Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Problems on Computer from 2007


  • Please log in to reply
32 replies to this topic

#1 tcharleschapman

tcharleschapman

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 10 October 2012 - 10:08 PM

To anyone that can be of assistance,

This is my first time posting on this forum so forgive me if I break any rules. I tried to review them, but may step in a hole I missed.

My computer is a Dell Dimension E310, purchased sometime in 2007. It has been a reliable computer up until a few months ago. There are many problems that we have encountered. I will try to list them here.

  • Security Alerts pop up every time the computer boots up. Not sure what for.
  • Malware Bytes often crashes when running any type of scan. Managed to complete one Full Scan that removed three items, but the program will not complete another scan without crashing within 30 seconds of beginning the scan.
  • Tried running DDS to post on MalwareBytes forum, but causes the Blue Screen of Death before I get to the end of the scan.
  • Google Redirect in firefox. Now use Chrome, which was redirecting, but now works fine.
  • Experienced some bank fraud a few months ago. Suggested culprit was a home computer, this one.
  • When typing in passwords and usernames on facebook and gmail, you click to sign in and it brings me back to the login page. Possible password-stealing.

I appreciate any assistance that can be provided.

Sincerely,
Tom

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:42 AM

Posted 10 October 2012 - 10:09 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 tcharleschapman

tcharleschapman
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 10 October 2012 - 10:13 PM

