Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer runs Slow, Internet slow, Applications slow


  • Please log in to reply
15 replies to this topic

#1 hYlAnDeR~TFC

hYlAnDeR~TFC

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 04 November 2012 - 02:08 AM

Running older PC Clone 2.0 Ghz Dual CPU Pentium, 1GB Ram Win XP Home Edition system.

While navigation on Internet Explorer or Google Chrome, system runs extrememly slow and/or crashes. When using applications such as Itunes, Email, or simply opening up Word and other applications, it runs very slow and almost seems to stop. The IE7 that was on the computer had changed to an operate with add-ons off as a result of the infection. I downloaded and reinstalled IE7 and this seems to have fixed that problem for the time being. MalwareBytes and SuperAntiSpy icons dissappeared from my desktop. When trying to use them from the Start / Menu options the programs no longer worked. I reinstalled them and they appear to work fine now. However, the system still seems to run very slow over all and its performance is greatly hindered.

Next, I ran free version of SuperAntiSpyware and all it detected was a couple Adware cookies. Secondly, I ran free version of Malware Bytes Anti-Malware and it detected PUP.GamePlayLab infections located in the Registry Key: HKLM\SOFTGWARE\Microsoft\Windows.... These files were removed and quarantined by MWB. Thirdly, I ran Old Timer's TFC and then rebooted the computer and it appeared to run a little faster, but still sluggish while using IE7. So, finally, I ran ESET Free Online Scanner, and it detected "Win32/Toolbar.Babylon and Win32/TopMedia.a" virus infections. Scan took about 2 1/2 hours. I set it to search the drives/archives and remove found threats. ESET Scanner message stated that the files have been removed and quarantined.

Due to the nature and complexity and severity of the threats found by the free ESET Online Scanner, I am not certain that my system on this computer is completely free of viruses/infections at this time. Although some of the performance and speed are a little better now, the system is still a bit sluggish and I do not feel safe to conduct any banking or internet purchases on this computer until I can feel confident that the system is clean.

Any assistance you folks can provide me will be greatly appreciated.

Thank you!
hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:37 AM

Posted 04 November 2012 - 09:09 PM

Hello, lets look a bit more.

Please Download

TDSSkiller


Launch it. Click on change parameters-Select TDLFS file system

Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.

>>>>>>>>

Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


>>>>>>>

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Finally...
MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 04 November 2012 - 09:28 PM

Thank you for your reply!

I will have to run these programs and post the applicable reports tomorrow after I get off of work ok? I am heading off to sleep now. I will post all the applicable information tomorrow. Thanks again!
hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

#4 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 04 November 2012 - 10:53 PM

Here ya go!


Here is the TDS Killer Result Scan Log:




