Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans


  • Please log in to reply
11 replies to this topic

#1 mordor61

mordor61

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 26 October 2012 - 09:40 AM

Hi, newbie here running windows xp 32 bit home edition. Need help removing numerous trojans: trojan.gen, trojan.Gen.2 & zeroaccessb.

Love the site you all ROCK! and would appreciate any help given.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:51 PM

Posted 26 October 2012 - 09:43 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 mordor61

mordor61
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 26 October 2012 - 02:31 PM

here are the logs.




11:09:26.0437 3228 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
11:09:26.0875 3228 ============================================================
11:09:26.0875 3228 Current date / time: 2012/10/26 11:09:26.0875
11:09:26.0875 3228 SystemInfo:
11:09:26.0875 3228
11:09:26.0875 3228 OS Version: 5.1.2600 ServicePack: 3.0
11:09:26.0875 3228 Product type: Workstation
11:09:26.0875 3228 ComputerName: CATHY
11:09:26.0875 3228 UserName: Cathy Boroskey
11:09:26.0875 3228 Windows directory: C:\WINDOWS
11:09:26.0875 3228 System windows directory: C:\WINDOWS
11:09:26.0875 3228 Processor architecture: Intel x86
11:09:26.0875 3228 Number of processors: 1
11:09:26.0875 3228 Page size: 0x1000
11:09:26.0875 3228 Boot type: Normal boot
11:09:26.0875 3228 ============================================================
11:09:30.0578 3228 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:09:30.0656 3228 ============================================================
11:09:30.0656 3228 \Device\Harddisk0\DR0:
11:09:30.0656 3228 MBR partitions:
11:09:30.0656 3228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x7D82, BlocksNum 0x449367C
11:09:30.0656 3228 ============================================================
11:09:30.0703 3228 C: <-> \Device\Harddisk0\DR0\Partition1
11:09:30.0703 3228 ============================================================
11:09:30.0703 3228 Initialize success
11:09:30.0703 3228 ============================================================
11:10:20.0921 2760 ============================================================
11:10:20.0921 2760 Scan started
11:10:20.0921 2760 Mode: Manual; TDLFS;
11:10:20.0921 2760 ============================================================
11:10:22.0218 2760 ================ Scan system memory ========================
11:10:24.0546 2760 System memory - ok
11:10:24.0546 2760 ================ Scan services =============================
11:10:24.0812 2760 [ 35723C5D6CFA1166984AAC1CB35F6B53 ] 5689 C:\DOCUME~1\CATHYB~1\LOCALS~1\Temp\5689.sys
11:10:24.0890 2760 5689 - ok
11:10:25.0031 2760 Abiosdsk - ok
11:10:25.0093 2760 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:10:25.0171 2760 abp480n5 - ok
11:10:25.0234 2760 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:10:25.0234 2760 ACPI - ok
11:10:25.0265 2760 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:10:25.0328 2760 ACPIEC - ok
11:10:25.0359 2760 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:10:25.0421 2760 adpu160m - ok
11:10:25.0468 2760 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:10:25.0500 2760 aec - ok
11:10:25.0562 2760 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:10:25.0671 2760 AFD - ok
11:10:25.0718 2760 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
11:10:25.0765 2760 agp440 - ok
11:10:25.0828 2760 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:10:25.0859 2760 agpCPQ - ok
11:10:25.0921 2760 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:10:25.0937 2760 Aha154x - ok
11:10:26.0000 2760 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:10:26.0031 2760 aic78u2 - ok
11:10:26.0062 2760 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:10:26.0078 2760 aic78xx - ok
11:10:26.0140 2760 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:10:26.0187 2760 Alerter - ok
11:10:26.0218 2760 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:10:26.0250 2760 ALG - ok
11:10:26.0328 2760 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
11:10:26.0468 2760 AliIde - ok
11:10:26.0515 2760 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:10:26.0531 2760 alim1541 - ok
11:10:26.0562 2760 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:10:26.0640 2760 amdagp - ok
11:10:26.0656 2760 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
11:10:26.0703 2760 amsint - ok
11:10:26.0968 2760 [ 8FA646F0E639D9A8C8B98E217D471DC0 ] AOL ACS C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
11:10:27.0093 2760 AOL ACS - ok
11:10:27.0140 2760 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
11:10:27.0296 2760 APPDRV - ok
11:10:27.0312 2760 AppMgmt - ok
11:10:27.0343 2760 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
11:10:27.0390 2760 asc - ok
11:10:27.0406 2760 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:10:27.0437 2760 asc3350p - ok
11:10:27.0453 2760 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:10:27.0578 2760 asc3550 - ok
11:10:27.0640 2760 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
11:10:27.0718 2760 ASCTRM - ok
11:10:27.0859 2760 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
11:10:27.0937 2760 aspnet_state - ok
11:10:27.0984 2760 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:10:28.0000 2760 AsyncMac - ok
11:10:28.0031 2760 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:10:28.0031 2760 atapi - ok
11:10:28.0046 2760 Atdisk - ok
11:10:28.0078 2760 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:10:28.0140 2760 Atmarpc - ok
11:10:28.0203 2760 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:10:28.0218 2760 AudioSrv - ok
11:10:28.0250 2760 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:10:28.0265 2760 audstub - ok
11:10:28.0296 2760 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:10:28.0328 2760 Beep - ok
11:10:28.0390 2760 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
11:10:28.0421 2760 Browser - ok
11:10:28.0437 2760 bvrp_pci - ok
11:10:28.0500 2760 [ CBA8BCE5BF67A3C619D5CE540BED9CF7 ] CamDrL C:\WINDOWS\system32\DRIVERS\Camdrl.sys
11:10:28.0546 2760 CamDrL - ok
11:10:28.0593 2760 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:10:28.0656 2760 cbidf - ok
11:10:28.0671 2760 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:10:28.0671 2760 cbidf2k - ok
11:10:28.0718 2760 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:10:28.0750 2760 CCDECODE - ok
11:10:28.0921 2760 [ 0A6786C95A6F8715AA4285E3C27F201F ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
11:10:28.0937 2760 ccEvtMgr - ok
11:10:29.0015 2760 [ 3B4898CF051BB04FB76E94361E336A83 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
11:10:29.0015 2760 ccSetMgr - ok
11:10:29.0078 2760 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:10:29.0250 2760 cd20xrnt - ok
11:10:29.0265 2760 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:10:29.0296 2760 Cdaudio - ok
11:10:29.0343 2760 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:10:29.0343 2760 Cdfs - ok
11:10:29.0375 2760 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:10:29.0578 2760 Cdrom - ok
11:10:29.0593 2760 Changer - ok
11:10:29.0640 2760 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:10:29.0671 2760 CiSvc - ok
11:10:29.0703 2760 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:10:29.0765 2760 ClipSrv - ok
11:10:29.0781 2760 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:10:29.0812 2760 CmBatt - ok
11:10:29.0875 2760 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:10:29.0953 2760 CmdIde - ok
11:10:29.0984 2760 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:10:29.0984 2760 Compbatt - ok
11:10:30.0000 2760 COMSysApp - ok
11:10:30.0093 2760 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:10:30.0218 2760 Cpqarray - ok
11:10:30.0281 2760 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:10:30.0296 2760 CryptSvc - ok
11:10:30.0328 2760 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:10:30.0390 2760 dac2w2k - ok
11:10:30.0421 2760 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:10:30.0437 2760 dac960nt - ok
11:10:30.0500 2760 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:10:30.0515 2760 DcomLaunch - ok
11:10:30.0656 2760 [ 1F709C66D8AADFF35530C56EE261C462 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
11:10:30.0765 2760 DefWatch - ok
11:10:30.0828 2760 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:10:30.0828 2760 Dhcp - ok
11:10:30.0921 2760 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:10:30.0921 2760 Disk - ok
11:10:30.0921 2760 dmadmin - ok
11:10:30.0984 2760 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:10:31.0125 2760 dmboot - ok
11:10:31.0156 2760 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:10:31.0187 2760 dmio - ok
11:10:31.0218 2760 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:10:31.0234 2760 dmload - ok
11:10:31.0281 2760 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:10:31.0406 2760 dmserver - ok
11:10:31.0421 2760 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:10:31.0468 2760 DMusic - ok
11:10:31.0515 2760 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:10:31.0578 2760 Dnscache - ok
11:10:31.0625 2760 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:10:31.0671 2760 Dot3svc - ok
11:10:31.0703 2760 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:10:31.0734 2760 dpti2o - ok
11:10:31.0765 2760 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:10:31.0796 2760 drmkaud - ok
11:10:31.0859 2760 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:10:32.0125 2760 E100B - ok
11:10:32.0218 2760 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:10:32.0250 2760 EapHost - ok
11:10:32.0312 2760 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:10:32.0437 2760 eeCtrl - ok
11:10:32.0500 2760 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:10:32.0625 2760 EraserUtilRebootDrv - ok
11:10:32.0671 2760 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:10:32.0718 2760 ERSvc - ok
11:10:32.0765 2760 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:10:32.0828 2760 Eventlog - ok
11:10:32.0937 2760 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:10:32.0984 2760 EventSystem - ok
11:10:33.0031 2760 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:10:33.0125 2760 Fastfat - ok
11:10:33.0171 2760 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:10:33.0187 2760 FastUserSwitchingCompatibility - ok
11:10:33.0265 2760 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
11:10:33.0328 2760 Fax - ok
11:10:33.0343 2760 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:10:33.0359 2760 Fdc - ok
11:10:33.0390 2760 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:10:33.0406 2760 Fips - ok
11:10:33.0421 2760 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:10:33.0468 2760 Flpydisk - ok
11:10:33.0531 2760 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:10:33.0546 2760 FltMgr - ok
11:10:33.0578 2760 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:10:33.0640 2760 Fs_Rec - ok
11:10:33.0656 2760 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:10:33.0671 2760 Ftdisk - ok
11:10:33.0718 2760 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:10:33.0828 2760 Gpc - ok
11:10:33.0968 2760 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:10:33.0984 2760 helpsvc - ok
11:10:34.0000 2760 HidServ - ok
11:10:34.0031 2760 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:10:34.0093 2760 HidUsb - ok
11:10:34.0171 2760 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:10:34.0187 2760 hkmsvc - ok
11:10:34.0203 2760 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
11:10:34.0234 2760 hpn - ok