TDSSKiller LOG Report

21:11:15.0703 3720 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:11:16.0343 3720 ============================================================
21:11:16.0343 3720 Current date / time: 2012/11/10 21:11:16.0343
21:11:16.0343 3720 SystemInfo:
21:11:16.0343 3720
21:11:16.0343 3720 OS Version: 5.1.2600 ServicePack: 3.0
21:11:16.0343 3720 Product type: Workstation
21:11:16.0343 3720 ComputerName: HOME-69417401B6
21:11:16.0343 3720 UserName: Jennifer
21:11:16.0343 3720 Windows directory: C:\WINDOWS
21:11:16.0343 3720 System windows directory: C:\WINDOWS
21:11:16.0343 3720 Processor architecture: Intel x86
21:11:16.0343 3720 Number of processors: 2
21:11:16.0343 3720 Page size: 0x1000
21:11:16.0343 3720 Boot type: Normal boot
21:11:16.0343 3720 ============================================================
21:11:19.0062 3720 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:11:19.0078 3720 ============================================================
21:11:19.0078 3720 \Device\Harddisk0\DR0:
21:11:19.0109 3720 MBR partitions:
21:11:19.0140 3720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB43, BlocksNum 0x666F45F
21:11:19.0140 3720 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x667EFA2, BlocksNum 0x2536D3D
21:11:19.0140 3720 ============================================================
21:11:19.0281 3720 D: <-> \Device\Harddisk0\DR0\Partition2
21:11:19.0375 3720 C: <-> \Device\Harddisk0\DR0\Partition1
21:11:19.0468 3720 ============================================================
21:11:19.0468 3720 Initialize success
21:11:19.0468 3720 ============================================================
21:11:25.0812 1148 ============================================================
21:11:25.0812 1148 Scan started
21:11:25.0812 1148 Mode: Manual;
21:11:25.0812 1148 ============================================================
21:11:27.0109 1148 ================ Scan system memory ========================
21:11:30.0984 1148 System memory - ok
21:11:30.0984 1148 ================ Scan services =============================
21:11:31.0156 1148 1009CF - ok
21:11:31.0156 1148 6to4 - ok
21:11:31.0171 1148 Abiosdsk - ok
21:11:31.0187 1148 abp480n5 - ok
21:11:31.0250 1148 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:11:31.0265 1148 ACPI - ok
21:11:31.0296 1148 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:11:31.0312 1148 ACPIEC - ok
21:11:31.0328 1148 adpu160m - ok
21:11:31.0375 1148 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:11:31.0390 1148 aec - ok
21:11:31.0453 1148 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:11:31.0468 1148 AFD - ok
21:11:31.0468 1148 Aha154x - ok
21:11:31.0484 1148 aic78u2 - ok
21:11:31.0484 1148 aic78xx - ok
21:11:31.0968 1148 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
21:11:31.0968 1148 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
21:11:32.0015 1148 Akamai ( HiddenFile.Multi.Generic ) - warning
21:11:32.0015 1148 Akamai - detected HiddenFile.Multi.Generic (1)
21:11:32.0046 1148 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:11:32.0093 1148 Alerter - ok
21:11:32.0125 1148 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:11:32.0171 1148 ALG - ok
21:11:32.0187 1148 AliIde - ok
21:11:32.0187 1148 amsint - ok
21:11:32.0328 1148 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:11:32.0468 1148 Apple Mobile Device - ok
21:11:32.0515 1148 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:11:32.0562 1148 AppMgmt - ok
21:11:32.0562 1148 asc - ok
21:11:32.0562 1148 asc3350p - ok
21:11:32.0578 1148 asc3550 - ok
21:11:32.0734 1148 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:11:32.0984 1148 aspnet_state - ok
21:11:33.0031 1148 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:11:33.0062 1148 AsyncMac - ok
21:11:33.0093 1148 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:11:33.0093 1148 atapi - ok
21:11:33.0109 1148 Atdisk - ok
21:11:33.0156 1148 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:11:33.0187 1148 Atmarpc - ok
21:11:33.0218 1148 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:11:33.0250 1148 AudioSrv - ok
21:11:33.0312 1148 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:11:33.0328 1148 audstub - ok
21:11:33.0406 1148 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:11:33.0421 1148 Beep - ok
21:11:33.0500 1148 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:11:33.0609 1148 BITS - ok
21:11:33.0718 1148 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:11:33.0875 1148 Bonjour Service - ok
21:11:33.0921 1148 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:11:33.0968 1148 Browser - ok
21:11:34.0015 1148 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:11:34.0015 1148 cbidf2k - ok
21:11:34.0109 1148 [ 0A6786C95A6F8715AA4285E3C27F201F ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
21:11:34.0125 1148 ccEvtMgr - ok
21:11:34.0156 1148 [ 3B4898CF051BB04FB76E94361E336A83 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
21:11:34.0171 1148 ccSetMgr - ok
21:11:34.0171 1148 cd20xrnt - ok
21:11:34.0218 1148 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:11:34.0234 1148 Cdaudio - ok
21:11:34.0234 1148 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:11:34.0250 1148 Cdfs - ok
21:11:34.0312 1148 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:11:34.0359 1148 Cdrom - ok
21:11:34.0375 1148 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
21:11:34.0390 1148 cercsr6 - ok
21:11:34.0390 1148 Changer - ok
21:11:34.0453 1148 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:11:34.0453 1148 CiSvc - ok
21:11:34.0500 1148 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:11:34.0515 1148 ClipSrv - ok
21:11:34.0546 1148 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:11:34.0703 1148 clr_optimization_v2.0.50727_32 - ok
21:11:34.0703 1148 CmdIde - ok
21:11:34.0718 1148 COMSysApp - ok
21:11:34.0718 1148 Cpqarray - ok
21:11:34.0781 1148 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:11:34.0796 1148 CryptSvc - ok
21:11:34.0796 1148 dac2w2k - ok
21:11:34.0812 1148 dac960nt - ok
21:11:34.0906 1148 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:11:34.0968 1148 DcomLaunch - ok
21:11:35.0015 1148 [ 1F709C66D8AADFF35530C56EE261C462 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
21:11:35.0046 1148 DefWatch - ok
21:11:35.0093 1148 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:11:35.0093 1148 Dhcp - ok
21:11:35.0140 1148 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:11:35.0187 1148 Disk - ok
21:11:35.0250 1148 [ A53723176D0002FEB486EFF8E17812F2 ] DLABMFSM C:\WINDOWS\system32\DLA\DLABMFSM.SYS
21:11:35.0265 1148 DLABMFSM - ok
21:11:35.0265 1148 [ D4587063ACEA776699251E177D719586 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:11:35.0281 1148 DLABOIOM - ok
21:11:35.0296 1148 [ 5230CDB7E715F3A3B4A882E254CDD35D ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:11:35.0312 1148 DLACDBHM - ok
21:11:35.0312 1148 [ C950C2E7B9ED1A4FC4A2AC7EC044F1D6 ] DLADResM C:\WINDOWS\system32\DLA\DLADResM.SYS
21:11:35.0328 1148 DLADResM - ok
21:11:35.0343 1148 [ 24400137E387A24410C52A591F3CFB4D ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:11:35.0359 1148 DLAIFS_M - ok
21:11:35.0375 1148 [ 29A303FECEB28641ECEBDAE89EB71C63 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:11:35.0390 1148 DLAOPIOM - ok
21:11:35.0406 1148 [ C93E33A22A1AE0C5508F3FB1F6D0A50C ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:11:35.0421 1148 DLAPoolM - ok
21:11:35.0437 1148 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
21:11:35.0453 1148 DLARTL_M - ok
21:11:35.0468 1148 [ B953498C35A31E5AC98F49ADBCF3E627 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:11:35.0484 1148 DLAUDFAM - ok
21:11:35.0484 1148 [ 4897704C093C1F59CE58FC65E1E1EF1E ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:11:35.0515 1148 DLAUDF_M - ok
21:11:35.0515 1148 dmadmin - ok
21:11:35.0593 1148 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:11:35.0656 1148 dmboot - ok
21:11:35.0656 1148 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:11:35.0687 1148 dmio - ok
21:11:35.0703 1148 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:11:35.0718 1148 dmload - ok
21:11:35.0750 1148 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:11:35.0781 1148 dmserver - ok
21:11:35.0843 1148 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:11:35.0906 1148 DMusic - ok
21:11:35.0953 1148 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:11:35.0968 1148 Dnscache - ok
21:11:36.0000 1148 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:11:36.0015 1148 Dot3svc - ok
21:11:36.0015 1148 dpti2o - ok
21:11:36.0062 1148 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:11:36.0062 1148 drmkaud - ok
21:11:36.0078 1148 [ C00440385CF9F3D142917C63F989E244 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:11:36.0093 1148 DRVMCDB - ok
21:11:36.0093 1148 [ FFC371525AA55D1BAE18715EBCB8797C ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:11:36.0125 1148 DRVNDDM - ok
21:11:36.0203 1148 [ FB38473835476A6FB272215A1D972AF9 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
21:11:36.0234 1148 dtsoftbus01 - ok
21:11:36.0281 1148 [ E278A4D94C5CB5F51A73785936CD7642 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:11:36.0296 1148 E100B - ok
21:11:36.0343 1148 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:11:36.0390 1148 EapHost - ok
21:11:36.0515 1148 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:11:36.0625 1148 eeCtrl - ok
21:11:36.0734 1148 [ 95D859F8B4DA8E1871FF4381FF974AAD ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
21:11:36.0796 1148 ehRecvr - ok
21:11:36.0828 1148 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
21:11:36.0890 1148 ehSched - ok
21:11:36.0953 1148 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:11:36.0968 1148 EraserUtilRebootDrv - ok
21:11:37.0031 1148 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:11:37.0046 1148 ERSvc - ok
21:11:37.0093 1148 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:11:37.0171 1148 Eventlog - ok
21:11:37.0234 1148 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:11:37.0265 1148 EventSystem - ok
21:11:37.0328 1148 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:11:37.0375 1148 Fastfat - ok
21:11:37.0421 1148 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:11:37.0453 1148 FastUserSwitchingCompatibility - ok
21:11:37.0484 1148 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:11:37.0500 1148 Fdc - ok
21:11:37.0500 1148 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:11:37.0531 1148 Fips - ok
21:11:37.0531 1148 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:11:37.0546 1148 Flpydisk - ok
21:11:37.0609 1148 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:11:37.0625 1148 FltMgr - ok
21:11:37.0734 1148 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:11:37.0765 1148 FontCache3.0.0.0 - ok
21:11:37.0796 1148 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:11:37.0812 1148 Fs_Rec - ok
21:11:37.0812 1148 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:11:37.0843 1148 Ftdisk - ok
21:11:37.0906 1148 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:11:37.0921 1148 GEARAspiWDM - ok
21:11:37.0968 1148 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:11:38.0000 1148 Gpc - ok
21:11:38.0140 1148 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:11:38.0187 1148 gupdate - ok
21:11:38.0187 1148 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:11:38.0203 1148 gupdatem - ok
21:11:38.0250 1148 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:11:38.0296 1148 gusvc - ok
21:11:38.0343 1148 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:11:38.0343 1148 HDAudBus - ok
21:11:38.0484 1148 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:11:38.0500 1148 helpsvc - ok
21:11:38.0531 1148 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:11:38.0546 1148 HidServ - ok
21:11:38.0562 1148 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:11:38.0578 1148 hidusb - ok
21:11:38.0625 1148 [ 2306232284AB686AAAA9E82B3A668677 ] hitmanpro35 C:\WINDOWS\system32\drivers\hitmanpro35.sys
21:11:38.0640 1148 hitmanpro35 - ok
21:11:38.0687 1148 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:11:38.0703 1148 hkmsvc - ok
21:11:38.0718 1148 hpn - ok
21:11:38.0781 1148 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:11:38.0796 1148 HSFHWBS2 - ok
21:11:38.0843 1148 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:11:38.0937 1148 HSF_DP - ok
21:11:39.0000 1148 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:11:39.0015 1148 HTTP - ok
21:11:39.0078 1148 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:11:39.0140 1148 HTTPFilter - ok
21:11:39.0140 1148 i2omgmt - ok
21:11:39.0140 1148 i2omp - ok
21:11:39.0171 1148 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
21:11:39.0218 1148 i8042prt - ok
21:11:39.0281 1148 [ 0294A30B302CA71A2C26E582DDA93486 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:11:39.0343 1148 ialm - ok
21:11:39.0453 1148 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:11:39.0484 1148 IDriverT - ok
21:11:39.0578 1148 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:11:39.0656 1148 idsvc - ok
21:11:39.0703 1148 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:11:39.0718 1148 Imapi - ok
21:11:39.0781 1148 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:11:39.0812 1148 ImapiService - ok
21:11:39.0828 1148 ini910u - ok
21:11:39.0859 1148 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:11:39.0875 1148 IntelIde - ok
21:11:39.0921 1148 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:11:39.0937 1148 intelppm - ok
21:11:39.0968 1148 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:11:39.0984 1148 Ip6Fw - ok
21:11:40.0031 1148 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:11:40.0046 1148 IpFilterDriver - ok
21:11:40.0062 1148 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:11:40.0078 1148 IpInIp - ok
21:11:40.0109 1148 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:11:40.0109 1148 IpNat - ok
21:11:40.0187 1148 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:11:40.0265 1148 iPod Service - ok
21:11:40.0328 1148 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:11:40.0343 1148 IPSec - ok
21:11:40.0375 1148 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:11:40.0390 1148 IRENUM - ok
21:11:40.0390 1148 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:11:40.0406 1148 isapnp - ok
21:11:40.0578 1148 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:11:40.0609 1148 JavaQuickStarterService - ok
21:11:40.0625 1148 [ CCFEF7298ED6EBE1A94844D639FE7AA0 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:11:40.0640 1148 Kbdclass - ok
21:11:40.0703 1148 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:11:40.0718 1148 kbdhid - ok
21:11:40.0750 1148 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:11:40.0750 1148 kmixer - ok
21:11:40.0781 1148 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:11:40.0796 1148 KSecDD - ok
21:11:40.0843 1148 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:11:40.0875 1148 lanmanserver - ok
21:11:40.0921 1148 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:11:40.0953 1148 lanmanworkstation - ok
21:11:40.0953 1148 lbrtfdc - ok
21:11:41.0093 1148 [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
21:11:41.0359 1148 LiveUpdate - ok
21:11:41.0406 1148 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:11:41.0421 1148 LmHosts - ok
21:11:41.0468 1148 [ 3F6F7993AE46ADED2DB2886ED3080C80 ] LxrJD31d C:\WINDOWS\system32\Drivers\LxrJD31d.sys
21:11:41.0484 1148 LxrJD31d - ok
21:11:41.0484 1148 LxrJD31s - ok
21:11:41.0531 1148 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
21:11:41.0546 1148 MBAMSwissArmy - ok
21:11:41.0593 1148 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
21:11:41.0625 1148 McrdSvc - ok
21:11:41.0671 1148 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:11:41.0687 1148 mdmxsdk - ok
21:11:41.0734 1148 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:11:41.0750 1148 Messenger - ok
21:11:41.0796 1148 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
21:11:41.0812 1148 MHN - ok
21:11:41.0843 1148 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:11:41.0843 1148 MHNDRV - ok
21:11:41.0890 1148 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:11:41.0890 1148 mnmdd - ok
21:11:41.0937 1148 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:11:41.0968 1148 mnmsrvc - ok
21:11:42.0000 1148 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:11:42.0015 1148 Modem - ok
21:11:42.0046 1148 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:11:42.0062 1148 MODEMCSA - ok
21:11:42.0093 1148 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:11:42.0109 1148 Mouclass - ok
21:11:42.0125 1148 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:11:42.0140 1148 mouhid - ok
21:11:42.0140 1148 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:11:42.0156 1148 MountMgr - ok
21:11:42.0171 1148 mraid35x - ok
21:11:42.0187 1148 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:11:42.0203 1148 MRxDAV - ok
21:11:42.0265 1148 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:11:42.0312 1148 MRxSmb - ok
21:11:42.0328 1148 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:11:42.0343 1148 MSDTC - ok