19:14:44.0656 3900 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:14:45.0218 3900 ============================================================
19:14:45.0218 3900 Current date / time: 2012/11/04 19:14:45.0218
19:14:45.0218 3900 SystemInfo:
19:14:45.0218 3900
19:14:45.0218 3900 OS Version: 5.1.2600 ServicePack: 3.0
19:14:45.0218 3900 Product type: Workstation
19:14:45.0218 3900 ComputerName: JANINA
19:14:45.0218 3900 UserName: Janina Joy
19:14:45.0218 3900 Windows directory: C:\WINDOWS
19:14:45.0218 3900 System windows directory: C:\WINDOWS
19:14:45.0218 3900 Processor architecture: Intel x86
19:14:45.0218 3900 Number of processors: 2
19:14:45.0218 3900 Page size: 0x1000
19:14:45.0218 3900 Boot type: Normal boot
19:14:45.0218 3900 ============================================================
19:14:46.0765 3900 Drive \Device\Harddisk0\DR0 - Size: 0x728D84000 (28.64 Gb), SectorSize: 0x200, Cylinders: 0xE9A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:14:46.0765 3900 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:14:46.0781 3900 ============================================================
19:14:46.0781 3900 \Device\Harddisk0\DR0:
19:14:46.0781 3900 MBR partitions:
19:14:46.0781 3900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3944DDB
19:14:46.0781 3900 \Device\Harddisk1\DR1:
19:14:46.0781 3900 MBR partitions:
19:14:46.0781 3900 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
19:14:46.0781 3900 ============================================================
19:14:46.0812 3900 C: <-> \Device\Harddisk1\DR1\Partition1
19:14:46.0843 3900 E: <-> \Device\Harddisk0\DR0\Partition1
19:14:46.0859 3900 ============================================================
19:14:46.0859 3900 Initialize success
19:14:46.0859 3900 ============================================================
19:15:22.0531 4016 ============================================================
19:15:22.0531 4016 Scan started
19:15:22.0531 4016 Mode: Manual; TDLFS;
19:15:22.0531 4016 ============================================================
19:15:22.0656 4016 ================ Scan system memory ========================
19:15:22.0656 4016 System memory - ok
19:15:22.0656 4016 ================ Scan services =============================
19:15:22.0734 4016 Abiosdsk - ok
19:15:22.0734 4016 abp480n5 - ok
19:15:22.0781 4016 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:15:22.0781 4016 ACPI - ok
19:15:22.0828 4016 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:15:22.0828 4016 ACPIEC - ok
19:15:22.0906 4016 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:15:22.0921 4016 AdobeFlashPlayerUpdateSvc - ok
19:15:22.0937 4016 adpu160m - ok
19:15:22.0953 4016 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:15:22.0968 4016 aec - ok
19:15:23.0000 4016 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:15:23.0015 4016 AFD - ok
19:15:23.0015 4016 Aha154x - ok
19:15:23.0031 4016 aic78u2 - ok
19:15:23.0031 4016 aic78xx - ok
19:15:23.0062 4016 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:15:23.0062 4016 Alerter - ok
19:15:23.0093 4016 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:15:23.0093 4016 ALG - ok
19:15:23.0093 4016 AliIde - ok
19:15:23.0109 4016 amsint - ok
19:15:23.0187 4016 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:15:23.0187 4016 AntiVirSchedulerService - ok
19:15:23.0218 4016 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:15:23.0218 4016 AntiVirService - ok
19:15:23.0281 4016 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:15:23.0281 4016 Apple Mobile Device - ok
19:15:23.0281 4016 AppMgmt - ok
19:15:23.0296 4016 asc - ok
19:15:23.0296 4016 asc3350p - ok
19:15:23.0312 4016 asc3550 - ok
19:15:23.0406 4016 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:15:23.0437 4016 aspnet_state - ok
19:15:23.0453 4016 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:15:23.0468 4016 AsyncMac - ok
19:15:23.0484 4016 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:15:23.0484 4016 atapi - ok
19:15:23.0515 4016 [ 2610034ECD11A675ED2E2601C87961AF ] AtcL002 C:\WINDOWS\system32\DRIVERS\l251x86.sys
19:15:23.0515 4016 AtcL002 - ok
19:15:23.0515 4016 Atdisk - ok
19:15:23.0531 4016 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:15:23.0546 4016 Atmarpc - ok
19:15:23.0562 4016 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:15:23.0578 4016 AudioSrv - ok
19:15:23.0593 4016 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:15:23.0609 4016 audstub - ok
19:15:23.0625 4016 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:15:23.0625 4016 avgntflt - ok
19:15:23.0656 4016 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:15:23.0671 4016 avipbb - ok
19:15:23.0703 4016 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:15:23.0718 4016 avkmgr - ok
19:15:23.0750 4016 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:15:23.0750 4016 Beep - ok
19:15:23.0781 4016 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:15:24.0031 4016 BITS - ok
19:15:24.0093 4016 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:15:24.0093 4016 Bonjour Service - ok
19:15:24.0125 4016 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:15:24.0140 4016 Browser - ok
19:15:24.0156 4016 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:15:24.0171 4016 cbidf2k - ok
