RpcSs - ok
07:44:53.0937 2756 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:44:53.0984 2756 RSVP - ok
07:44:54.0031 2756 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
07:44:54.0031 2756 SamSs - ok
07:44:54.0156 2756 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:44:54.0171 2756 SASDIFSV - ok
07:44:54.0218 2756 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
07:44:54.0218 2756 SASENUM - ok
07:44:54.0312 2756 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
07:44:54.0343 2756 SASKUTIL - ok
07:44:54.0359 2756 SBRE - ok
07:44:54.0437 2756 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:44:54.0468 2756 SCardSvr - ok
07:44:54.0593 2756 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:44:54.0656 2756 Schedule - ok
07:44:54.0734 2756 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:44:54.0750 2756 Secdrv - ok
07:44:54.0812 2756 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:44:54.0828 2756 seclogon - ok
07:44:55.0125 2756 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
07:44:55.0375 2756 senfilt - ok
07:44:55.0453 2756 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
07:44:55.0468 2756 SENS - ok
07:44:55.0531 2756 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
07:44:55.0546 2756 serenum - ok
07:44:55.0578 2756 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
07:44:55.0625 2756 Serial - ok
07:44:55.0640 2756 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:44:55.0640 2756 Sfloppy - ok
07:44:55.0812 2756 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:44:55.0921 2756 SharedAccess - ok
07:44:55.0984 2756 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:44:55.0984 2756 ShellHWDetection - ok
07:44:56.0000 2756 Simbad - ok
07:44:56.0062 2756 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:44:56.0109 2756 sisagp - ok
07:44:56.0265 2756 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
07:44:56.0359 2756 smwdm - ok
07:44:56.0406 2756 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:44:56.0406 2756 Sparrow - ok
07:44:56.0468 2756 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:44:56.0468 2756 splitter - ok
07:44:56.0562 2756 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:44:56.0578 2756 Spooler - ok
07:44:56.0640 2756 sprtsvc_dellsupportcenter - ok
07:44:56.0687 2756 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:44:56.0718 2756 sr - ok
07:44:56.0828 2756 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
07:44:56.0890 2756 srservice - ok
07:44:57.0062 2756 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:44:57.0156 2756 Srv - ok
07:44:57.0250 2756 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:44:57.0281 2756 SSDPSRV - ok
07:44:57.0468 2756 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:44:57.0578 2756 stisvc - ok
07:44:57.0656 2756 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:44:57.0656 2756 swenum - ok
07:44:57.0687 2756 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:44:57.0718 2756 swmidi - ok
07:44:57.0734 2756 SwPrv - ok
07:44:57.0781 2756 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
07:44:57.0796 2756 symc810 - ok
07:44:57.0828 2756 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:44:57.0828 2756 symc8xx - ok
07:44:57.0843 2756 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:44:57.0859 2756 sym_hi - ok
07:44:57.0890 2756 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:44:57.0890 2756 sym_u3 - ok
07:44:57.0984 2756 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:44:58.0000 2756 sysaudio - ok
07:44:58.0093 2756 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:44:58.0125 2756 SysmonLog - ok
07:44:58.0250 2756 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:44:58.0343 2756 TapiSrv - ok
07:44:58.0531 2756 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:44:58.0625 2756 Tcpip - ok
07:44:58.0687 2756 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:44:58.0687 2756 TDPIPE - ok
07:44:58.0718 2756 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:44:58.0718 2756 TDTCP - ok
07:44:58.0781 2756 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:44:58.0796 2756 TermDD - ok
07:44:58.0968 2756 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
07:44:59.0062 2756 TermService - ok
07:44:59.0140 2756 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
07:44:59.0140 2756 Themes - ok
07:44:59.0203 2756 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
07:44:59.0203 2756 TosIde - ok
07:44:59.0296 2756 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:44:59.0328 2756 TrkWks - ok
07:44:59.0421 2756 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:44:59.0468 2756 Udfs - ok
07:44:59.0515 2756 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
07:44:59.0531 2756 ultra - ok
07:44:59.0718 2756 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:44:59.0843 2756 Update - ok
07:44:59.0968 2756 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
07:45:00.0031 2756 upnphost - ok
07:45:00.0093 2756 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
07:45:00.0093 2756 UPS - ok
07:45:00.0156 2756 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:45:00.0171 2756 usbccgp - ok
07:45:00.0250 2756 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:45:00.0265 2756 usbehci - ok
07:45:00.0312 2756 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:45:00.0328 2756 usbhub - ok
07:45:00.0421 2756 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:45:00.0421 2756 usbprint - ok
07:45:00.0484 2756 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:45:00.0484 2756 usbscan - ok
07:45:00.0546 2756 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:45:00.0593 2756 USBSTOR - ok
07:45:00.0671 2756 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:45:00.0671 2756 usbuhci - ok
07:45:00.0781 2756 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:45:00.0796 2756 VgaSave - ok
07:45:00.0875 2756 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:45:00.0921 2756 viaagp - ok
07:45:00.0953 2756 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
07:45:00.0953 2756 ViaIde - ok
07:45:01.0031 2756 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:45:01.0046 2756 VolSnap - ok
07:45:01.0203 2756 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
07:45:01.0312 2756 VSS - ok
07:45:01.0421 2756 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
07:45:01.0484 2756 w32time - ok
07:45:01.0531 2756 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:45:01.0531 2756 Wanarp - ok
07:45:01.0546 2756 wanatw - ok
07:45:01.0562 2756 WDICA - ok
07:45:01.0640 2756 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:45:01.0671 2756 wdmaud - ok
07:45:01.0750 2756 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
07:45:01.0796 2756 WebClient - ok
07:45:02.0031 2756 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:45:02.0250 2756 winachsf - ok
07:45:02.0468 2756 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:45:02.0515 2756 winmgmt - ok
07:45:02.0593 2756 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
07:45:02.0593 2756 WmdmPmSN - ok
07:45:02.0718 2756 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:45:02.0750 2756 WmiApSrv - ok
07:45:03.0171 2756 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
07:45:03.0484 2756 WMPNetworkSvc - ok
07:45:03.0531 2756 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
07:45:03.0562 2756 WpdUsb - ok
07:45:03.0656 2756 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:45:03.0687 2756 wscsvc - ok
07:45:03.0765 2756 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:45:03.0765 2756 wuauserv - ok
07:45:03.0890 2756 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:45:03.0921 2756 WudfPf - ok
07:45:04.0015 2756 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:45:04.0062 2756 WudfRd - ok
07:45:04.0125 2756 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
07:45:04.0140 2756 WudfSvc - ok
07:45:04.0375 2756 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:45:04.0593 2756 WZCSVC - ok
07:45:04.0687 2756 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:45:04.0718 2756 xmlprov - ok
07:45:04.0734 2756 ================ Scan global ===============================
07:45:04.0812 2756 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
07:45:05.0000 2756 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:45:05.0203 2756 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:45:05.0250 2756 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
07:45:05.0250 2756 [Global] - ok
07:45:05.0250 2756 ================ Scan MBR ==================================
07:45:05.0312 2756 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
07:45:05.0796 2756 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:45:05.0796 2756 \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:45:05.0796 2756 ================ Scan VBR ==================================
07:45:05.0875 2756 [ AA9A0B9AAE416C1037D3D9C104C9A81C ] \Device\Harddisk0\DR0\Partition1
07:45:05.0890 2756 \Device\Harddisk0\DR0\Partition1 - ok
07:45:05.0937 2756 [ 0DFE86AC683595BC71C5549997C79252 ] \Device\Harddisk0\DR0\Partition2
07:45:05.0937 2756 \Device\Harddisk0\DR0\Partition2 - ok
07:45:05.0953 2756 ============================================================
07:45:05.0953 2756 Scan finished
07:45:05.0953 2756 ============================================================
07:45:05.0968 3136 Detected object count: 1
07:45:05.0968 3136 Actual detected object count: 1
07:45:59.0156 3136 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:45:59.0156 3136 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
07:48:03.0078 1712 Deinitialize success

aswMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-09 07:49:40
-----------------------------
07:49:40.234 OS Version: Windows 5.1.2600 Service Pack 3
07:49:40.234 Number of processors: 1 586 0x409
07:49:40.234 ComputerName: D7C1CCB1 UserName: Jodi
07:49:42.375 Initialize success
07:53:48.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:53:48.890 Disk 0 Vendor: ST3802110A 3.ADH Size: 76293MB BusType: 3
07:53:48.906 Disk 0 MBR read successfully
07:53:48.906 Disk 0 MBR scan
07:53:48.906 Disk 0 unknown MBR code
07:53:48.906 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
07:53:48.921 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53968 MB offset 80325
07:53:48.968 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19053 MB offset 110607525
07:53:49.000 Disk 0 Partition 4 00 DB CP/M / CTOS MSDOS5.0 3223 MB offset 149629410
07:53:49.078 Disk 0 scanning sectors +156232125
07:53:49.296 Disk 0 scanning C:\WINDOWS\system32\drivers
07:54:15.984 Service scanning
07:54:54.453 Service MpKsl1b483347 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36D294A1-4F35-4ACE-8AFA-31B633F58EBE}\MpKsl1b483347.sys **LOCKED** 32
07:55:28.703 Modules scanning
07:56:09.406 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
07:56:14.671 Disk 0 trace - called modules:
07:56:14.906 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
07:56:14.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fdcab8]
07:56:14.906 3 CLASSPNP.SYS[f75d6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f92b00]
07:56:14.906 Scan finished successfully
07:57:30.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jodi\Desktop\MBR.dat"
07:57:30.375 The log file has been saved successfully to "C:\Documents and Settings\Jodi\Desktop\aswMBR 10-12.txt"