21:11:42.0343 1148 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:11:42.0359 1148 Msfs - ok
21:11:42.0375 1148 MSIServer - ok
21:11:42.0390 1148 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:11:42.0406 1148 MSKSSRV - ok
21:11:42.0421 1148 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:11:42.0421 1148 MSPCLOCK - ok
21:11:42.0453 1148 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:11:42.0468 1148 MSPQM - ok
21:11:42.0484 1148 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:11:42.0500 1148 mssmbios - ok
21:11:42.0531 1148 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:11:42.0546 1148 Mup - ok
21:11:42.0578 1148 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:11:42.0625 1148 napagent - ok
21:11:42.0718 1148 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121009.003\naveng.sys
21:11:42.0750 1148 NAVENG - ok
21:11:42.0812 1148 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121009.003\navex15.sys
21:11:42.0890 1148 NAVEX15 - ok
21:11:42.0921 1148 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:11:42.0968 1148 NDIS - ok
21:11:43.0015 1148 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:11:43.0031 1148 NdisTapi - ok
21:11:43.0046 1148 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:11:43.0078 1148 Ndisuio - ok
21:11:43.0093 1148 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:11:43.0187 1148 NdisWan - ok
21:11:43.0234 1148 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:11:43.0296 1148 NDProxy - ok
21:11:43.0312 1148 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:11:43.0343 1148 NetBIOS - ok
21:11:43.0359 1148 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:11:43.0453 1148 NetBT - ok
21:11:43.0500 1148 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:11:43.0562 1148 NetDDE - ok
21:11:43.0578 1148 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:11:43.0593 1148 NetDDEdsdm - ok
21:11:43.0609 1148 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:11:43.0625 1148 Netlogon - ok
21:11:43.0703 1148 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:11:43.0734 1148 Netman - ok
21:11:43.0796 1148 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:11:43.0859 1148 NetTcpPortSharing - ok
21:11:43.0921 1148 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:11:43.0937 1148 Nla - ok
21:11:43.0937 1148 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:11:43.0953 1148 Npfs - ok
21:11:43.0984 1148 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:11:44.0031 1148 Ntfs - ok
21:11:44.0031 1148 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:11:44.0046 1148 NtLmSsp - ok
21:11:44.0093 1148 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:11:44.0125 1148 NtmsSvc - ok
21:11:44.0156 1148 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:11:44.0156 1148 Null - ok
21:11:44.0187 1148 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:11:44.0203 1148 NwlnkFlt - ok
21:11:44.0218 1148 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:11:44.0234 1148 NwlnkFwd - ok
21:11:44.0234 1148 OMCI - ok
21:11:44.0281 1148 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
21:11:44.0296 1148 Parport - ok
21:11:44.0312 1148 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:11:44.0328 1148 PartMgr - ok
21:11:44.0359 1148 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:11:44.0375 1148 ParVdm - ok
21:11:44.0375 1148 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:11:44.0390 1148 PCI - ok
21:11:44.0406 1148 PCIDump - ok
21:11:44.0406 1148 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
21:11:44.0421 1148 PCIIde - ok
21:11:44.0453 1148 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:11:44.0468 1148 Pcmcia - ok
21:11:44.0468 1148 PDCOMP - ok
21:11:44.0484 1148 PDFRAME - ok
21:11:44.0484 1148 PDRELI - ok
21:11:44.0484 1148 PDRFRAME - ok
21:11:44.0500 1148 perc2 - ok
21:11:44.0500 1148 perc2hib - ok
21:11:44.0546 1148 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:11:44.0546 1148 PlugPlay - ok
21:11:44.0562 1148 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:11:44.0562 1148 PolicyAgent - ok
21:11:44.0609 1148 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:11:44.0656 1148 PptpMiniport - ok
21:11:44.0656 1148 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:11:44.0671 1148 ProtectedStorage - ok
21:11:44.0671 1148 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:11:44.0687 1148 PSched - ok
21:11:44.0734 1148 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
21:11:44.0750 1148 PSI - ok
21:11:44.0781 1148 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:11:44.0781 1148 Ptilink - ok
21:11:44.0828 1148 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:11:44.0843 1148 PxHelp20 - ok
21:11:44.0843 1148 ql1080 - ok
21:11:44.0843 1148 Ql10wnt - ok
21:11:44.0859 1148 ql12160 - ok
21:11:44.0859 1148 ql1240 - ok
21:11:44.0859 1148 ql1280 - ok
21:11:44.0890 1148 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:11:44.0906 1148 RasAcd - ok
21:11:44.0953 1148 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:11:44.0968 1148 RasAuto - ok
21:11:45.0000 1148 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:11:45.0015 1148 Rasl2tp - ok
21:11:45.0062 1148 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:11:45.0093 1148 RasMan - ok
21:11:45.0125 1148 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:11:45.0156 1148 RasPppoe - ok
21:11:45.0171 1148 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:11:45.0187 1148 Raspti - ok
21:11:45.0218 1148 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:11:45.0265 1148 Rdbss - ok
21:11:45.0281 1148 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:11:45.0281 1148 RDPCDD - ok
21:11:45.0343 1148 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:11:45.0375 1148 rdpdr - ok
21:11:45.0406 1148 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:11:45.0437 1148 RDPWD - ok
21:11:45.0484 1148 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:11:45.0515 1148 RDSessMgr - ok
21:11:45.0531 1148 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:11:45.0562 1148 redbook - ok
21:11:45.0625 1148 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:11:45.0640 1148 RemoteAccess - ok
21:11:45.0703 1148 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:11:45.0718 1148 RemoteRegistry - ok
21:11:45.0843 1148 [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
21:11:45.0921 1148 RoxMediaDB9 - ok
21:11:46.0000 1148 [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
21:11:46.0109 1148 RoxWatch9 - ok
21:11:46.0171 1148 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:11:46.0234 1148 RpcLocator - ok
21:11:46.0265 1148 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:11:46.0281 1148 RpcSs - ok
21:11:46.0343 1148 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:11:46.0406 1148 RSVP - ok
21:11:46.0437 1148 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:11:46.0437 1148 SamSs - ok
21:11:46.0484 1148 [ 3525FDCFC567E807A337C61AFF366BE8 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
21:11:46.0531 1148 SavRoam - ok
21:11:46.0593 1148 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys
21:11:46.0625 1148 SAVRT - ok
21:11:46.0625 1148 [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys
21:11:46.0656 1148 SAVRTPEL - ok
21:11:46.0671 1148 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:11:46.0703 1148 SCardSvr - ok
21:11:46.0781 1148 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:11:46.0812 1148 Schedule - ok
21:11:46.0859 1148 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:11:46.0859 1148 Secdrv - ok
21:11:46.0890 1148 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:11:46.0906 1148 seclogon - ok
21:11:47.0031 1148 [ 2D0599DD0124764FC939C59985C860DE ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
21:11:47.0140 1148 Secunia PSI Agent - ok
21:11:47.0187 1148 [ 20B9E1ADBC58958B480933E4DA005DFB ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
21:11:47.0281 1148 Secunia Update Agent - ok
21:11:47.0312 1148 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:11:47.0359 1148 SENS - ok
21:11:47.0406 1148 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:11:47.0421 1148 Serial - ok
21:11:47.0453 1148 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:11:47.0468 1148 Sfloppy - ok
21:11:47.0515 1148 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:11:47.0546 1148 SharedAccess - ok
21:11:47.0578 1148 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:11:47.0578 1148 ShellHWDetection - ok
21:11:47.0593 1148 Simbad - ok
21:11:47.0640 1148 [ 0D411EEA92751C1ECD8453892F41E726 ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
21:11:47.0671 1148 SNDSrvc - ok
21:11:47.0687 1148 Sparrow - ok
21:11:47.0750 1148 [ 677B10906838D3BFB1C07AC9087E4BF7 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
21:11:47.0796 1148 SPBBCDrv - ok
21:11:47.0875 1148 [ C830007369E18A54AED23B5BB3AFA2BA ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
21:11:48.0015 1148 SPBBCSvc - ok
21:11:48.0062 1148 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:11:48.0078 1148 splitter - ok
21:11:48.0093 1148 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:11:48.0125 1148 Spooler - ok
21:11:48.0171 1148 sprtsvc_dellsupportcenter - ok
21:11:48.0203 1148 [ 1C63FE706AB797BC3C24813FF969B4DE ] Spyder3 C:\WINDOWS\system32\DRIVERS\Spyder3.sys
21:11:48.0218 1148 Spyder3 - ok
21:11:48.0265 1148 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:11:48.0281 1148 sr - ok
21:11:48.0328 1148 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:11:48.0359 1148 srservice - ok
21:11:48.0406 1148 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:11:48.0437 1148 Srv - ok
21:11:48.0484 1148 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:11:48.0515 1148 SSDPSRV - ok
21:11:48.0546 1148 [ 2A2DC39623ADEF8AB3703AB9FAC4B440 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
21:11:48.0656 1148 STHDA - ok
21:11:48.0718 1148 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:11:48.0750 1148 stisvc - ok
21:11:48.0828 1148 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:11:48.0859 1148 stllssvr - ok
21:11:48.0890 1148 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:11:48.0906 1148 swenum - ok
21:11:48.0937 1148 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:11:48.0953 1148 swmidi - ok
21:11:48.0968 1148 SwPrv - ok
21:11:49.0046 1148 [ 8FDAADF204A4F29214DA1B03342E2735 ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
21:11:49.0203 1148 Symantec AntiVirus - ok
21:11:49.0218 1148 symc810 - ok
21:11:49.0234 1148 symc8xx - ok
21:11:49.0250 1148 [ DE6D1102D55926354171AE4E73936725 ] SymEvent C:\Program Files\Symantec\SYMEVENT.SYS
21:11:49.0265 1148 SymEvent - ok
21:11:49.0281 1148 [ 6C0A85982F4E0D672B85A2BFB50A24B5 ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
21:11:49.0312 1148 SYMREDRV - ok
21:11:49.0343 1148 [ CDDA3BA3F7D5B63FF9F85CB478C11473 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
21:11:49.0375 1148 SYMTDI - ok
21:11:49.0375 1148 sym_hi - ok
21:11:49.0390 1148 sym_u3 - ok
21:11:49.0390 1148 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:11:49.0406 1148 sysaudio - ok
21:11:49.0453 1148 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:11:49.0531 1148 SysmonLog - ok
21:11:49.0562 1148 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:11:49.0640 1148 TapiSrv - ok
21:11:49.0718 1148 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:11:49.0781 1148 Tcpip - ok
21:11:49.0843 1148 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:11:49.0906 1148 TDPIPE - ok
21:11:49.0906 1148 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:11:49.0953 1148 TDTCP - ok
21:11:50.0000 1148 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:11:50.0062 1148 TermDD - ok
21:11:50.0140 1148 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:11:50.0359 1148 TermService - ok
21:11:50.0390 1148 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:11:50.0406 1148 Themes - ok
21:11:50.0500 1148 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:11:50.0562 1148 TlntSvr - ok
21:11:50.0562 1148 TosIde - ok
21:11:50.0640 1148 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:11:50.0687 1148 TrkWks - ok
21:11:50.0734 1148 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:11:50.0750 1148 Udfs - ok
21:11:50.0765 1148 ultra - ok
21:11:50.0828 1148 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:11:50.0859 1148 Update - ok
21:11:50.0906 1148 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:11:50.0953 1148 upnphost - ok
21:11:50.0984 1148 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:11:51.0000 1148 UPS - ok
21:11:51.0046 1148 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:11:51.0062 1148 usbccgp - ok
21:11:51.0109 1148 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:11:51.0125 1148 usbehci - ok
21:11:51.0171 1148 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:11:51.0218 1148 usbhub - ok
21:11:51.0281 1148 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:11:51.0296 1148 usbprint - ok
21:11:51.0328 1148 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:11:51.0343 1148 usbscan - ok
21:11:51.0375 1148 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:11:51.0390 1148 USBSTOR - ok
21:11:51.0406 1148 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:11:51.0421 1148 usbuhci - ok
21:11:51.0468 1148 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:11:51.0484 1148 VgaSave - ok
21:11:51.0500 1148 ViaIde - ok
21:11:51.0531 1148 [ 268D33A3CB7C6F255615DE0324595FFB ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:11:51.0546 1148 VolSnap - ok
21:11:51.0609 1148 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:11:51.0656 1148 VSS - ok
21:11:51.0703 1148 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:11:51.0734 1148 W32Time - ok
21:11:51.0765 1148 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:11:51.0781 1148 Wanarp - ok
21:11:51.0828 1148 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:11:51.0843 1148 WDC_SAM - ok
21:11:51.0921 1148 [ 060E8CB99CC0A6751DB5810C042B0D45 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:11:51.0968 1148 Wdf01000 - ok
21:11:51.0968 1148 WDICA - ok
21:11:51.0984 1148 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:11:52.0000 1148 wdmaud - ok
21:11:52.0046 1148 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:11:52.0078 1148 WebClient - ok
21:11:52.0140 1148 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:11:52.0203 1148 winachsf - ok
21:11:52.0296 1148 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:11:52.0359 1148 winmgmt - ok
21:11:52.0406 1148 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:11:52.0421 1148 WmdmPmSN - ok
21:11:52.0468 1148 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:11:52.0500 1148 Wmi - ok
21:11:52.0500 1148 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:11:52.0531 1148 WmiApSrv - ok
21:11:52.0625 1148 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:11:52.0921 1148 WMPNetworkSvc - ok
21:11:52.0953 1148 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:11:52.0984 1148 wscsvc - ok
21:11:53.0015 1148 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:11:53.0031 1148 wuauserv - ok
21:11:53.0078 1148 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:11:53.0093 1148 WudfPf - ok
21:11:53.0125 1148 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:11:53.0140 1148 WudfRd - ok
21:11:53.0171 1148 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:11:53.0203 1148 WudfSvc - ok
21:11:53.0250 1148 [ 790D0A1EFF8CA30776051445D0487CDB ] WUSB54GPV4SRV C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
21:11:53.0281 1148 WUSB54GPV4SRV - ok
21:11:53.0343 1148 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:11:53.0390 1148 WZCSVC - ok
21:11:53.0437 1148 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:11:53.0468 1148 xmlprov - ok
21:11:53.0468 1148 ================ Scan global ===============================
21:11:53.0515 1148 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:11:53.0578 1148 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:11:53.0656 1148 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:11:53.0687 1148 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:11:53.0687 1148 [Global] - ok
21:11:53.0687 1148 ================ Scan MBR ==================================
21:11:53.0734 1148 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:11:53.0984 1148 \Device\Harddisk0\DR0 - ok
21:11:53.0984 1148 ================ Scan VBR ==================================
21:11:54.0000 1148 [ D3514B08CFF14FA9A317658574BC7F76 ] \Device\Harddisk0\DR0\Partition1
21:11:54.0000 1148 \Device\Harddisk0\DR0\Partition1 - ok
21:11:54.0015 1148 [ 37CB77487FE14A35F87C76B67F9784DB ] \Device\Harddisk0\DR0\Partition2
21:11:54.0015 1148 \Device\Harddisk0\DR0\Partition2 - ok
21:11:54.0015 1148 ============================================================
21:11:54.0015 1148 Scan finished
21:11:54.0015 1148 ============================================================
21:11:54.0031 2732 Detected object count: 1
21:11:54.0031 2732 Actual detected object count: 1
21:12:01.0890 2732 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:12:01.0890 2732 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