11:10:34.0296 2760 [ 140BA850417896B6B3322048DE280368 ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
11:10:34.0343 2760 HSFHWICH - ok
11:10:34.0421 2760 [ B2DFC168D6F7512FAEA085253C5A37AD ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
11:10:34.0500 2760 HSF_DP - ok
11:10:34.0562 2760 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:10:34.0593 2760 HTTP - ok
11:10:34.0640 2760 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:10:34.0656 2760 HTTPFilter - ok
11:10:34.0703 2760 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
11:10:34.0703 2760 i2omgmt - ok
11:10:34.0750 2760 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:10:34.0765 2760 i2omp - ok
11:10:34.0796 2760 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:10:35.0000 2760 i8042prt - ok
11:10:35.0062 2760 [ D4405BD2B6E95EFDC8E674ED4032874F ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:10:35.0328 2760 ialm - ok
11:10:35.0359 2760 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:10:35.0421 2760 Imapi - ok
11:10:35.0484 2760 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:10:35.0625 2760 ImapiService - ok
11:10:35.0656 2760 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:10:35.0718 2760 ini910u - ok
11:10:35.0765 2760 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:10:35.0781 2760 IntelIde - ok
11:10:35.0828 2760 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:10:35.0906 2760 intelppm - ok
11:10:35.0937 2760 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:10:35.0984 2760 Ip6Fw - ok
11:10:36.0062 2760 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:10:36.0078 2760 IpFilterDriver - ok
11:10:36.0109 2760 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:10:36.0140 2760 IpInIp - ok
11:10:36.0171 2760 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:10:36.0265 2760 IpNat - ok
11:10:36.0312 2760 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:10:36.0390 2760 IPSec - ok
11:10:36.0421 2760 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:10:36.0468 2760 IRENUM - ok
11:10:36.0500 2760 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:10:36.0500 2760 isapnp - ok
11:10:36.0656 2760 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
11:10:36.0750 2760 JavaQuickStarterService - ok
11:10:36.0781 2760 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:10:36.0796 2760 Kbdclass - ok
11:10:36.0812 2760 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:10:36.0921 2760 kbdhid - ok
11:10:37.0015 2760 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:10:37.0015 2760 kmixer - ok
11:10:37.0078 2760 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:10:37.0078 2760 KSecDD - ok
11:10:37.0125 2760 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:10:37.0171 2760 lanmanserver - ok
11:10:37.0234 2760 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:10:37.0250 2760 lanmanworkstation - ok
11:10:37.0265 2760 lbrtfdc - ok
11:10:37.0546 2760 [ FC38B32BFC5F750FF3A5C527F946582B ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
11:10:37.0750 2760 LiveUpdate - ok
11:10:37.0796 2760 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:10:37.0906 2760 LmHosts - ok
11:10:37.0968 2760 [ 90259F3A20FBAEC1A08D74EF5415B9D8 ] LVUSBSta C:\WINDOWS\system32\drivers\lvusbsta.sys
11:10:37.0968 2760 LVUSBSta - ok
11:10:37.0984 2760 lxbx_device - ok
11:10:38.0015 2760 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:10:38.0109 2760 mdmxsdk - ok
11:10:38.0140 2760 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:10:38.0203 2760 Messenger - ok
11:10:38.0250 2760 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:10:38.0265 2760 mnmdd - ok
11:10:38.0343 2760 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:10:38.0390 2760 mnmsrvc - ok
11:10:38.0421 2760 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:10:38.0546 2760 Modem - ok
11:10:38.0578 2760 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:10:38.0609 2760 Mouclass - ok
11:10:38.0625 2760 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:10:38.0671 2760 mouhid - ok
11:10:38.0718 2760 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:10:38.0718 2760 MountMgr - ok
11:10:38.0765 2760 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:10:38.0781 2760 mraid35x - ok
11:10:38.0875 2760 MREMP50 - ok
11:10:38.0890 2760 MRESP50 - ok
11:10:38.0937 2760 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:10:38.0937 2760 MRxDAV - ok
11:10:39.0078 2760 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:10:39.0093 2760 MRxSmb - ok
11:10:39.0171 2760 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:10:39.0312 2760 MSDTC - ok
11:10:39.0328 2760 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:10:39.0343 2760 Msfs - ok
11:10:39.0343 2760 MSIServer - ok
11:10:39.0375 2760 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:10:39.0390 2760 MSKSSRV - ok
11:10:39.0437 2760 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:10:39.0484 2760 MSPCLOCK - ok
11:10:39.0515 2760 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:10:39.0515 2760 MSPQM - ok
11:10:39.0578 2760 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:10:39.0625 2760 mssmbios - ok
11:10:39.0656 2760 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
11:10:39.0671 2760 MSTEE - ok
11:10:39.0718 2760 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:10:39.0734 2760 Mup - ok
11:10:39.0781 2760 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:10:39.0796 2760 NABTSFEC - ok
11:10:39.0906 2760 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:10:39.0937 2760 napagent - ok
11:10:40.0140 2760 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121024.002\naveng.sys
11:10:40.0156 2760 NAVENG - ok
11:10:40.0265 2760 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121024.002\navex15.sys
11:10:40.0296 2760 NAVEX15 - ok
11:10:40.0343 2760 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:10:40.0343 2760 NDIS - ok
11:10:40.0375 2760 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:10:40.0390 2760 NdisIP - ok
11:10:40.0437 2760 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:10:40.0468 2760 NdisTapi - ok
11:10:40.0531 2760 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:10:40.0656 2760 Ndisuio - ok
11:10:40.0703 2760 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:10:40.0812 2760 NdisWan - ok
11:10:40.0890 2760 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:10:40.0906 2760 NDProxy - ok
11:10:40.0984 2760 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:10:41.0000 2760 NetBIOS - ok
11:10:41.0031 2760 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:10:41.0140 2760 NetBT - ok
11:10:41.0171 2760 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:10:41.0359 2760 NetDDE - ok
11:10:41.0375 2760 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:10:41.0375 2760 NetDDEdsdm - ok
11:10:41.0437 2760 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:10:41.0484 2760 Netlogon - ok
11:10:41.0531 2760 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:10:41.0562 2760 Netman - ok
11:10:41.0656 2760 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
11:10:41.0703 2760 NetSvc - ok
11:10:41.0812 2760 [ AD33BB7AE6D0D1CBEB253B9E5A719388 ] NICCONFIGSVC C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
11:10:41.0937 2760 NICCONFIGSVC - ok
11:10:41.0968 2760 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:10:41.0984 2760 Nla - ok
11:10:42.0031 2760 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\NPF.sys
11:10:42.0171 2760 NPF - ok
11:10:42.0203 2760 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:10:42.0203 2760 Npfs - ok
11:10:42.0296 2760 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:10:42.0312 2760 Ntfs - ok
11:10:42.0328 2760 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:10:42.0328 2760 NtLmSsp - ok
11:10:42.0390 2760 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:10:42.0453 2760 NtmsSvc - ok
11:10:42.0484 2760 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:10:42.0546 2760 Null - ok
11:10:42.0687 2760 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:10:42.0796 2760 nv - ok
11:10:42.0906 2760 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:10:42.0921 2760 NwlnkFlt - ok
11:10:42.0953 2760 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:10:43.0031 2760 NwlnkFwd - ok
11:10:43.0078 2760 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
11:10:43.0156 2760 omci - ok
11:10:43.0187 2760 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:10:43.0218 2760 Parport - ok
11:10:43.0281 2760 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:10:43.0281 2760 PartMgr - ok
11:10:43.0312 2760 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:10:43.0328 2760 ParVdm - ok
11:10:43.0390 2760 [ BAE04007A679893E975A2B75E9E001E9 ] pcCMService C:\Program Files\Common Files\Motive\pcCMService.exe
11:10:43.0468 2760 pcCMService - ok
11:10:43.0500 2760 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:10:43.0515 2760 PCI - ok
11:10:43.0531 2760 PCIDump - ok
11:10:43.0625 2760 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:10:43.0640 2760 PCIIde - ok
11:10:43.0656 2760 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:10:43.0656 2760 Pcmcia - ok
11:10:43.0671 2760 PDCOMP - ok
11:10:43.0671 2760 PDFRAME - ok
11:10:43.0687 2760 PDRELI - ok
11:10:43.0703 2760 PDRFRAME - ok
11:10:43.0765 2760 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
11:10:43.0843 2760 perc2 - ok
11:10:43.0890 2760 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:10:43.0937 2760 perc2hib - ok
11:10:44.0000 2760 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:10:44.0000 2760 PlugPlay - ok
11:10:44.0046 2760 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:10:44.0046 2760 PolicyAgent - ok
11:10:44.0140 2760 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:10:44.0296 2760 PptpMiniport - ok
11:10:44.0312 2760 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:10:44.0312 2760 ProtectedStorage - ok
11:10:44.0343 2760 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:10:44.0375 2760 PSched - ok
11:10:44.0421 2760 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:10:44.0453 2760 Ptilink - ok
11:10:44.0500 2760 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:10:44.0500 2760 PxHelp20 - ok
11:10:44.0562 2760 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:10:44.0687 2760 ql1080 - ok
11:10:44.0718 2760 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:10:44.0765 2760 Ql10wnt - ok
11:10:44.0781 2760 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:10:44.0859 2760 ql12160 - ok
11:10:44.0875 2760 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:10:44.0906 2760 ql1240 - ok
11:10:44.0906 2760 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:10:44.0953 2760 ql1280 - ok
11:10:45.0187 2760 [ 9054C4B91761773F0EFA59BED70C54B6 ] RapportCerberus_42020 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys
11:10:45.0312 2760 RapportCerberus_42020 - ok
11:10:45.0390 2760 [ 093B6A040BCF3FD4A0FFF397BAF28330 ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
11:10:45.0390 2760 RapportEI - ok
11:10:45.0515 2760 [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
11:10:45.0515 2760 RapportIaso - ok
11:10:45.0546 2760 [ 660436FBE447EBC73873EF2B0B2094B4 ] RapportKELL C:\WINDOWS\system32\Drivers\RapportKELL.sys
11:10:45.0562 2760 RapportKELL - ok
11:10:45.0671 2760 [ 61B37C0B3FD7DA7414C20D917469BFFF ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
11:10:45.0687 2760 RapportMgmtService - ok
11:10:45.0734 2760 [ 3DE33A522BB73E161F20D444687E978B ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
11:10:45.0750 2760 RapportPG - ok
11:10:45.0781 2760 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:10:45.0812 2760 RasAcd - ok