ESET found nothing.

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:07 PM

Posted 09 October 2012 - 05:04 PM

07:45:59.0156 3136 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Run TDSSkiller again and select DELETE

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#8 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:08:07 PM

Posted 09 October 2012 - 09:35 PM

MBAM updated and ran with nothing found

MiniTool Box
MiniToolBox by Farbar Version: 23-07-2012
Ran by Jodi (administrator) on 09-10-2012 at 20:16:32
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15248 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : D7C1CCB1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-16-76-97-B8-75

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Tuesday, October 09, 2012 7:59:34 PM

Lease Expires . . . . . . . . . . : Tuesday, October 09, 2012 10:59:34 PM

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.228.8, 74.125.228.9, 74.125.228.14, 74.125.228.0
74.125.228.1, 74.125.228.2, 74.125.228.3, 74.125.228.4, 74.125.228.5
74.125.228.6, 74.125.228.7



Pinging google.com [74.125.228.8] with 32 bytes of data:



Reply from 74.125.228.8: bytes=32 time=43ms TTL=55

Reply from 74.125.228.8: bytes=32 time=41ms TTL=55



Ping statistics for 74.125.228.8:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 41ms, Maximum = 43ms, Average = 42ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=102ms TTL=49

Reply from 98.139.183.24: bytes=32 time=88ms TTL=50



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 88ms, Maximum = 102ms, Average = 95ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 76 97 b8 75 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.100 192.168.0.100 20
192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 20
192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.100 192.168.0.100 20
224.0.0.0 240.0.0.0 192.168.0.100 192.168.0.100 20
255.255.255.255 255.255.255.255 192.168.0.100 192.168.0.100 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/09/2012 07:43:19 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


System errors:
=============
Error: (10/09/2012 08:13:31 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/09/2012 08:13:26 PM) (Source: Service Control Manager) (User: )
Description: The LeapFrog Connect Device Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/09/2012 08:13:22 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/09/2012 07:59:54 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd
SBRE

Error: (10/09/2012 07:59:52 PM) (Source: Service Control Manager) (User: )
Description: The lxdnCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (10/09/2012 07:59:51 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.