#4 tcharleschapman

tcharleschapman
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 10 October 2012 - 11:58 PM

*Edit* Scan finished.

narenxp,

Both aswMBR and ESET have been running for well over an hour. aswMBR seems to be moving very slow on folders with very few files and ESET is only at 9% after 1 hour. Should this be going this slow? Both are hung up on the My Documents folder for my wife.

Tom

Edited by tcharleschapman, 11 October 2012 - 07:39 AM.


#5 tcharleschapman

tcharleschapman
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 11 October 2012 - 07:42 AM

aswMBR LOG Report

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-10 21:13:48
-----------------------------
21:13:48.203 OS Version: Windows 5.1.2600 Service Pack 3
21:13:48.203 Number of processors: 2 586 0x409
21:13:48.203 ComputerName: HOME-69417401B6 UserName: Jennifer
21:13:48.890 Initialize success
21:17:23.187 AVAST engine defs: 12101001
21:17:31.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
21:17:31.718 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
21:17:31.750 Disk 0 MBR read successfully
21:17:31.750 Disk 0 MBR scan
21:17:31.921 Disk 0 Windows XP default MBR code
21:17:31.937 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 31 MB offset 63
21:17:31.984 Disk 0 Partition - 00 0F Extended LBA 52446 MB offset 64260
21:17:32.015 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 19053 MB offset 107474850
21:17:32.078 Disk 0 Partition 3 00 DB CP/M / CTOS MSDOS5.0 4753 MB offset 146496735
21:17:32.125 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 52446 MB offset 64323
21:17:32.203 Disk 0 scanning sectors +156232125
21:17:32.359 Disk 0 scanning C:\WINDOWS\system32\drivers
21:17:44.218 File: C:\WINDOWS\system32\drivers\kbdclass.sys **INFECTED** Win32:Alureon-FZ
21:18:00.000 Disk 0 trace - called modules:
21:18:00.015 ntkrnlpa.exe hal.dll CLASSPNP.SYS disk.sys atapi.sys intelide.sys PCIIDEX.SYS
21:18:00.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b95ab8]
21:18:00.015 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86bbcd98]
21:18:01.000 AVAST engine scan C:\WINDOWS
21:18:21.328 AVAST engine scan C:\WINDOWS\system32
21:29:16.421 AVAST engine scan C:\WINDOWS\system32\drivers
21:29:40.937 File: C:\WINDOWS\system32\drivers\kbdclass.sys **INFECTED** Win32:Alureon-FZ
21:30:33.359 AVAST engine scan C:\Documents and Settings\Jennifer
21:39:05.953 File: C:\Documents and Settings\Jennifer\Local Settings\Temp\iqu_bootstrap.exe **INFECTED** Win32:Adware-gen [Adw]
23:35:15.531 AVAST engine scan C:\Documents and Settings\All Users
23:44:14.265 Scan finished successfully
06:37:59.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jennifer\Desktop\MBR.dat"
06:37:59.406 The log file has been saved successfully to "C:\Documents and Settings\Jennifer\Desktop\aswMBR.txt"