19:15:24.0171 4016 cd20xrnt - ok
19:15:24.0203 4016 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:15:24.0203 4016 Cdaudio - ok
19:15:24.0234 4016 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:15:24.0234 4016 Cdfs - ok
19:15:24.0281 4016 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:15:24.0296 4016 Cdrom - ok
19:15:24.0296 4016 Changer - ok
19:15:24.0328 4016 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:15:24.0328 4016 CiSvc - ok
19:15:24.0359 4016 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:15:24.0375 4016 ClipSrv - ok
19:15:24.0406 4016 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:15:24.0468 4016 clr_optimization_v2.0.50727_32 - ok
19:15:24.0500 4016 CLTNetCnService - ok
19:15:24.0500 4016 CmdIde - ok
19:15:24.0515 4016 COMSysApp - ok
19:15:24.0531 4016 Cpqarray - ok
19:15:24.0562 4016 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:15:24.0562 4016 CryptSvc - ok
19:15:24.0578 4016 dac2w2k - ok
19:15:24.0578 4016 dac960nt - ok
19:15:24.0625 4016 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:15:24.0625 4016 DcomLaunch - ok
19:15:24.0656 4016 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:15:24.0671 4016 Dhcp - ok
19:15:24.0703 4016 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:15:24.0703 4016 Disk - ok
19:15:24.0718 4016 dmadmin - ok
19:15:24.0750 4016 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:15:24.0812 4016 dmboot - ok
19:15:24.0859 4016 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:15:24.0875 4016 dmio - ok
19:15:24.0890 4016 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:15:24.0906 4016 dmload - ok
19:15:24.0921 4016 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:15:24.0937 4016 dmserver - ok
19:15:24.0953 4016 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:15:24.0953 4016 DMusic - ok
19:15:25.0000 4016 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:15:25.0015 4016 Dnscache - ok
19:15:25.0046 4016 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:15:25.0062 4016 Dot3svc - ok
19:15:25.0062 4016 dpti2o - ok
19:15:25.0093 4016 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:15:25.0093 4016 drmkaud - ok
19:15:25.0140 4016 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:15:25.0140 4016 EapHost - ok
19:15:25.0171 4016 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:15:25.0171 4016 ERSvc - ok
19:15:25.0203 4016 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:15:25.0203 4016 Eventlog - ok
19:15:25.0234 4016 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:15:25.0250 4016 EventSystem - ok
19:15:25.0312 4016 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:15:25.0312 4016 Fastfat - ok
19:15:25.0359 4016 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:15:25.0375 4016 FastUserSwitchingCompatibility - ok
19:15:25.0390 4016 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:15:25.0406 4016 Fdc - ok
19:15:25.0437 4016 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:15:25.0437 4016 Fips - ok
19:15:25.0468 4016 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:15:25.0468 4016 Flpydisk - ok
19:15:25.0484 4016 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:15:25.0500 4016 FltMgr - ok
19:15:25.0562 4016 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:15:25.0562 4016 FontCache3.0.0.0 - ok
19:15:25.0562 4016 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:15:25.0578 4016 Fs_Rec - ok
19:15:25.0578 4016 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:15:25.0593 4016 Ftdisk - ok
19:15:25.0640 4016 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:15:25.0640 4016 GEARAspiWDM - ok
19:15:25.0656 4016 GMSIPCI - ok
19:15:25.0687 4016 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:15:25.0703 4016 Gpc - ok
19:15:25.0781 4016 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:15:25.0796 4016 gupdate - ok
19:15:25.0796 4016 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:15:25.0796 4016 gupdatem - ok
19:15:25.0828 4016 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:15:25.0828 4016 HDAudBus - ok
19:15:25.0890 4016 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:15:25.0906 4016 helpsvc - ok
19:15:25.0906 4016 HidServ - ok
19:15:25.0937 4016 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:15:25.0937 4016 HidUsb - ok
19:15:25.0984 4016 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:15:25.0984 4016 hkmsvc - ok
19:15:26.0000 4016 hpn - ok
19:15:26.0015 4016 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:15:26.0031 4016 HPZid412 - ok
19:15:26.0046 4016 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:15:26.0062 4016 HPZipr12 - ok
19:15:26.0078 4016 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:15:26.0078 4016 HPZius12 - ok
19:15:26.0109 4016 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:15:26.0125 4016 HTTP - ok
19:15:26.0140 4016 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:15:26.0140 4016 HTTPFilter - ok
19:15:26.0156 4016 i2omgmt - ok
19:15:26.0156 4016 i2omp - ok
19:15:26.0171 4016 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:15:26.0171 4016 i8042prt - ok
19:15:26.0234 4016 [ 6FCB904910DA07C9DC2593D66438FA29 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:15:26.0265 4016 ialm - ok
19:15:26.0343 4016 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:15:26.0437 4016 idsvc - ok