11:10:45.0921 2760 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:10:45.0968 2760 RasAuto - ok
11:10:46.0015 2760 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:10:46.0078 2760 Rasl2tp - ok
11:10:46.0156 2760 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:10:46.0218 2760 RasMan - ok
11:10:46.0250 2760 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:10:46.0328 2760 RasPppoe - ok
11:10:46.0359 2760 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:10:46.0390 2760 Raspti - ok
11:10:46.0437 2760 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:10:46.0453 2760 Rdbss - ok
11:10:46.0468 2760 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:10:46.0515 2760 RDPCDD - ok
11:10:46.0562 2760 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:10:46.0671 2760 rdpdr - ok
11:10:46.0734 2760 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:10:47.0125 2760 RDPWD - ok
11:10:47.0203 2760 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:10:47.0359 2760 RDSessMgr - ok
11:10:47.0375 2760 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:10:47.0468 2760 redbook - ok
11:10:47.0515 2760 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:10:47.0609 2760 RemoteAccess - ok
11:10:47.0656 2760 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:10:47.0718 2760 RpcLocator - ok
11:10:47.0781 2760 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:10:47.0781 2760 RpcSs - ok
11:10:47.0875 2760 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:10:48.0031 2760 RSVP - ok
11:10:48.0078 2760 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:10:48.0078 2760 SamSs - ok
11:10:48.0125 2760 [ 3525FDCFC567E807A337C61AFF366BE8 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
11:10:48.0234 2760 SavRoam - ok
11:10:48.0265 2760 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys
11:10:48.0375 2760 SAVRT - ok
11:10:48.0421 2760 [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys
11:10:48.0515 2760 SAVRTPEL - ok
11:10:48.0578 2760 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:10:48.0656 2760 SCardSvr - ok
11:10:48.0734 2760 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:10:48.0765 2760 Schedule - ok
11:10:48.0796 2760 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:10:48.0875 2760 Secdrv - ok
11:10:48.0968 2760 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:10:48.0984 2760 seclogon - ok
11:10:49.0031 2760 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:10:49.0031 2760 SENS - ok
11:10:49.0078 2760 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:10:49.0156 2760 serenum - ok
11:10:49.0187 2760 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:10:49.0234 2760 Serial - ok
11:10:49.0281 2760 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:10:49.0296 2760 Sfloppy - ok
11:10:49.0343 2760 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:10:49.0343 2760 ShellHWDetection - ok
11:10:49.0359 2760 Simbad - ok
11:10:49.0406 2760 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:10:49.0453 2760 sisagp - ok
11:10:49.0500 2760 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:10:49.0515 2760 SLIP - ok
11:10:49.0562 2760 [ 0D411EEA92751C1ECD8453892F41E726 ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
11:10:49.0671 2760 SNDSrvc - ok
11:10:49.0734 2760 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
11:10:49.0812 2760 Sony SCSI Helper Service - ok
11:10:49.0875 2760 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:10:49.0890 2760 Sparrow - ok
11:10:50.0046 2760 [ 677B10906838D3BFB1C07AC9087E4BF7 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
11:10:50.0140 2760 SPBBCDrv - ok
11:10:50.0234 2760 [ C830007369E18A54AED23B5BB3AFA2BA ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
11:10:50.0359 2760 SPBBCSvc - ok
11:10:50.0390 2760 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:10:50.0437 2760 splitter - ok
11:10:50.0484 2760 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:10:50.0515 2760 Spooler - ok
11:10:50.0546 2760 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:10:50.0593 2760 sr - ok
11:10:50.0640 2760 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:10:50.0687 2760 srservice - ok
11:10:50.0750 2760 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:10:50.0765 2760 Srv - ok
11:10:50.0796 2760 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:10:50.0906 2760 SSDPSRV - ok
11:10:50.0984 2760 [ 19FCEC67AAFFAB07BA358860A602CB4A ] STAC97 C:\WINDOWS\system32\drivers\STAC97.sys
11:10:51.0171 2760 STAC97 - ok
11:10:51.0234 2760 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:10:51.0312 2760 stisvc - ok
11:10:51.0359 2760 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:10:51.0375 2760 streamip - ok
11:10:51.0390 2760 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:10:51.0421 2760 swenum - ok
11:10:51.0453 2760 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:10:51.0484 2760 swmidi - ok
11:10:51.0484 2760 SwPrv - ok
11:10:51.0718 2760 [ 8FDAADF204A4F29214DA1B03342E2735 ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
11:10:51.0765 2760 Symantec AntiVirus - ok
11:10:51.0796 2760 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
11:10:51.0812 2760 symc810 - ok
11:10:51.0828 2760 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:10:51.0843 2760 symc8xx - ok
11:10:51.0953 2760 [ DE6D1102D55926354171AE4E73936725 ] SymEvent C:\Program Files\Symantec\SYMEVENT.SYS
11:10:52.0078 2760 SymEvent - ok
11:10:52.0125 2760 [ 6C0A85982F4E0D672B85A2BFB50A24B5 ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
11:10:52.0125 2760 SYMREDRV - ok
11:10:52.0171 2760 [ CDDA3BA3F7D5B63FF9F85CB478C11473 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
11:10:52.0281 2760 SYMTDI - ok
11:10:52.0296 2760 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:10:52.0343 2760 sym_hi - ok
11:10:52.0359 2760 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:10:52.0390 2760 sym_u3 - ok
11:10:52.0437 2760 [ 24F75B01C02992AD2E800B387269C50D ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:10:52.0484 2760 SynTP - ok
11:10:52.0515 2760 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:10:52.0546 2760 sysaudio - ok
11:10:52.0625 2760 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:10:52.0671 2760 SysmonLog - ok
11:10:52.0718 2760 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:10:52.0765 2760 TapiSrv - ok
11:10:52.0828 2760 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:10:52.0859 2760 Tcpip - ok
11:10:52.0937 2760 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:10:52.0968 2760 TDPIPE - ok
11:10:53.0015 2760 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:10:53.0125 2760 TDTCP - ok
11:10:53.0187 2760 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:10:53.0500 2760 TermDD - ok
11:10:53.0593 2760 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:10:53.0750 2760 TermService - ok
11:10:53.0765 2760 TfFsMon - ok
11:10:53.0781 2760 TfNetMon - ok
11:10:53.0781 2760 TFSysMon - ok
11:10:53.0828 2760 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:10:53.0828 2760 Themes - ok
11:10:53.0875 2760 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
11:10:53.0890 2760 TosIde - ok
11:10:53.0921 2760 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:10:53.0968 2760 TrkWks - ok
11:10:54.0015 2760 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:10:54.0093 2760 Udfs - ok
11:10:54.0109 2760 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
11:10:54.0125 2760 ultra - ok
11:10:54.0187 2760 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
11:10:54.0203 2760 UMWdf - ok
11:10:54.0359 2760 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:10:54.0406 2760 Update - ok
11:10:54.0468 2760 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:10:54.0500 2760 upnphost - ok
11:10:54.0531 2760 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:10:54.0562 2760 UPS - ok
11:10:54.0640 2760 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
11:10:54.0734 2760 usbaudio - ok
11:10:54.0750 2760 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:10:54.0796 2760 usbccgp - ok
11:10:54.0828 2760 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:10:54.0859 2760 usbehci - ok
11:10:54.0937 2760 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:10:55.0015 2760 usbhub - ok
11:10:55.0062 2760 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:10:55.0078 2760 usbprint - ok
11:10:55.0093 2760 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:10:55.0156 2760 usbscan - ok
11:10:55.0187 2760 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:10:55.0218 2760 USBSTOR - ok
11:10:55.0281 2760 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:10:55.0312 2760 usbuhci - ok
11:10:55.0375 2760 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:10:55.0390 2760 VgaSave - ok
11:10:55.0437 2760 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:10:55.0468 2760 viaagp - ok
11:10:55.0500 2760 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:10:55.0531 2760 ViaIde - ok
11:10:55.0562 2760 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:10:55.0562 2760 VolSnap - ok
11:10:55.0640 2760 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:10:55.0671 2760 VSS - ok
11:10:55.0718 2760 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
11:10:55.0750 2760 w32time - ok
11:10:55.0796 2760 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:10:55.0812 2760 Wanarp - ok
11:10:55.0953 2760 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
11:10:56.0062 2760 wanatw - ok
11:10:56.0078 2760 WDICA - ok
11:10:56.0109 2760 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:10:56.0125 2760 wdmaud - ok
11:10:56.0156 2760 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:10:56.0187 2760 WebClient - ok
11:10:56.0265 2760 [ 2DC7C0B6175A0A8ED84A4F70199C93B5 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:10:56.0312 2760 winachsf - ok
11:10:56.0406 2760 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:10:56.0453 2760 winmgmt - ok
11:10:56.0515 2760 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:10:56.0562 2760 WmdmPmSN - ok
11:10:56.0625 2760 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:10:56.0656 2760 WmiApSrv - ok
11:10:56.0703 2760 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:10:56.0718 2760 WS2IFSL - ok
11:10:56.0734 2760 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:10:56.0765 2760 WSTCODEC - ok
11:10:56.0859 2760 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:10:56.0921 2760 WZCSVC - ok
11:10:56.0968 2760 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:10:57.0015 2760 xmlprov - ok
11:10:57.0031 2760 ================ Scan global ===============================
11:10:57.0078 2760 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:10:57.0156 2760 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:10:57.0296 2760 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:10:57.0343 2760 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:10:57.0343 2760 [Global] - ok
11:10:57.0359 2760 ================ Scan MBR ==================================
11:10:57.0359 2760 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
11:10:57.0750 2760 \Device\Harddisk0\DR0 - ok
11:10:57.0765 2760 ================ Scan VBR ==================================
11:10:57.0765 2760 [ 054BC440DA398C90841E177A2671EEA5 ] \Device\Harddisk0\DR0\Partition1
11:10:57.0765 2760 \Device\Harddisk0\DR0\Partition1 - ok
11:10:57.0765 2760 ============================================================
11:10:57.0765 2760 Scan finished
11:10:57.0765 2760 ============================================================
11:10:57.0796 2408 Detected object count: 0
11:10:57.0796 2408 Actual detected object count: 0








aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-26 11:12:59
-----------------------------
11:12:59.796 OS Version: Windows 5.1.2600 Service Pack 3
11:12:59.796 Number of processors: 1 586 0xD08
11:12:59.812 ComputerName: CATHY UserName:
11:13:00.703 Initialize success
11:16:59.218 AVAST engine defs: 12102600
11:17:06.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
11:17:06.984 Disk 0 Vendor: HTS548040M9AT00 MG2OA5EA Size: 38154MB BusType: 3
11:17:07.109 Disk 0 MBR read successfully
11:17:07.109 Disk 0 MBR scan
11:17:16.843 Disk 0 unknown MBR code
11:17:16.890 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 15 MB offset 63
11:17:24.812 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 35110 MB offset 32130
11:17:25.968 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3020 MB offset 71939070
11:17:27.046 Disk 0 scanning sectors +78124095
11:17:28.421 Disk 0 scanning C:\WINDOWS\system32\drivers
11:19:00.234 Service scanning
11:19:01.375 Service 5689 C:\DOCUME~1\CATHYB~1\LOCALS~1\Temp\5689.sys **INFECTED** Win32:Malware-gen
11:19:43.718 Modules scanning
11:20:16.281 Module: C:\DOCUME~1\CATHYB~1\LOCALS~1\Temp\5689.sys **SUSPICIOUS**
11:20:17.546 Disk 0 trace - called modules:
11:20:17.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
11:20:17.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fe1ab8]
11:20:17.578 3 CLASSPNP.SYS[f8672fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82f9f3f0]
11:20:20.046 AVAST engine scan C:\WINDOWS
11:21:01.781 AVAST engine scan C:\WINDOWS\system32
11:26:01.140 AVAST engine scan C:\WINDOWS\system32\drivers
11:26:45.406 AVAST engine scan C:\Documents and Settings\Cathy Boroskey
11:27:01.781 File: C:\Documents and Settings\Cathy Boroskey\Application Data\FixZeroAccess\Archive\5689.sys **INFECTED** Win32:Malware-gen
11:33:33.375 File: C:\Documents and Settings\Cathy Boroskey\Application Data\zenior.dll **INFECTED** Win32:Medfos [Trj]
11:41:52.265 File: C:\Documents and Settings\Cathy Boroskey\Local Settings\Temp\5689.sys **INFECTED** Win32:Malware-gen
11:42:11.328 File: C:\Documents and Settings\Cathy Boroskey\Local Settings\Temp\~!#4F.tmp **INFECTED** Win32:Bredolabs-B [Trj]
11:43:20.843 AVAST engine scan C:\Documents and Settings\All Users
11:48:33.718 Scan finished successfully
11:49:04.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Cathy Boroskey\Desktop\MBR.dat"
11:49:04.296 The log file has been saved successfully to "C:\Documents and Settings\Cathy Boroskey\Desktop\aswMBR.txt"