ESET LOG Report

C:\Documents and Settings\Jennifer\My Documents\download\infrarecorder.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\Jennifer\My Documents\Downloads\VLC_32.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JEIFFRMN\02[1].htm JS/Kryptik.AP trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JEIFFRMN\02[2].htm JS/Kryptik.AP trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LO4EBKOD\b_hyperbarato_com[1].htm JS/Kryptik.CB trojan cleaned by deleting - quarantined
C:\Program Files\Yontoo Layers Client\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined

Edited by tcharleschapman, 11 October 2012 - 07:42 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:42 AM

Posted 12 October 2012 - 04:15 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#7 tcharleschapman

tcharleschapman
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 12 October 2012 - 06:53 PM

I am running the last scan now. Just so you know, I ran the Malwarebytes a few days ago but I don't have the log for it.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:42 AM

Posted 12 October 2012 - 06:54 PM

Update malwarebytes and run scan again

#9 tcharleschapman

tcharleschapman
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 12 October 2012 - 10:03 PM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.12.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Jennifer :: HOME-69417401B6 [administrator]

11/12/2012 5:26:58 PM
mbam-log-2012-11-12 (17-26-58).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 340971
Time elapsed: 1 hour(s), 55 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{6B674F95-F242-457C-B05C-B0B7492FBD4A}\RP802\A0101250.dll (Adware.Yontoo) -> Quarantined and deleted successfully.

(end)

MiniToolBox by Farbar Version: 23-07-2012
Ran by Jennifer (administrator) on 12-11-2012 at 16:50:12
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : home-69417401b6 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection Physical Address. . . . . . . . . : 00-16-76-9D-3B-FA Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.4 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 Lease Obtained. . . . . . . . . . : Monday, November 12, 2012 3:06:28 PM Lease Expires . . . . . . . . . . : Tuesday, November 13, 2012 3:06:28 PMServer: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.194, 74.125.225.193, 74.125.225.199, 74.125.225.196
74.125.225.192, 74.125.225.200, 74.125.225.198, 74.125.225.206, 74.125.225.201
74.125.225.195, 74.125.225.197

Pinging google.com [74.125.225.192] with 32 bytes of data:Reply from 74.125.225.192: bytes=32 time=15ms TTL=55Reply from 74.125.225.192: bytes=32 time=15ms TTL=55Ping statistics for 74.125.225.192: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 15ms, Maximum = 15ms, Average = 15msServer: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=189ms TTL=48Reply from 98.139.183.24: bytes=32 time=131ms TTL=48Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 131ms, Maximum = 189ms, Average = 160msServer: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 76 9d 3b fa ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.4 192.168.1.4 20
192.168.1.0 255.255.255.0 192.168.1.4 192.168.1.4 20
192.168.1.4 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.4 192.168.1.4 20
224.0.0.0 240.0.0.0 192.168.1.4 192.168.1.4 20
255.255.255.255 255.255.255.255 192.168.1.4 192.168.1.4 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/12/2012 04:10:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 632860

Error: (11/12/2012 04:10:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 632860

Error: (11/12/2012 04:10:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2012 04:10:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 617235

Error: (11/12/2012 04:10:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 617235

Error: (11/12/2012 04:10:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2012 03:06:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30171203

Error: (11/12/2012 03:06:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30171203

Error: (11/12/2012 03:06:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2012 06:36:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26950093


System errors:
=============
Error: (11/12/2012 03:06:47 PM) (Source: W32Time) (User: )
Description: The time service has detected that the system time needs to be
changed by -2682003 seconds. The time service will not change the system
time by more than -54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.4:123->65.55.21.20:123) is working properly.

Error: (11/12/2012 06:36:23 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (11/12/2012 06:36:23 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (11/12/2012 06:36:18 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (11/12/2012 06:36:18 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (11/11/2012 07:06:57 AM) (Source: Service Control Manager) (User: )
Description: The Network Security service terminated with the following error:
%%126

Error: (11/10/2012 11:20:02 PM) (Source: W32Time) (User: )
Description: The time service has detected that the system time needs to be
changed by -2682010 seconds. The time service will not change the system
time by more than -54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.4:123->65.55.21.23:123) is working properly.

Error: (11/10/2012 09:51:03 PM) (Source: Service Control Manager) (User: )
Description: The Symantec AntiVirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/10/2012 08:53:09 PM) (Source: System Error) (User: )
Description: Error code 100000d1, parameter1 873a3000, parameter2 000000ff, parameter3 00000000, parameter4 f7808bb2.

Error: (11/10/2012 08:51:31 PM) (Source: Service Control Manager) (User: )
Description: The Network Security service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (11/12/2012 04:10:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 632860

Error: (11/12/2012 04:10:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 632860

Error: (11/12/2012 04:10:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2012 04:10:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 617235

Error: (11/12/2012 04:10:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 617235

Error: (11/12/2012 04:10:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2012 03:06:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30171203

Error: (11/12/2012 03:06:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30171203

Error: (11/12/2012 03:06:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2012 06:36:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26950093


=========================== Installed Programs ============================

Actiontec Gateway
Adobe AIR (Version: 2.7.1.19610)
Adobe Community Help (Version: 3.4.980)
Adobe Digital Editions
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Flash Player ActiveX (Version: 9.0.124.0)
Adobe Photoshop Lightroom 3.2 (Version: 3.2.1)
Adobe Reader 9.5.1 (Version: 9.5.1)
Akamai NetSession Interface Service
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Auto Gordian Knot 2.55 (Version: 2.55)
AviSynth 2.5
Bonjour (Version: 3.0.0.10)
Broadcom 440x 10/100 Integrated Controller (Version: 8.06.07)
Broadcom Gigabit Integrated Controller (Version: 9.02.06)
CCleaner (Version: 3.03)
Comcast Desktop Software (v1.2.0.9) (Version: 23)
Conexant D850 56K V.9x DFVc Modem
Convert AVI to MP4
Critical Update for Windows Media Player 11 (KB959772)
DAEMON Tools Lite (Version: 4.45.1.0236)
Dell Resource CD (Version: 1.10.0000)
Dell Support Center (Support Software) (Version: 2.2.08335)
Dolet Light for Finale (Version: 1.0.1)
DVD Decrypter (Remove Only)
Facebook Plug-In
GemMaster Mystic
Google Chrome (Version: 22.0.1229.94)
Google Photos Screensaver (Version: 2.0.0)
Google Update Helper (Version: 1.3.21.123)
Google Updater (Version: 2.4.2432.1652)
HandBrake 0.9.5 (Version: 0.9.5)
Hero Lab 4.0b (Version: 4.0b)
InfraRecorder
InstallIQ Updater (Version: 1.4.2.0)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4299)
Intel® PRO Network Connections Drivers
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 6 Update 4 (Version: 1.6.0.40)
Java™ 6 Update 5 (Version: 1.6.0.50)
JD Secure 3.1
LiveUpdate 3.1 (Symantec Corporation) (Version: 3.1.0.99)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2 (Version: 9.00.3821)
Microsoft Office XP Media Content (Version: 10.0.2619.0)
Microsoft Office XP Standard (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Move Media Player
Mozilla Firefox (3.6.20) (Version: 3.6.20 (en-US))
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Netflix Movie Viewer (Version: 1.2.211)
Nikon Message Center (Version: 0.92.000)
Nikon RAW Codec (Version: 1.00.0000)
Nikon Transfer (Version: 1.1.1)
Norton Security Scan (Symantec Corporation) (Version: 2.0.0)
Norton Security Scan (Version: 2.0.0)
Otto
PDFCreator (Version: 1.2.0)
PhotoScape
Picture Control Utility (Version: 1.1.2)
Picture Package Music Transfer (Version: 1.1.00.11270)
PowerDVD (Version: 7.0)
POWERPREP II (Version: 1.00.0000)
QuickConnect (Version: 3.6)
QuickTime (Version: 7.71.80.42)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.117)
Roxio Update Manager (Version: 3.0.0)
Secunia PSI (2.0.0.3003)
SES Driver (Version: 1.0.0)
SigmaTel Audio (Version: 5.10.4600.0)
Sonic Activation Module (Version: 1.0)
Sonic Encoders (Version: 1.00)
Spyder3Express
Symantec AntiVirus (Version: 10.1.5000.5)
Transcribe! 8.10 (Version: 8.10)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
ViewNX (Version: 1.1.1)
VobSub v2.23 (Remove Only)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
Xvid 1.2.2 final uninstall (Version: 1.2)
Yahoo! Anti-Spy
Yontoo Layers Client 1.10.01 (Version: 1.10.01)