19:15:26.0468 4016 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:15:26.0468 4016 Imapi - ok
19:15:26.0500 4016 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:15:26.0500 4016 ImapiService - ok
19:15:26.0515 4016 ini910u - ok
19:15:26.0640 4016 [ CDFD5A68A2E1CAA89C5C0E0B3CB98731 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:15:26.0781 4016 IntcAzAudAddService - ok
19:15:26.0796 4016 IntelIde - ok
19:15:26.0828 4016 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:15:26.0828 4016 intelppm - ok
19:15:26.0843 4016 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:15:26.0859 4016 Ip6Fw - ok
19:15:26.0875 4016 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:15:26.0875 4016 IpFilterDriver - ok
19:15:26.0890 4016 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:15:26.0890 4016 IpInIp - ok
19:15:26.0921 4016 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:15:26.0921 4016 IpNat - ok
19:15:26.0968 4016 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:15:27.0031 4016 iPod Service - ok
19:15:27.0046 4016 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:15:27.0046 4016 IPSec - ok
19:15:27.0062 4016 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:15:27.0078 4016 IRENUM - ok
19:15:27.0093 4016 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:15:27.0093 4016 isapnp - ok
19:15:27.0171 4016 [ 08A811BFD207DFDEC588881C18BACBAA ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
19:15:27.0171 4016 ISWKL - ok
19:15:27.0218 4016 [ 5B2CCEF06F96DFB22893AB8F0B3F891D ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
19:15:27.0234 4016 IswSvc - ok
19:15:27.0328 4016 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:15:27.0328 4016 JavaQuickStarterService - ok
19:15:27.0343 4016 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:15:27.0343 4016 Kbdclass - ok
19:15:27.0375 4016 [ 1223A8B567FFDB4B8BB5F59E5F033FDB ] KeyScrambler C:\WINDOWS\system32\drivers\keyscrambler.sys
19:15:27.0390 4016 KeyScrambler - ok
19:15:27.0437 4016 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:15:27.0453 4016 kmixer - ok
19:15:27.0484 4016 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:15:27.0484 4016 KSecDD - ok
19:15:27.0531 4016 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:15:27.0546 4016 lanmanserver - ok
19:15:27.0578 4016 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:15:27.0593 4016 lanmanworkstation - ok
19:15:27.0609 4016 lbrtfdc - ok
19:15:27.0671 4016 [ 53710476495886D9961BE46983A6A33F ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:15:27.0671 4016 LightScribeService - ok
19:15:27.0718 4016 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:15:27.0718 4016 LmHosts - ok
19:15:27.0750 4016 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:15:27.0765 4016 Messenger - ok
19:15:27.0781 4016 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:15:27.0796 4016 mnmdd - ok
19:15:27.0828 4016 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:15:27.0828 4016 mnmsrvc - ok
19:15:27.0859 4016 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:15:27.0859 4016 Modem - ok
19:15:27.0890 4016 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:15:27.0890 4016 Mouclass - ok
19:15:27.0921 4016 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:15:27.0921 4016 mouhid - ok
19:15:27.0937 4016 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:15:27.0937 4016 MountMgr - ok
19:15:27.0953 4016 mraid35x - ok
19:15:27.0953 4016 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:15:27.0968 4016 MRxDAV - ok
19:15:28.0031 4016 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:15:28.0062 4016 MRxSmb - ok
19:15:28.0078 4016 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:15:28.0078 4016 MSDTC - ok
19:15:28.0109 4016 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:15:28.0109 4016 Msfs - ok
19:15:28.0109 4016 MSICPL - ok
19:15:28.0125 4016 MSIServer - ok
19:15:28.0140 4016 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:15:28.0140 4016 MSKSSRV - ok
19:15:28.0156 4016 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:15:28.0156 4016 MSPCLOCK - ok
19:15:28.0156 4016 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:15:28.0171 4016 MSPQM - ok
19:15:28.0187 4016 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:15:28.0187 4016 mssmbios - ok
19:15:28.0218 4016 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:15:28.0218 4016 MTsensor - ok
19:15:28.0234 4016 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:15:28.0250 4016 Mup - ok
19:15:28.0296 4016 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:15:28.0328 4016 napagent - ok
19:15:28.0343 4016 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:15:28.0359 4016 NDIS - ok
19:15:28.0406 4016 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:15:28.0406 4016 NdisTapi - ok
19:15:28.0406 4016 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:15:28.0421 4016 Ndisuio - ok
19:15:28.0421 4016 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:15:28.0437 4016 NdisWan - ok
19:15:28.0453 4016 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:15:28.0453 4016 NDProxy - ok
19:15:28.0453 4016 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:15:28.0468 4016 NetBIOS - ok