C:\Documents and Settings\Cathy Boroskey\Application Data\zenior.dll a variant of Win32/Medfos.BT trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Cathy Boroskey\Application Data\FixZeroAccess\Archive\5689.sys Win32/Simda.M trojan cleaned by deleting - quarantined
C:\Documents and Settings\Cathy Boroskey\Local Settings\Temp\4A71FF6B172.tmp Win32/Simda.P trojan cleaned by deleting - quarantined
C:\Documents and Settings\Cathy Boroskey\Local Settings\Temp\65510bc6_0.tmp Win32/Simda.P trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Cathy Boroskey\Local Settings\Temp\D4.tmp Win32/Simda.B trojan cleaned by deleting - quarantined
C:\Documents and Settings\Cathy Boroskey\Local Settings\Temp\NOD9F.tmp a variant of Win32/Medfos.BT trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Cathy Boroskey\Local Settings\Temp\~!#4F.tmp a variant of Win32/Kryptik.AMAU trojan cleaned by deleting - quarantined
C:\Documents and Settings\Cathy Boroskey\Local Settings\Temporary Internet Files\Content.IE5\K928TP6O\calc[1].exe Win32/Simda.B trojan cleaned by deleting - quarantined
C:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application cleaned by deleting - quarantined
C:\WINDOWS\Temp\kb677391.exe Win32/Simda.B trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\temp50.exe a variant of Win32/Kryptik.AING trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Simda.P trojan