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 1014.07 MB
Available physical RAM: 441.34 MB
Total Pagefile: 2442.22 MB
Available Pagefile: 1745.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:51.22 GB) (Free:10.99 GB) NTFS
2 Drive d: (Backup) (Fixed) (Total:18.61 GB) (Free:17.52 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-69417401B6

Administrator ASPNET Guest
HelpAssistant Jennifer SUPPORT_388945a0

========================= Restore Points ==================================

15-08-2012 13:56:44 Software Distribution Service 3.0
18-08-2012 19:23:59 System Checkpoint
20-08-2012 21:42:04 System Checkpoint
22-08-2012 01:54:08 System Checkpoint
23-08-2012 17:26:13 System Checkpoint
25-08-2012 17:23:51 System Checkpoint
28-08-2012 00:11:50 System Checkpoint
30-08-2012 02:49:45 System Checkpoint
31-08-2012 13:52:07 System Checkpoint
02-09-2012 16:57:25 System Checkpoint
03-09-2012 18:23:59 System Checkpoint
05-09-2012 01:34:09 System Checkpoint
06-09-2012 19:20:00 System Checkpoint
07-09-2012 23:00:22 System Checkpoint
09-09-2012 16:56:50 System Checkpoint
12-09-2012 13:58:42 Software Distribution Service 3.0
13-09-2012 17:08:38 System Checkpoint
15-09-2012 03:51:45 System Checkpoint
16-09-2012 18:42:10 System Checkpoint
17-09-2012 21:15:31 System Checkpoint
19-09-2012 01:13:18 System Checkpoint
22-09-2012 13:53:22 Software Distribution Service 3.0
27-09-2012 23:34:31 System Checkpoint
29-09-2012 16:57:23 System Checkpoint
01-10-2012 02:34:08 System Checkpoint
02-10-2012 15:25:18 System Checkpoint
06-10-2012 04:38:32 System Checkpoint
08-10-2012 03:44:58 System Checkpoint
11-11-2012 13:37:40 Software Distribution Service 3.0
12-11-2012 22:27:22 System Checkpoint

**** End of log ****

Farbar Service Scanner Version: 07-10-2012
Ran by Jennifer (administrator) on 12-11-2012 at 16:50:23
Running from "C:\Documents and Settings\Jennifer\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000080000000600000007000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

# AdwCleaner v2.004 - Logfile created 11/12/2012 at 16:52:02
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jennifer - HOME-69417401B6
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jennifer\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6A87B991-A31F-4130-AE72-6D0C294BF082}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E908B145-C847-4E85-B315-07E2E70DECF8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A87B991-A31F-4130-AE72-6D0C294BF082}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E908B145-C847-4E85-B315-07E2E70DECF8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.20 (en-US)

Profile name : default
File : C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\m83kyjh6.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3974 octets] - [12/11/2012 16:52:02]

########## EOF - C:\AdwCleaner[S1].txt - [4034 octets] ##########

Junkware Removal Tool (JRT) by Thisisu
Version: 1.5.1 (10.12.2012)
OS: Microsoft Windows XP x86
Ran by Jennifer on Mon 11/12/2012 at 16:48:32.54
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] "hkey_local_machine\software\freeze.com"



*** Files: 0 Detections



*** Folders:

Successfully deleted: [FOLDER] "C:\Documents and Settings\All Users\application data\trymedia"



*** FireFox detected and repaired

Failed to delete: [bing-zugo.xml] from "C:\Program Files\mozilla firefox\searchplugins"


*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Mon 11/12/2012 at 17:16:01.73
End of Report

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:42 AM

Posted 12 October 2012 - 10:15 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#11 tcharleschapman

tcharleschapman
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 13 October 2012 - 07:26 AM

RKILL Log

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/13/2012 06:16:34 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\LxrJD31s.exe (PID: 2360) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\kbdclass.sys [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys : 24,576 : 08/10/2004 00:00 AM :

ebdee8a2ee5393890a1acee971c4c246 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys : 24,576 : 04/14/2008 00:09 AM :

463c1ec80cd17420a542b7f36a36f128 [Pos Repl]

* C:\WINDOWS\System32\drivers\volsnap.sys [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys : 52,352 : 08/10/2004 00:00 AM :

ee4660083deba849ff6c485d944b379b [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\volsnap.sys : 52,352 : 04/14/2008 00:11 AM :

4c8fcb5cc53aab716d810740fe59d025 [Pos Repl]

Checking HOSTS File:

* No issues found.

Program finished at: 11/13/2012 06:20:06 AM
Execution time: 0 hours(s), 3 minute(s), and 31 seconds(s)