Error: (10/09/2012 07:57:40 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/09/2012 06:27:17 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.137.1320.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/09/2012 06:27:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/09/2012 06:27:16 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}


Microsoft Office Sessions:
=========================
Error: (10/09/2012 07:43:19 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (10/08/2012 07:00:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.


=========================== Installed Programs ============================

924PLC32 (Version: 1.0.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.41612)
Ad-Aware Browsing Protection (Version: 0.9.0.2)
Adobe AIR (Version: 2.0.4.13090)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Adobe® Photoshop® Album Starter Edition 3.0 (Version: 3.00.000)
Angry Birds Rio (Version: 1.4.4)
AOLIcon (Version: 1.00.0000)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Awakening: Moonfell Wood
Big Fish Games: Game Manager (Version: 3.0.1.60)
Bonjour (Version: 3.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Diagnostic for Windows 1.24
Dell Digital Jukebox Driver
Dell Driver Download Manager - 1 (Version: 3.0.0.0)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Support Center (Support Software) (Version: 2.2.09085)
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Digital Content Portal (Version: 1.00.0000)
Digital Line Detect (Version: 1.10)
Documentation & Support Launcher (Version: 1.00.0000)
Dream Chronicles
Dream Chronicles ™ 2: The Eternal Maze
Dream Chronicles: The Book of Air
Dream Chronicles: The Book of Water
Dream Chronicles: The Chosen Child
ELIcon (Version: 1.00.0000)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.123)
Hodgepodge Hollow
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections (Version: 8.00.5000)
iTunes (Version: 10.7.0.21)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
LeapFrog Connect (Version: 4.0.33.15045)
LeapFrog Didj Plugin (Version: 4.0.33.15045)
Learn2 Player (Uninstall Only)
Lexmark 2600 Series
LiveUpdate 2.6 (Symantec Corporation) (Version: 2.6.14.0)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MCU (Version: 1.00.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper (Version: 2.40)
Mozilla Firefox 15.0.1 (x86 en-GB) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetWaiting (Version: 2.5.12)
Philips Songbird (Version: 2.5.6 Build: 5.6.2119)
QuickTime (Version: 7.72.80.56)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealUpgrade 1.1 (Version: 1.1.0)
Richard Scarry's Best Reading Program
Roxio DLA (Version: 5.2.0)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
Search Assist (Version: 1.00.0000)
Segoe UI (Version: 14.0.4327.805)
Sonic Activation Module (Version: 1.0)
Sonic Update Manager (Version: 3.0.0)
SoundMAX (Version: 5.12.01.7000)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.6 (Version: 4.6.0)
SUPERAntiSpyware Free Edition (Version: 3.9.0.1008)
swMSM (Version: 12.0.0.1)
System Requirements Lab for Intel (Version: 4.5.3.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
URL Assistant
Use the entry named LeapFrog Connect to uninstall (LeapFrog Didj Plugin)
Virtools 3D Life Player (Version: 4.0.0.x)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Wandering Willows
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 19.3.2010.5)
Xiph QuickTime Components

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 1021.98 MB
Available physical RAM: 493.32 MB
Total Pagefile: 1311.65 MB
Available Pagefile: 677.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.06 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:52.7 GB) (Free:34.22 GB) NTFS
2 Drive d: (Backup) (Fixed) (Total:18.61 GB) (Free:18.54 GB) NTFS

========================= Users: ========================================

User accounts for \\D7C1CCB1

Administrator Guest HelpAssistant
Jodi SUPPORT_388945a0

========================= Restore Points ==================================


**** End of log ****


FSS Scan
Farbar Service Scanner Version: 06-08-2012
Ran by Jodi (administrator) on 09-10-2012 at 21:02:55
Running from "C:\Documents and Settings\Jodi\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000800000005000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****