I must be blind as I don't see how to attach these files. Thanks ever so much for your time!

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:51 PM

Posted 26 October 2012 - 02:45 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 mordor61

mordor61
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 26 October 2012 - 09:33 PM

Amazing!!!!!!


logs:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.26.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Cathy Boroskey :: CATHY [administrator]

10/26/2012 4:14:40 PM
mbam-log-2012-10-26 (16-14-40).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 283436
Time elapsed: 1 hour(s), 34 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Update Server (Trojan.Agent) -> Data: C:\Documents and Settings\Cathy Boroskey\139d3ffd_1639.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\Cathy Boroskey\139d3ffd_1639.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ (Trojan.Small) -> Quarantined and deleted successfully.
C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> Quarantined and deleted successfully.

(end)





MiniToolBox by Farbar Version: 23-07-2012
Ran by Cathy Boroskey (administrator) on 26-10-2012 at 20:48:33
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [CATHY]. Some commands may not be available.
The specified module could not be found.



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : CATHY

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Belkin



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-43-56-32-C8

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Friday, October 26, 2012 8:13:46 PM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PM

Server:
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.229.194, 74.125.229.195, 74.125.229.196, 74.125.229.197
74.125.229.198, 74.125.229.199, 74.125.229.200, 74.125.229.201, 74.125.229.206
74.125.229.192, 74.125.229.193



Pinging google.com [74.125.229.193] with 32 bytes of data:



Reply from 74.125.229.193: bytes=32 time=25ms TTL=50

Reply from 74.125.229.193: bytes=32 time=27ms TTL=50



Ping statistics for 74.125.229.193:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 27ms, Average = 26ms

Server:
Address: 192.168.2.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=84ms TTL=47

Reply from 72.30.38.140: bytes=32 time=85ms TTL=47



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 84ms, Maximum = 85ms, Average = 84ms

Server:
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 43 56 32 c8 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.4 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.4 192.168.2.4 20
192.168.2.4 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.4 192.168.2.4 20
224.0.0.0 240.0.0.0 192.168.2.4 192.168.2.4 20
255.255.255.255 255.255.255.255 192.168.2.4 192.168.2.4 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/26/2012 08:15:44 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (10/26/2012 07:50:17 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.Zeroaccess.B in File: C:\WINDOWS\Installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: Risk was partially removed.

Error: (10/26/2012 07:50:13 PM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Trojan.Zeroaccess.B in File: C:\WINDOWS\Installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged.

Error: (10/26/2012 07:50:12 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.Zeroaccess.B in File: C:\WINDOWS\Installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error: (10/26/2012 05:51:59 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.Zeroaccess.B in File: C:\WINDOWS\Installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: Risk was partially removed.

Error: (10/26/2012 05:51:58 PM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Trojan.Zeroaccess.B in File: c:\WINDOWS\installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error: (10/26/2012 05:51:58 PM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Trojan.Zeroaccess.B in File: C:\WINDOWS\Installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged.

Error: (10/26/2012 05:51:57 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.Zeroaccess.B in File: C:\WINDOWS\Installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error: (10/26/2012 05:51:36 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.Zeroaccess.B in File: C:\WINDOWS\Installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: Risk was partially removed.

Error: (10/26/2012 05:51:32 PM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Trojan.Zeroaccess.B in File: c:\WINDOWS\installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.


System errors:
=============
Error: (10/26/2012 08:17:16 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\IncrediMail\bin\IncMail.exe.
Reference error message: The operation completed successfully.
.

Error: (10/26/2012 08:17:16 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (10/26/2012 08:17:16 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (10/26/2012 08:14:26 PM) (Source: SRService) (User: )
Description: The System Restore initialization process failed.

Error: (10/26/2012 06:26:50 AM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\IncrediMail\bin\IncMail.exe.
Reference error message: The operation completed successfully.
.

Error: (10/26/2012 06:26:50 AM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (10/26/2012 06:26:49 AM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (10/26/2012 06:23:22 AM) (Source: SRService) (User: )
Description: The System Restore initialization process failed.

Error: (10/25/2012 09:02:04 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\IncrediMail\bin\IncMail.exe.
Reference error message: The operation completed successfully.
.

Error: (10/25/2012 09:02:04 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: The referenced assembly is not installed on your system.
.


Microsoft Office Sessions:
=========================
Error: (10/26/2012 08:15:44 PM) (Source: WinMgmt)(User: )
Description:

Error: (10/26/2012 07:50:17 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan.Zeroaccess.B in File: C:\WINDOWS\Installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: Risk was partially removed.

Error: (10/26/2012 07:50:13 PM) (Source: Symantec AntiVirus)(User: )
Description: Risk Found!Risk: Trojan.Zeroaccess.B in File: C:\WINDOWS\Installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged.

Error: (10/26/2012 07:50:12 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan.Zeroaccess.B in File: C:\WINDOWS\Installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error: (10/26/2012 05:51:59 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan.Zeroaccess.B in File: C:\WINDOWS\Installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: Risk was partially removed.

Error: (10/26/2012 05:51:58 PM) (Source: Symantec AntiVirus)(User: )
Description: Risk Found!Risk: Trojan.Zeroaccess.B in File: c:\WINDOWS\installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error: (10/26/2012 05:51:58 PM) (Source: Symantec AntiVirus)(User: )
Description: Risk Found!Risk: Trojan.Zeroaccess.B in File: C:\WINDOWS\Installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged.

Error: (10/26/2012 05:51:57 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan.Zeroaccess.B in File: C:\WINDOWS\Installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error: (10/26/2012 05:51:36 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Trojan.Zeroaccess.B in File: C:\WINDOWS\Installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: Risk was partially removed.

Error: (10/26/2012 05:51:32 PM) (Source: Symantec AntiVirus)(User: )
Description: Risk Found!Risk: Trojan.Zeroaccess.B in File: c:\WINDOWS\installer\{4c28629a-1e4a-63ec-2f0d-0b101dadb251}\U\80000000.@ by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.


========================= Memory info: ===================================

Percentage of memory in use: 94%
Total physical RAM: 503.37 MB
Available physical RAM: 29.14 MB
Total Pagefile: 1226.88 MB
Available Pagefile: 795.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.61 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:34.29 GB) (Free:10.95 GB) NTFS

========================= Users: ========================================

User accounts for \\CATHY

Administrator Cathy Boroskey Guest
HelpAssistant SUPPORT_388945a0

========================= Restore Points ==================================

Could not list Restore Points.