Autoruns Log

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "DellSupportCenter" "" "SupportSoft, Inc." "c:\program files\dell support center\bin\sprtcmd.exe"
+ "dscactivate" " " " " "c:\program files\dell support center\gs_agent\custom\dsca.exe"
+ "Google Updater" "Google Updater" "Google" "c:\program files\google\google updater\googleupdater.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Microsoft Office.lnk" "Microsoft Office XP component" "Microsoft Corporation" "c:\program files\microsoft office\office10\osa.exe"
+ "Nikon Monitor.lnk" "Nikon Transfer Monitor" "Nikon Corporation" "c:\program files\common files\nikon\monitor\nkmonitor.exe"
+ "Spyder3Utility.lnk" "" "" "c:\program files\datacolor\spyder3express\utility\spyder3utility.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Akamai NetSession Interface" "Akamai NetSession Client" "Akamai Technologies, Inc." "c:\documents and settings\jennifer\local settings\application data\akamai\netsession_win.exe"
+ "Corel Photo Downloader" "" "" "File not found: C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe"
+ "InstallIQUpdater" "InstallIQ Updater" "W3i, LLC" "c:\program files\w3i\installiqupdater\installiqupdater.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\common files\symantec shared\ssc\vpshell2.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "Roxio DragToDisc Shell Extension" "DirectCD Shell Extention DLL" "Roxio" "c:\program files\roxio\drag-to-disc\shellex.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Roxio DragToDisc Shell Extension" "DirectCD Shell Extention DLL" "Roxio" "c:\program files\roxio\drag-to-disc\shellex.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\common files\symantec shared\ssc\vpshell2.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "Google Software Updater.job" "gusvc" "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "Norton Security Scan for Jennifer.job" "Norton Security Scan" "Symantec Corporation" "c:\program files\norton security scan\nss.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "6to4" "Windows Power Management Service" "" "File not found: C:\WINDOWS\system32\6to4v32.dll"
+ "Akamai" "Provides networking protocol and file transfer technologies. If the service is stopped, those applications that depend on the service may fail to transfer files or otherwise function properly." "Akamai Technologies, Inc." "c:\program files\common files\akamai/netsession_win_5891ae0.dll"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "ccEvtMgr" "Event propagation and logging service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccevtmgr.exe"
+ "ccSetMgr" "Settings storage and management service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccsetmgr.exe"
+ "DefWatch" "Monitors and maintains virus definitions." "Symantec Corporation" "c:\program files\symantec antivirus\defwatch.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "LiveUpdate" "LiveUpdate Core Engine" "Symantec Corporation" "c:\program files\symantec\liveupdate\lucomserver_3_1.exe"
+ "LxrJD31s" "" "" "c:\windows\system32\lxrjd31s.exe"
+ "RoxMediaDB9" "Roxio RoxMediaDB9 Service" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\sharedcom\roxmediadb9.exe"
+ "RoxWatch9" "RoxSniffer9 Module" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\sharedcom\roxwatch9.exe"
+ "SavRoam" "Symantec AntiVirus Roaming Service" "symantec" "c:\program files\symantec antivirus\savroam.exe"
+ "Secunia PSI Agent" "Performs routine software inspections of the system, the results of which can be seen in your Secunia Customer Area account" "Secunia" "c:\program files\secunia\psi\psia.exe"
+ "Secunia Update Agent" "Performs routine software inspections of the system, the results of which can be seen in your Secunia Customer Area account" "Secunia" "c:\program files\secunia\psi\sua.exe"
+ "SNDSrvc" "Symantec Network Drivers Service" "Symantec Corporation" "c:\program files\common files\symantec shared\sndsrvc.exe"
+ "SPBBCSvc" "Symantec SPBBC" "Symantec Corporation" "c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe"
+ "sprtsvc_dellsupportcenter" "SupportSoft Sprocket Service" "SupportSoft, Inc." "c:\program files\dell support center\bin\sprtsvc.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
+ "Symantec AntiVirus" "Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus." "Symantec Corporation" "c:\program files\symantec antivirus\rtvscan.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "cercsr6" "DELL CERC SATA1.5/6ch Miniport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\cercsr6.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "DLABMFSM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dlabmfsm.sys"
+ "DLABOIOM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dlaboiom.sys"
+ "DLACDBHM" "Shared Driver Component" "Roxio" "c:\windows\system32\drivers\dlacdbhm.sys"
+ "DLADResM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dladresm.sys"
+ "DLAIFS_M" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dlaifs_m.sys"
+ "DLAOPIOM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dlaopiom.sys"
+ "DLAPoolM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dlapoolm.sys"
+ "DLARTL_M" "Shared Driver Component" "Roxio" "c:\windows\system32\drivers\dlartl_m.sys"
+ "DLAUDF_M" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dlaudf_m.sys"
+ "DLAUDFAM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\dla\dlaudfam.sys"
+ "DRVMCDB" "Device Driver" "Sonic Solutions" "c:\windows\system32\drivers\drvmcdb.sys"
+ "DRVNDDM" "Device Driver Manager" "Roxio" "c:\windows\system32\drivers\drvnddm.sys"
+ "dtsoftbus01" "DAEMON Tools Virtual Bus Driver" "DT Soft Ltd" "c:\windows\system32\drivers\dtsoftbus01.sys"
+ "E100B" "Intel® PRO/100 Adapter NDIS 5.1 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eectrl.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "gtkvq" "" "" "c:\windows\system32\drivers\mxjnekt.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "hitmanpro35" "Hitman Pro 3.5 Support Driver" "" "c:\windows\system32\drivers\hitmanpro35.sys"
+ "HSF_DP" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dp.sys"
+ "HSFHWBS2" "HSF_HWB2 WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwbs2.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\ialmnt5.sys"
+ "Kbdclass" "" "" "c:\windows\system32\drivers\kbdclass.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "LxrJD31d" "" "" "c:\windows\system32\drivers\lxrjd31d.sys"
+ "mdmxsdk" "Diagnostic Interface DRIVER" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\program files\common files\symantec shared\virusdefs\20121011.002\naveng.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\program files\common files\symantec shared\virusdefs\20121011.002\navex15.sys"
+ "OMCI" "" "" "File not found: C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "PSI" "PSI mini-filter driver" "Secunia" "c:\windows\system32\drivers\psi_mf.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "SAVRT" "AutoProtect" "Symantec Corporation" "c:\program files\symantec antivirus\savrt.sys"
+ "SAVRTPEL" "SAVRTPEL" "Symantec Corporation" "c:\program files\symantec antivirus\savrtpel.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SPBBCDrv" "SPBBC Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys"
+ "Spyder3" "Spyder3 USB Driver 1.0-1" "" "c:\windows\system32\drivers\spyder3.sys"
+ "STHDA" "NDRC" "SigmaTel, Inc." "c:\windows\system32\drivers\sthda.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\program files\symantec\symevent.sys"
+ "SYMREDRV" "Redirector Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symredrv.sys"
+ "SYMTDI" "Network Dispatch Driver" "Symantec Corporation" "c:\windows\system32\drivers\symtdi.sys"
+ "VolSnap" "" "" "c:\windows\system32\drivers\volsnap.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
+ "WUSB54GPV4SRV" "Sample Driver for Ralink 802.11g Wireless USB Adapters" "Ralink Technology Inc." "c:\windows\system32\drivers\rt2500usb.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "VIDC.YV12" "" "" "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Sonic MP4 Demultiplexer" "Sonic MP4 Demultiplexer" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicmp4demux.ax"
+ "Sonic MP4 Demultiplexer" "Sonic MP4 Demultiplexer" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicmp4demux.ax"
+ "Sonic Solutions AMR Decoder" "Sonic Solutions AMR Decoder" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicamrd.ax"
+ "Sonic Solutions AMR Decoder" "Sonic Solutions AMR Decoder" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicamrd.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder (PDVD7DX)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect (PDVD7DX)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Wizard (PDVD7DX)" "" "" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter (PDVD7DX)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer (PDVD7DX)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator (PDVD7DX)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter (PDVD7DX)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor (PDVD7DX)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (PDVD7DX)" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Video Effect (PDVD7DX)" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder (PDVD7DX)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "DirectVobSub" "DirectVobSub" "Gabest" "c:\windows\system32\dvobsub.ax"
+ "DirectVobSub (auto-loading version)" "DirectVobSub" "Gabest" "c:\windows\system32\dvobsub.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "LVMWriter" "LVMWriter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\lvmwriter.ax"
+ "MainConcept (Nikon) MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikondsmpeg.ax"
+ "MainConcept (Nikon) MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikonesmpeg.ax"
+ "MainConcept (Nikon) MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikondsmpeg.ax"
+ "MainConcept (Sonic) DV Video Decoder" "DirectShow DV Video Encoder and Decoder" "MainConcept AG (Sonic)" "c:\program files\roxio\roxio mydvd de\videocore 9\sonicmcdsdv.ax"
+ "MainConcept (Sonic) DV Video Encoder" "DirectShow DV Video Encoder and Decoder" "MainConcept AG (Sonic)" "c:\program files\roxio\roxio mydvd de\videocore 9\sonicmcdsdv.ax"
+ "Media Analyser" "analyse Filter (Sample)" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\mediaanalyser.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee WAV Encoder" "mvWavEncoder Filter (Sample)" "Microsoft Corporation" "c:\program files\common files\muvee technologies\030625\mvwavenc.ax"
+ "PSI Parser" "" "" "c:\program files\roxio\roxio mydvd de\videocore 9\psiparser.ax"
+ "QuickTime Source Filter" "QuickTimeSource Module" "" "c:\program files\common files\muvee technologies\030625\quicktimesource.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Roxio Audio Decoder (DVD)" "ROXIO Audio Decoder" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxiodvdaudio.dll"
+ "ROXIO Audio Source 3.0" "VW Audio Source" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\audiosrc.ax"
+ "ROXIO Audio VCFChunker 3.0" "Chunker Filter (Sample)" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\chunker.ax"
+ "ROXIO Audio VCFLooper 3.0" "Looper Filter (Sample)" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\looper.ax"
+ "ROXIO AudioConvert 3.0" "AudioConvert Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\audconv.ax"
+ "ROXIO AudioGrabber 3.0" "VideoWave Frame Grabber" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\thumbnailgraber.ax"
+ "ROXIO ColorSpace Converter 3.0" "ROXIO Color Space Converter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\colorspconv.dll"
+ "ROXIO CrossGraphEx Renderer 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\crossgraphex.ax"
+ "ROXIO CrossGraphEx Source 3.0" "CrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\crossgraphex.ax"
+ "roxio DCFilters Audio Sync Filter 2" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "roxio DCFilters Dragons Lair" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "roxio DCFilters DVD Muxer" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "roxio DCFilters DVDStream Reader" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "roxio DCFilters DVDStream Splitter" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "roxio DCFilters Mpeg I/II Decoder" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "roxio DCFilters Smart Resizer" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "roxio DCFilters Subpicture Mixer" "roxio DiscCopier DirectShow Filter Collection" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\dllshared\dcfilters9.dll"
+ "ROXIO Deinterlace 3.0" "Video Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\deinter.ax"
+ "ROXIO DVDCrossGraphEx Renderer 3.0" "DVDCrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\dvdcrossgraphex.ax"
+ "ROXIO DVDCrossGraphEx Source 3.0" "DVDCrossGraphEx.ax" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\dvdcrossgraphex.ax"
+ "ROXIO Image/Colour Source 3.0" "Colour Frame Source" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\imagesource.ax"
+ "ROXIO ListImage Source 3.0" "ListFrameSource" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\listimagesource.ax"
+ "ROXIO LPCMSyncFilter" "LPCMSync Filter" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\lpcmsyncfilter.dll"
+ "Roxio LVM File Source (Async.)" "LVMAsync" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\lvmasync.ax"
+ "Roxio MPEG Analyzer Filter" "MPEG File Analyzer Dynamic Link Library" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxiompegprop.dll"
+ "Roxio MPEG Stream Analyzer" "Roxio MPEG Stream Splitter" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpegstreamanalyzer.dll"
+ "Roxio MPEG1 Audio Encoder" "ROXIO MPEG Audio Encoder" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxioaudioenc.dll"
+ "Roxio MPEG1 Encoder" "ROXIO MPEG1 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg1vidcodec.dll"
+ "Roxio MPEG1 Muxer" "ROXIO MPEG MUXER" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg1muxer.dll"
+ "Roxio MPEG2 Demuxer" "ROXIO MPEG Demuxer" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxiompegdemuxer.dll"
+ "Roxio MPEG2 Encoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "Roxio MPEG2 Muxer" "ROXIO MPEG MUXER" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2muxer.dll"
+ "Roxio MPEG2 Video Decoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "ROXIO Pan Zoom 3.0" "Video Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\panzoom.ax"
+ "ROXIO Pin Tee" "" "" "c:\program files\roxio\roxio mydvd de\videocore 9\roxioinftee.ax"
+ "Roxio Plasma CrossGraph Renderer" "MGICGFilter.ax" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\plasmacgfilter.ax"
+ "Roxio Plasma CrossGraph Source" "MGICGFilter.ax" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\plasmacgfilter.ax"
+ "ROXIO QT Source" "QuickTime Loader" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\qtsource.ax"
+ "ROXIO QuickGrabber 3.0" "VideoWave Frame Grabber" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\thumbnailgraber.ax"
+ "ROXIO Raw Writer" "ROXIO Raw Writer" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mgirawwriter.dll"
+ "Roxio Repack Filter" "Repack Filter" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\repackfilter.dll"
+ "ROXIO Scene Detector 3.0" "Video Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\scenedetector.ax"
+ "ROXIO SceneRecorder 1.0" "DVR support filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\scenerecorderfilt.ax"
+ "ROXIO Simple Dump 3.0" "Simple Dump Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\rxsimpledump.ax"
+ "Roxio Smart Decoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "Roxio Smart Encoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "ROXIO SpyPos 3.0" "Null-In-Place (Sample)" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\mginullip.ax"
+ "ROXIO ThumbnailGrabber 3.0" "VideoWave Frame Grabber" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\thumbnailgraber.ax"
+ "Roxio Transport Stream Source" "ListFrameSource" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\tsmpegsource.dll"
+ "ROXIO VCFAudioMixer 3.0" "AudioFlt Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\audmf.ax"
+ "ROXIO VCFDvrSupport 3.0" "DVR support filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\dvrsupportfilt.ax"
+ "ROXIO VCFDVSceneDetect 1.0" "DVR support filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\dvscenedetectfilt.ax"
+ "ROXIO VCFLatency 3.0" "Latency Filter (Sample)" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\latency.ax"
+ "ROXIO VCFpeakmeter 3.0" "Peakmeter Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\peakmeter.ax"
+ "ROXIO VCFVideoCutList 3.0" "Video CutList Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\vcutlist.ax"
+ "ROXIO VCFWaveform 1.0" "Waveform Filter (Sample)" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\waveform.ax"
+ "ROXIO Video Resampler 3.0" "Video Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\vresamfilt.ax"
+ "ROXIO Video VCFLooper 3.0" "Video Looper Filter (Sample)" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\vlooper.ax"
+ "ROXIO VideoCombine 3.0" "Video Effect Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\videocombine.ax"
+ "Roxio VOB Formatter" "VOBFormatter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\vobformatter.ax"
+ "Roxio Vob Loader" "VOBLoader" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\vobloader.ax"
+ "ROXIO WAV Dest 3.0" "MGI Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\wavhead.ax"
+ "Sewer" "MVWcDSutil" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\mvwcdsutil.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Sonic MP4 Demultiplexer" "Sonic MP4 Demultiplexer" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicmp4demux.ax"
+ "Sonic MPEG Audio Decoder" "MPEG Video and Audio Decoder" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicdsmpeg.ax"
+ "Sonic MPEG Video Decoder" "MPEG Video and Audio Decoder" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicdsmpeg.ax"
+ "Sonic MPEG-2 Video Decoder" "MPEG-2 Video Decoder" "Sonic Solutions Inc" "c:\program files\common files\sonic shared\sonicmc01\sonicm2vd.ax"
+ "Sonic MPEG-4 Video Decoder" "Sonic Mpeg-4 Video Decoder" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicm4vd.ax"
+ "Sonic Solutions AMR Decoder" "Sonic Solutions AMR Decoder" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicamrd.ax"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SubPicture Encoder" "ROXIO SubPicture Encoder" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\subpictenc.dll"
+ "Subtitle Source" "DirectVobSub" "Gabest" "c:\windows\system32\dvobsub.ax"
+ "VCG Null Renderer 3.0" "" "" "c:\program files\roxio\roxio mydvd de\videocore 9\videocompositing.ax"
+ "VCG Video Mixer 3.0" "" "" "c:\program files\roxio\roxio mydvd de\videocore 9\videocompositing.ax"
+ "VCGImageSource" "" "" "c:\program files\roxio\roxio mydvd de\videocore 9\videocompositing.ax"
+ "VMR9 Wrapper 3.0" "" "" "c:\program files\roxio\roxio mydvd de\videocore 9\videocompositing.ax"
+ "VW Input Selector" "Video Effect Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\inputselector.ax"
+ "VW Input Selector 2" "Video Effect Filter" "Sonic Solutions" "c:\program files\roxio\roxio mydvd de\videocore 9\inputselector.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
+ "{1AD512C6-24AF-4395-82B4-2D3CF21F44A2}" "Roxio MP3 Encoder Dynamic Link Library" "Roxio" "c:\program files\common files\roxio shared\9.0\sharedcom\rxdsaudiostreamwriter.ax"
+ "{472C92F0-5438-423D-9B30-FD2932EA44EE}" "Roxio Audio Source Filter" "Microsoft Corporation" "c:\program files\common files\roxio shared\9.0\sharedcom\rxdsaudiosource.ax"
+ "{58FF69ED-8388-483B-B9AC-3EB04BBEB913}" "Roxio Audio Stream Reader Filter" "Microsoft Corporation" "c:\program files\common files\roxio shared\9.0\sharedcom\rxdsaudiostreamreader.ax"
"HKLM\Software\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" ""
+ "Nikon .NEF Raw File Encoder" "Nikon Vista Codec" "Nikon, Inc." "c:\windows\system32\nefcodec.dll"
"HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" ""
+ "Nikon .NEF Raw File Decoder" "Nikon Vista Codec" "Nikon, Inc." "c:\windows\system32\nefcodec.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\WINDOWS\system32\tekijuze.dll C:\WINDOWS\system32\dazeneho.dll C:\WINDOWS\system32\vujanumi.dll c:\windows\system32\kemuboti.dll" "" "" "File not found: C:\WINDOWS\system32\tekijuze.dll C:\WINDOWS\system32\dazeneho.dll C:\WINDOWS\system32\vujanumi.dll c:\windows\system32\kemuboti.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
+ "NavLogon" "Symantec AntiVirus Logon Notification" "Symantec Corporation" "c:\windows\system32\navlogon.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "PDFCreator" "" "" "c:\windows\system32\pdfcmnnt.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
+ "C:\WINDOWS\system32\dazeneho.dll" "" "" "File not found: C:\WINDOWS\system32\dazeneho.dll"
+ "C:\WINDOWS\system32\tekijuze.dll" "" "" "File not found: C:\WINDOWS\system32\tekijuze.dll"
+ "C:\WINDOWS\system32\vujanumi.dll" "" "" "File not found: C:\WINDOWS\system32\vujanumi.dll"