AdwCleaner Scan
# AdwCleaner v2.004 - Logfile created 10/09/2012 at 21:08:03
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jodi - D7C1CCB1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jodi\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-GB)

Profile name : default
File : C:\Documents and Settings\Jodi\Application Data\Mozilla\Firefox\Profiles\0dgnvtoz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1959 octets] - [07/08/2012 07:45:43]
AdwCleaner[S2].txt - [1467 octets] - [09/10/2012 21:08:03]

########## EOF - C:\AdwCleaner[S2].txt - [1527 octets] ##########


Junkware Removal Tool
Junkware Removal Tool (JRT) by Thisisu
Version: 1.3.7 (10.09.2012)
OS: Microsoft Windows XP x86
Ran by Jodi on Tue 10/09/2012 at 21:16:20.70
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{6c97a91e-4524-4019-86af-2aa2d567bf5c}



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Tue 10/09/2012 at 21:31:12.20
End of Report

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:07 PM

Posted 09 October 2012 - 09:36 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

Current issues?

#10 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:08:07 PM

Posted 09 October 2012 - 09:58 PM

RKill
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/09/2012 09:43:32 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

Checking Windows Service Integrity:

* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic

* System Restore Filter Driver (sr) is not Running.
Startup Type set to: Disabled

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

20 out of 15268 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 10/09/2012 09:44:49 PM
Execution time: 0 hours(s), 1 minute(s), and 16 seconds(s)