**** End of log ****










Farbar Service Scanner Version: 26-10-2012
Ran by Cathy Boroskey (administrator) on 26-10-2012 at 20:52:04
Running from "C:\Documents and Settings\Cathy Boroskey\Local Settings\Temporary Internet Files\Content.IE5\TEJMD4JX"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****






# AdwCleaner v2.005 - Logfile created 10/26/2012 at 20:54:43
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Cathy Boroskey - CATHY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Cathy Boroskey\Local Settings\Temporary Internet Files\Content.IE5\VHCWLFVP\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\GamesBar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\AppGraffiti
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\GamesBar
Folder Deleted : C:\Documents and Settings\Cathy Boroskey\Application Data\AppGraffiti
Folder Deleted : C:\Documents and Settings\Cathy Boroskey\Application Data\Viewpoint
Folder Deleted : C:\Program Files\AppGraffiti
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\GamesBar
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\AppGraffiti
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\Software\AppGraffiti
Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Key Deleted : HKLM\Software\GamesBarSetup
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.11

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [7710 octets] - [26/10/2012 20:54:43]

########## EOF - C:\AdwCleaner[S1].txt - [7770 octets] ##########




Junkware Removal Tool (JRT) by Thisisu
Version: 2.2.1 (10.26.2012)
OS: Microsoft Windows XP x86
Ran by Cathy Boroskey on Fri 10/26/2012 at 21:35:08.90
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{88fb16d2-04ea-4ffe-8079-cff68f1b9ce6}



*** Files: 0 Detections



*** Folders:

Successfully deleted: [FOLDER] "C:\Program Files\coupons"



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Fri 10/26/2012 at 22:08:46.45
End of Report

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:51 PM

Posted 27 October 2012 - 12:55 AM

Thankyou for your comments.We have a few more scans left

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 mordor61

mordor61
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 27 October 2012 - 11:11 AM

Logs:
Farbar Service Scanner Version: 27-10-2012
Ran by Cathy Boroskey (administrator) on 27-10-2012 at 11:28:58
Running from "C:\Documents and Settings\Cathy Boroskey\Local Settings\Temporary Internet Files\Content.IE5\9C0K66TY"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3)
0x09000000040000000100000002000000030000000800000005000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****





Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/27/2012 11:35:44 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\LVCOMSX.EXE (PID: 2864) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic

* System Restore Filter Driver (sr) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 10/27/2012 11:37:58 AM
Execution time: 0 hours(s), 2 minute(s), and 13 seconds(s)