19:15:28.0484 4016 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:15:28.0500 4016 NetBT - ok
19:15:28.0546 4016 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:15:28.0546 4016 NetDDE - ok
19:15:28.0562 4016 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:15:28.0562 4016 NetDDEdsdm - ok
19:15:28.0578 4016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:15:28.0578 4016 Netlogon - ok
19:15:28.0609 4016 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:15:28.0625 4016 Netman - ok
19:15:28.0671 4016 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:15:28.0671 4016 NetTcpPortSharing - ok
19:15:28.0718 4016 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:15:28.0718 4016 Nla - ok
19:15:28.0734 4016 NMIndexingService - ok
19:15:28.0781 4016 [ 9865516D33BC66FDDAC9DB4087D4B6AA ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
19:15:28.0828 4016 nosGetPlusHelper - ok
19:15:28.0828 4016 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:15:28.0843 4016 Npfs - ok
19:15:28.0859 4016 npggsvc - ok
19:15:28.0859 4016 NTACCESS - ok
19:15:28.0890 4016 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:15:28.0921 4016 Ntfs - ok
19:15:28.0937 4016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:15:28.0937 4016 NtLmSsp - ok
19:15:28.0968 4016 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:15:28.0984 4016 NtmsSvc - ok
19:15:29.0015 4016 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:15:29.0015 4016 Null - ok
19:15:29.0359 4016 [ 7B5A17BD54BB9142843DBE99A1CAAED8 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:15:29.0734 4016 nv - ok
19:15:29.0765 4016 [ 5150B108EA88831E1C599603D8B89621 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
19:15:29.0765 4016 NVSvc - ok
19:15:29.0859 4016 [ 83E8AB7BB3C8956C53FEC071C94F0BBB ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:15:29.0875 4016 nvUpdatusService - ok
19:15:29.0921 4016 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:15:29.0921 4016 NwlnkFlt - ok
19:15:29.0937 4016 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:15:29.0937 4016 NwlnkFwd - ok
19:15:29.0968 4016 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:15:29.0984 4016 Parport - ok
19:15:29.0984 4016 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:15:30.0000 4016 PartMgr - ok
19:15:30.0015 4016 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:15:30.0015 4016 ParVdm - ok
19:15:30.0031 4016 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:15:30.0031 4016 PCI - ok
19:15:30.0046 4016 PCIDump - ok
19:15:30.0062 4016 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:15:30.0062 4016 PCIIde - ok
19:15:30.0078 4016 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:15:30.0093 4016 Pcmcia - ok
19:15:30.0093 4016 PDCOMP - ok
19:15:30.0109 4016 PDFRAME - ok
19:15:30.0109 4016 PDRELI - ok
19:15:30.0125 4016 PDRFRAME - ok
19:15:30.0125 4016 perc2 - ok
19:15:30.0140 4016 perc2hib - ok
19:15:30.0171 4016 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:15:30.0171 4016 PlugPlay - ok
19:15:30.0203 4016 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
19:15:30.0203 4016 Pml Driver HPZ12 - ok
19:15:30.0250 4016 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
19:15:30.0250 4016 PnkBstrA - ok
19:15:30.0265 4016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:15:30.0265 4016 PolicyAgent - ok
19:15:30.0265 4016 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:15:30.0281 4016 PptpMiniport - ok
19:15:30.0281 4016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:15:30.0281 4016 ProtectedStorage - ok
19:15:30.0296 4016 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:15:30.0296 4016 PSched - ok
19:15:30.0312 4016 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:15:30.0312 4016 Ptilink - ok
19:15:30.0328 4016 ql1080 - ok
19:15:30.0328 4016 Ql10wnt - ok
19:15:30.0343 4016 ql12160 - ok
19:15:30.0343 4016 ql1240 - ok
19:15:30.0343 4016 ql1280 - ok
19:15:30.0375 4016 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:15:30.0375 4016 RasAcd - ok
19:15:30.0406 4016 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:15:30.0484 4016 RasAuto - ok
19:15:30.0515 4016 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:15:30.0531 4016 Rasl2tp - ok
19:15:30.0562 4016 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:15:30.0718 4016 RasMan - ok
19:15:30.0734 4016 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:15:30.0750 4016 RasPppoe - ok
19:15:30.0781 4016 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:15:30.0812 4016 Raspti - ok
19:15:30.0843 4016 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:15:30.0859 4016 Rdbss - ok
19:15:30.0875 4016 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:15:30.0875 4016 RDPCDD - ok
19:15:30.0921 4016 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:15:30.0921 4016 RDPWD - ok
19:15:30.0953 4016 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:15:30.0968 4016 RDSessMgr - ok
19:15:30.0984 4016 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:15:31.0000 4016 redbook - ok
19:15:31.0046 4016 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:15:31.0046 4016 RemoteAccess - ok
19:15:31.0093 4016 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
19:15:31.0109 4016 RichVideo - ok
19:15:31.0125 4016 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:15:31.0140 4016 RpcLocator - ok