Autoruns
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup" "" "" ""
"HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown" "" "" ""
"HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logoff" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell" "" "" ""
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\InitialProgram" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "(Verified) Oracle America" "c:\program files\common files\java\java update\jusched.exe"
+ "WinPatrol" "WinPatrol System Monitor" "(Verified) BillP Studios" "c:\program files\billp studios\winpatrol\winpatrol.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
"C:\Documents and Settings\Jodi\Start Menu\Programs\Startup" "" "" ""
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load" "" "" ""
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" "" "" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\IconServiceLib" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "SpybotSD TeaTimer" "System settings protector" "(Not verified) Safer-Networking Ltd." "c:\program files\spybot - search & destroy\teatimer.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "(Verified) SuperAdBlocker.com" "c:\program files\superantispyware\superantispyware.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce" "" "" ""
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnDisconnect" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services\AutoStartOnDisconnect" "" "" ""
"HKCU\SOFTWARE\Classes\Protocols\Filter" "" "" ""
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
"HKCU\SOFTWARE\Classes\Protocols\Handler" "" "" ""
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "(Verified) SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "LavasoftShellExt" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "(Verified) SuperAdBlocker.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
"HKCU\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
"HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "(Verified) Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
"HKCU\Software\Classes\AllFileSystemObjects\ShellEx\DragDropHandlers" "" "" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\DragDropHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\DragDropHandlers" "" "" ""
"HKCU\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" ""
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "(Verified) SuperAdBlocker.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
"HKCU\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
"HKCU\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
"HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
"HKCU\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
"HKCU\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "(Verified) Adobe Systems" "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
"HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "LavasoftShellExt" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "(Verified) Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
"HKCU\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
"HKCU\Software\Classes\Folder\ShellEx\ExtShellFolderViews" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\ExtShellFolderViews" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ExtShellFolderViews" "" "" ""
"HKCU\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
"HKCU\Software\Microsoft\Ctf\LangBarAddin" "" "" ""
"HKLM\Software\Microsoft\Ctf\LangBarAddin" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "(Verified) Adobe Systems" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "CBrowserHelperObject Object" "BAE.dll" "(Not verified) Dell Inc." "c:\program files\bae\bae.dll"
+ "DriveLetterAccess" "Drive Letter Access Component" "(Not verified) Sonic Solutions" "c:\windows\system32\dla\dlashx_w.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "(Verified) Oracle America" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "(Verified) Oracle America" "c:\program files\java\jre7\bin\ssv.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "(Verified) Safer Networking Ltd." "c:\program files\spybot - search & destroy\sdhelper.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
"HKCU\Software\Microsoft\Internet Explorer\Explorer Bars" "" "" ""
"HKLM\Software\Microsoft\Internet Explorer\Explorer Bars" "" "" ""
"HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars" "" "" ""
"HKCU\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "(Verified) Safer Networking Ltd." "c:\program files\spybot - search & destroy\sdhelper.dll"
"HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "(Verified) Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppleSoftwareUpdate.job" "Apple Software Update" "(Verified) Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "(Verified) Google Inc" "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "(Verified) Google Inc" "c:\program files\google\update\googleupdate.exe"
+ "RealUpgradeLogonTaskS-1-5-21-2530500631-1501206697-2641868570-1006.job" "RealUpgrade Launcher" "(Verified) RealNetworks" "c:\program files\real\realupgrade\realupgrade.exe"
+ "RealUpgradeScheduledTaskS-1-5-21-2530500631-1501206697-2641868570-1006.job" "RealUpgrade Launcher" "(Verified) RealNetworks" "c:\program files\real\realupgrade\realupgrade.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "(Verified) SuperAdBlocker.com" "c:\program files\superantispyware\sascore.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "(Verified) Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "(Verified) Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "(Verified) Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "DSBrokerService" "Gteko BrkrSvc Application" "(Verified) Dell Inc." "c:\program files\dellsupport\brkrsvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "(Verified) Google Inc" "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "(Verified) Google Inc" "c:\program files\google\update\googleupdate.exe"
+ "iPod Service" "iPod hardware management services" "(Verified) Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "(Verified) Oracle America" "c:\program files\java\jre7\bin\jqs.exe"
+ "LeapFrog Connect Device Service" "Manages LeapFrog Connect devices." "(Verified) LeapFrog Enterprises" "c:\program files\leapfrog\leapfrog connect\commandservice.exe"
+ "NetSvc" "Supports Intel® PROSet for Wired Connections." "(Not verified) Intel® Corporation" "c:\program files\intel\prosetwired\ncs\sync\netsvc.exe"