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:42 AM

Posted 13 October 2012 - 07:49 AM

Download

System look

Launch it and copy this script in search box
:filefind
kbdclass.sys

Click on LOOK,post the generated log

#13 tcharleschapman

tcharleschapman
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 13 October 2012 - 10:02 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 08:56 on 13/11/2012 by Jennifer
Administrator - Elevation successful

========== filefind ==========

Searching for "kbdclass.sys"
C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys -----c- 24576 bytes [21:50 07/07/2008] [11:00 10/08/2004] EBDEE8A2EE5393890A1ACEE971C4C246
C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys -----c- 24576 bytes [21:55 07/07/2008] [06:09 14/04/2008] 463C1EC80CD17420A542B7F36A36F128
C:\WINDOWS\system32\drivers\kbdclass.sys --a---- 24576 bytes [11:00 10/08/2004] [04:43 01/02/2011] CCFEF7298ED6EBE1A94844D639FE7AA0

-= EOF =-

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:42 AM

Posted 13 October 2012 - 10:26 AM

Please open a notepad,copy the following


@ECHO OFF
COPY /Y C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys C:\WINDOWS\system32\drivers
DEL %0

Click on File>Save as

filename:ipsec.bat
save as type:All types

Run the BAT file

Run system look and ASWMBR again and post the new logs

#15 tcharleschapman

tcharleschapman
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 13 October 2012 - 12:30 PM

I'm finishing up the second run of aswMBR. While it is running, though, I got a pop-up saying that Autoprotect had found and deleted about 8 trojans. Not sure if that will help with anything but I thought I would include it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users