"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe Photo Downloader" "" "" "File not found: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 8.0\reader\reader_sl.exe"
+ "ccApp" "Symantec User Session" "Symantec Corporation" "c:\program files\common files\symantec shared\ccapp.exe"
+ "EzPrint" "" "" "c:\program files\lexmark 7100 series\ezprint.exe"
+ "FaxCenterServer4_in_1" "" "" "c:\program files\lexmark 7100 series\fm3032.exe"
+ "LogitechVideoRepair" "Logitech QuickCam Startup Application" "Logitech Inc." "c:\program files\logitech\video\isstart.exe"
+ "LogitechVideoTray" "ImageStudio Tray Application" "Logitech Inc." "c:\program files\logitech\video\logitray.exe"
+ "LVCOMSX" "LVCom Server" "Logitech Inc." "c:\windows\system32\lvcomsx.exe"
+ "LXBXCATS" "Timer DLL" "" "c:\windows\system32\spool\drivers\w32x86\3\lxbxtime.dll"
+ "lxbxmon.exe" "Lexmark 7100 Series Device Monitor" "Lexmark International, Inc." "c:\program files\lexmark 7100 series\lxbxmon.exe"
+ "QuickTime Task" "" "Apple Computer, Inc." "c:\program files\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "" "" "File not found: C:\Program Files\Java\jre6\bin\jusched.exe"
+ "Symantec NetDriver Monitor" "" "" "File not found: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpenh.exe"
+ "SynTPLpr" "TouchPad Driver Helper Application" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntplpr.exe"
+ "vptray" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\symantec antivirus\vptray.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "NETGEAR WG111v3 Smart Wizard.lnk" "NetgearCUv2 MFC Application" "" "c:\program files\netgear\wg111v3\wg111v3.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "IncrediMail" "IncrediMail Tray Application" "IncrediMail, Ltd." "c:\program files\incredimail\bin\incmail.exe"
+ "LogitechSoftwareUpdate" "Logitech Software Update" "Logitech Inc." "c:\program files\logitech\video\manifestengine.exe"
+ "MSMSGS" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
+ "SearchEngineProtection" "" "" "File not found: C:\Program Files\Gamesbar\SearchEngineProtection.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "bw+0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw+0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw-0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw-0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw00" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw00s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw10" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw10s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw20" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw20s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw30" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw30s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw40" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw40s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw50" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw50s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw60" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw60s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw70" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw70s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw80" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw80s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw90" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bw90s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwa0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwa0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwb0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwb0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwc0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwc0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwd0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwd0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwe0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwe0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwf0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwf0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwfile-8876480" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\gaplugprotocol-8876480.dll"
+ "bwg0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwg0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwh0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwh0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwi0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwi0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwj0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwj0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwk0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwk0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwl0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwl0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwm0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwm0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwn0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwn0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwo0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwo0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwp0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwp0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwq0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwq0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwr0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwr0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bws0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bws0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwt0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwt0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwu0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwu0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwv0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwv0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bww0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bww0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwx0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwx0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwy0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwy0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwz0" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "bwz0s" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
+ "offline-8876480" "Logitech Desktop Messenger" "Logitech" "c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\common files\symantec shared\ssc\vpshell2.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing LP" "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing LP" "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing LP" "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\common files\symantec shared\ssc\vpshell2.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing LP" "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing LP" "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll"
+ "SidebarAutoLaunch Class" "YSidebarIEBHO Module" "Yahoo! Inc." "c:\program files\yahoo!\browser\ysidebariebho.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Sun Java Console" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jp2iexp.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "ccEvtMgr" "Event propagation and logging service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccevtmgr.exe"
+ "ccSetMgr" "Settings storage and management service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccsetmgr.exe"
+ "DefWatch" "Monitors and maintains virus definitions." "Symantec Corporation" "c:\program files\symantec antivirus\defwatch.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jqs.exe"
+ "LiveUpdate" "LiveUpdate Core Engine" "Symantec Corporation" "c:\program files\symantec\liveupdate\lucomserver_3_1.exe"
+ "lxbx_device" "Lexmark Communication System" "Lexmark International, Inc." "c:\windows\system32\lxbxcoms.exe"
+ "NetSvc" "Supports Intel® PROSet for Wired Connections." "Intel® Corporation" "c:\program files\intel\prosetwired\ncs\sync\netsvc.exe"
+ "NICCONFIGSVC" "Configure your Internal Network Card power management settings." "Dell Inc." "c:\program files\dell\nicconfigsvc\nicconfigsvc.exe"
+ "pcCMService" "mcci+McciCMService" "Alcatel-Lucent" "c:\program files\common files\motive\pccmservice.exe"
+ "RapportMgmtService" "Central Rapport Management and Monitoring Service" "Trusteer Ltd." "c:\program files\trusteer\rapport\bin\rapportmgmtservice.exe"
+ "SavRoam" "Symantec AntiVirus Roaming Service" "symantec" "c:\program files\symantec antivirus\savroam.exe"
+ "SNDSrvc" "Symantec Network Drivers Service" "Symantec Corporation" "c:\program files\common files\symantec shared\sndsrvc.exe"
+ "SPBBCSvc" "Symantec SPBBC" "Symantec Corporation" "c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe"
+ "Symantec AntiVirus" "Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus." "Symantec Corporation" "c:\program files\symantec antivirus\rtvscan.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "5689" "" "" "File not found: C:\DOCUME~1\CATHYB~1\LOCALS~1\Temp\5689.sys"
+ "AegisP" "AEGIS Protocol (IEEE 802.1x) v3.4.5.0" "Meetinghouse Data Communications" "c:\windows\system32\drivers\aegisp.sys"
+ "APPDRV" "App Support Driver" "Dell Inc" "c:\windows\system32\drivers\appdrv.sys"
+ "ASCTRM" "TR Manager" "Windows ® 2000 DDK provider" "c:\windows\system32\drivers\asctrm.sys"
+ "bvrp_pci" "" "" "File not found: C:\WINDOWS\System32\Drivers\bvrp_pci.sys"
+ "CamDrL" "Universal Serial Bus Camera Driver" "Logitech Inc." "c:\windows\system32\drivers\camdrl.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "E100B" "Intel® PRO/100 Adapter NDIS 5.1 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys"
+ "EAPPkt" "Realtek EAPPkt Protocol" "Realtek" "c:\windows\system32\drivers\eappkt.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eectrl.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "HSF_DP" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dp.sys"
+ "HSFHWICH" "HSFHWICH WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwich.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\ialmnt5.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "LVUSBSta" "USB Statistic Driver" "Logitech Inc." "c:\windows\system32\drivers\lvusbsta.sys"
+ "mdmxsdk" "Diagnostic Interface DRIVER" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "MREMP50" "" "" "File not found: C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS"
+ "MRESP50" "" "" "File not found: C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\program files\common files\symantec shared\virusdefs\20121024.002\naveng.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\program files\common files\symantec shared\virusdefs\20121024.002\navex15.sys"
+ "NPF" "npf.sys (NT5/6 x86) Kernel Driver" "CACE Technologies, Inc." "c:\windows\system32\drivers\npf.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "omci" "OMCI Device Driver" "Dell Inc" "c:\windows\system32\drivers\omci.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RapportCerberus_42020" "" "" "c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\rapportcerberus32_42020.sys"
+ "RapportEI" "RapportEI" "Trusteer Ltd." "c:\program files\trusteer\rapport\bin\rapportei.sys"
+ "RapportIaso" "RapportIaso" "Trusteer Ltd." "c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys"
+ "RapportKELL" "RapportKE" "Trusteer Ltd." "c:\windows\system32\drivers\rapportkell.sys"
+ "RapportPG" "RapportPG" "Trusteer Ltd." "c:\program files\trusteer\rapport\bin\rapportpg.sys"
+ "RTL8187B" "NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter NDIS Driver" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\wg111v3.sys"
+ "SAVRT" "AutoProtect" "Symantec Corporation" "c:\program files\symantec antivirus\savrt.sys"
+ "SAVRTPEL" "SAVRTPEL" "Symantec Corporation" "c:\program files\symantec antivirus\savrtpel.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SPBBCDrv" "SPBBC Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys"
+ "STAC97" "SigmaTel Audio Driver (WDM)" "SigmaTel, Inc." "c:\windows\system32\drivers\stac97.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\program files\symantec\symevent.sys"
+ "SYMREDRV" "Redirector Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symredrv.sys"
+ "SYMTDI" "Network Dispatch Driver" "Symantec Corporation" "c:\windows\system32\drivers\symtdi.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
+ "TfFsMon" "" "" "File not found: system32\drivers\TfFsMon.sys"
+ "TfNetMon" "" "" "File not found: C:\WINDOWS\system32\drivers\TfNetMon.sys"
+ "TFSysMon" "" "" "File not found: system32\drivers\TfSysMon.sys"
+ "wanatw" "" "" "File not found: system32\DRIVERS\wanatw4.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "VIDC.I420" "Video Codec" "Logitech Inc." "c:\windows\system32\lvcodec2.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd\movie\claudfx.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\movie\claudiocd.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\movie\clline21.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\movie\clauts.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\movie\clvsd.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo Video ® 5.1 Progressive Download Source" "Intel Indeo® video IVF Source Filter 5.10" "Intel Corporation" "c:\windows\system32\ivfsrc.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Logitech Video/Audio Tee" "Video/Audio Tee Filter" "Logitech Inc." "c:\windows\system32\vatee.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Photo Story 2 Trial Source Filter" "Plus! Photo Story 2 LE" "Microsoft Corporation" "c:\program files\microsoft plus! photo story 2 le\pssf2try.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Sonic Cinemaster® VCD Navigator" "Sonic Cinemaster ® DS VCD Navigator" "Sonic Solutions" "c:\program files\common files\sonic shared\cinemastervcdnav.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WAV Dest Trial" "Plus! Photo Story 2 LE" "Microsoft Corporation" "c:\program files\microsoft plus! photo story 2 le\wavd2try.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxsrvc Module" "Intel Corporation" "c:\windows\system32\igfxsrvc.dll"
+ "NavLogon" "Symantec AntiVirus Logon Notification" "Symantec Corporation" "c:\windows\system32\navlogon.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
+ "000000000001" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files\common files\pc tools\lsp\pctlsp.dll"
+ "000000000002" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files\common files\pc tools\lsp\pctlsp.dll"
+ "000000000003" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files\common files\pc tools\lsp\pctlsp.dll"
+ "000000000009" "PC Tools Layered Service Provider" "PC Tools Research Pty Ltd." "c:\program files\common files\pc tools\lsp\pctlsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "7100 Series Port" "Lexmark Communication System" "Lexmark International, Inc." "c:\windows\system32\lxbxlmpm.dll"
+ "Fax Lexmark 7100 Series Port" "" "" "c:\windows\system32\lxbxpmon.dll"





Thanks once more for your assistance.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:51 PM

Posted 27 October 2012 - 11:14 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#9 mordor61

mordor61
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 27 October 2012 - 01:09 PM

I have acted as you advised....what an education, shame on me for being so lax. In the process of updating java. Only problem is that I do not have a system restore tab to turn it on. Any suggestions?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:51 PM

Posted 27 October 2012 - 05:47 PM

Download

Enable system restore

Launch it and click YES

Restart the PC and try to launch the TAB.

#11 mordor61

mordor61
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 31 October 2012 - 07:44 PM

I have tried this to no avail. the restore is there again but get an error msg unable to perform please restart....I restart and get the same error message again. I can't thank you enough for all your help :)

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:51 PM

Posted 31 October 2012 - 10:25 PM

Those errors can be easily resolved

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Reset file permissions
Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

You should be able to launch system restore now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users