+ "sprtsvc_dellsupportcenter" "SupportSoft Sprocket Service" "(Verified) Dell Inc." "c:\program files\dell support center\bin\sprtsvc.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "bvrp_pci" "" "" "File not found: C:\WINDOWS\System32\Drivers\bvrp_pci.sys"
+ "catchme" "" "" "File not found: C:\DOCUME~1\Jodi\LOCALS~1\Temp\catchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "cpudrv" "" "(Verified) Intel® Graphics DSS" "c:\program files\systemrequirementslab\cpudrv.sys"
+ "DLABOIOM" "Drive Letter Access Component" "(Not verified) Sonic Solutions" "c:\windows\system32\dla\dlaboiom.sys"
+ "DLACDBHM" "Shared Driver Component" "(Not verified) Sonic Solutions" "c:\windows\system32\drivers\dlacdbhm.sys"
+ "DLADResN" "Drive Letter Access Component" "(Not verified) Sonic Solutions" "c:\windows\system32\dla\dladresn.sys"
+ "DLAIFS_M" "Drive Letter Access Component" "(Not verified) Sonic Solutions" "c:\windows\system32\dla\dlaifs_m.sys"
+ "DLAOPIOM" "Drive Letter Access Component" "(Not verified) Sonic Solutions" "c:\windows\system32\dla\dlaopiom.sys"
+ "DLAPoolM" "Drive Letter Access Component" "(Not verified) Sonic Solutions" "c:\windows\system32\dla\dlapoolm.sys"
+ "DLARTL_N" "Shared Driver Component" "(Not verified) Sonic Solutions" "c:\windows\system32\drivers\dlartl_n.sys"
+ "DLAUDF_M" "Drive Letter Access Component" "(Not verified) Sonic Solutions" "c:\windows\system32\dla\dlaudf_m.sys"
+ "DLAUDFAM" "Drive Letter Access Component" "(Not verified) Sonic Solutions" "c:\windows\system32\dla\dlaudfam.sys"
+ "DRVMCDB" "Device Driver" "(Not verified) Sonic Solutions" "c:\windows\system32\drivers\drvmcdb.sys"
+ "DRVNDDM" "Device Driver Manager" "(Not verified) Sonic Solutions" "c:\windows\system32\drivers\drvnddm.sys"
+ "DSproct" "Process Trigger Driver" "(Not verified) Gteko Ltd." "c:\program files\dellsupport\gtaction\triggers\dsproct.sys"
+ "Lavasoft Kernexplorer" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys"
+ "Lbd" "Ad-Aware mini-filter driver" "" "File not found: system32\DRIVERS\Lbd.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "mferkdk" "" "" "File not found: C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "(Not verified) Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "(Verified) Support.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASENUM" "SASENUM.SYS" "(Verified) SUPERAdBlocker.com" "c:\program files\superantispyware\sasenum.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "(Verified) Support.com" "c:\program files\superantispyware\saskutil.sys"
+ "SBRE" "" "" "File not found: C:\WINDOWS\system32\drivers\SBREdrv.sys"
+ "wanatw" "" "" "File not found: system32\DRIVERS\wanatw4.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
"HKCU\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
"HKCU\Software\Classes\Filter" "" "" ""
"HKLM\Software\Classes\Filter" "" "" ""
"HKCU\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
"HKCU\Software\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" ""
"HKCU\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" ""
"HKCU\Software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" ""
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Photo Story 2 Trial Source Filter" "Plus! Photo Story 2 LE" "(Not verified) Microsoft Corporation" "c:\program files\microsoft plus! photo story 2 le\pssf2try.dll"
+ "WAV Dest Trial" "Plus! Photo Story 2 LE" "(Not verified) Microsoft Corporation" "c:\program files\microsoft plus! photo story 2 le\wavd2try.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
"HKLM\Software\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" ""
"HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" ""
"HKLM\Software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\Execute" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\S0InitialCommand" "" "" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" ""
"HKLM\Software\Microsoft\Command Processor\Autorun" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Command Processor\Autorun" "" "" ""
"HKCU\Software\Microsoft\Command Processor\Autorun" "" "" ""
"HKCU\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)" "" "" ""
"HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)" "" "" ""
"HKLM\Software\Classes\.exe" "" "" ""
"HKCU\Software\Classes\.exe" "" "" ""
"HKLM\Software\Classes\.cmd" "" "" ""
"HKCU\Software\Classes\.cmd" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ServiceControllerStart" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LsaStart" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SaveDumpStart" "" "" ""
"HKCU\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\Scrnsave.exe" "" "" ""
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
"HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath" "" "" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "(Verified) Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64" "" "" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""

Only issue was about 15 minutes ago. SuperAnitSpyware kept notifying me that my homepage on IE was changed. Nothing else so far. Will let you know if anything else rears its ugly head. I am truly scratching my head on this one as we try to stay on reputable sites. SIGH! This is tiring. :)

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:07 PM

Posted 09 October 2012 - 10:04 PM

I dont think the pop up was from super antispyware.It should have been from SPYBOT :thumbup2:

If you have any issues you can post it here until then

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#12 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:08:07 PM

Posted 10 October 2012 - 07:34 AM

Thank you for your help! Everything seems to be running normal again so far. :thumbsup:
Bleepingcomputer is the greatest!! :thumbup2:

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:07 PM

Posted 10 October 2012 - 07:49 AM

You're most welcome :thumbup2:

#14 tide_belle

tide_belle
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:08:07 PM

Posted 16 October 2012 - 06:25 PM

I'm back again! Another scraptastic Trojan. Should I just follow your previous suggested steps? I'm ready to throw this PC out in front of an 18 wheeler.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:07 PM

Posted 16 October 2012 - 08:42 PM

Give me some details about the exact issue :)

Post the log that showed you the trojan.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users