19:15:31.0156 4016 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:15:31.0156 4016 RpcSs - ok
19:15:31.0203 4016 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:15:31.0218 4016 RSVP - ok
19:15:31.0234 4016 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:15:31.0234 4016 SamSs - ok
19:15:31.0312 4016 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:15:31.0312 4016 SASDIFSV - ok
19:15:31.0312 4016 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:15:31.0328 4016 SASKUTIL - ok
19:15:31.0343 4016 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:15:31.0359 4016 SCardSvr - ok
19:15:31.0390 4016 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:15:31.0406 4016 Schedule - ok
19:15:31.0453 4016 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:15:31.0453 4016 Secdrv - ok
19:15:31.0484 4016 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:15:31.0484 4016 seclogon - ok
19:15:31.0500 4016 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:15:31.0500 4016 SENS - ok
19:15:31.0531 4016 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:15:31.0546 4016 serenum - ok
19:15:31.0546 4016 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:15:31.0562 4016 Serial - ok
19:15:31.0578 4016 SetupNTGLM7X - ok
19:15:31.0609 4016 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:15:31.0609 4016 Sfloppy - ok
19:15:31.0656 4016 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:15:31.0703 4016 SharedAccess - ok
19:15:31.0703 4016 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:15:31.0718 4016 ShellHWDetection - ok
19:15:31.0718 4016 Simbad - ok
19:15:31.0718 4016 Sparrow - ok
19:15:31.0750 4016 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:15:31.0765 4016 splitter - ok
19:15:31.0796 4016 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:15:31.0796 4016 Spooler - ok
19:15:31.0812 4016 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:15:31.0812 4016 sr - ok
19:15:31.0828 4016 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:15:31.0859 4016 srservice - ok
19:15:31.0875 4016 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:15:31.0890 4016 Srv - ok
19:15:31.0921 4016 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:15:31.0937 4016 SSDPSRV - ok
19:15:31.0968 4016 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:15:31.0968 4016 ssmdrv - ok
19:15:32.0015 4016 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:15:32.0031 4016 stisvc - ok
19:15:32.0062 4016 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:15:32.0062 4016 swenum - ok
19:15:32.0093 4016 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:15:32.0109 4016 swmidi - ok
19:15:32.0125 4016 SwPrv - ok
19:15:32.0125 4016 symc810 - ok
19:15:32.0140 4016 symc8xx - ok
19:15:32.0140 4016 sym_hi - ok
19:15:32.0156 4016 sym_u3 - ok
19:15:32.0171 4016 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:15:32.0171 4016 sysaudio - ok
19:15:32.0187 4016 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:15:32.0203 4016 SysmonLog - ok
19:15:32.0234 4016 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:15:32.0250 4016 TapiSrv - ok
19:15:32.0281 4016 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:15:32.0312 4016 Tcpip - ok
19:15:32.0343 4016 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:15:32.0359 4016 TDPIPE - ok
19:15:32.0375 4016 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:15:32.0390 4016 TDTCP - ok
19:15:32.0406 4016 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:15:32.0406 4016 TermDD - ok
19:15:32.0437 4016 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:15:32.0468 4016 TermService - ok
19:15:32.0484 4016 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:15:32.0500 4016 Themes - ok
19:15:32.0500 4016 TosIde - ok
19:15:32.0546 4016 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:15:32.0562 4016 TrkWks - ok
19:15:32.0578 4016 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:15:32.0593 4016 Udfs - ok
19:15:32.0593 4016 ultra - ok
19:15:32.0609 4016 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:15:32.0625 4016 Update - ok
19:15:32.0640 4016 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:15:32.0671 4016 upnphost - ok
19:15:32.0703 4016 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:15:32.0703 4016 UPS - ok
19:15:32.0734 4016 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
19:15:32.0750 4016 USBAAPL - ok
19:15:32.0750 4016 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:15:32.0765 4016 usbccgp - ok
19:15:32.0796 4016 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:15:32.0796 4016 usbehci - ok
19:15:32.0812 4016 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:15:32.0812 4016 usbhub - ok
19:15:32.0828 4016 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:15:32.0828 4016 usbprint - ok
19:15:32.0843 4016 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:15:32.0843 4016 usbscan - ok
19:15:32.0843 4016 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:15:32.0859 4016 usbstor - ok
19:15:32.0859 4016 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:15:32.0875 4016 usbuhci - ok
19:15:32.0875 4016 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:15:32.0875 4016 VgaSave - ok
19:15:32.0890 4016 ViaIde - ok
19:15:32.0890 4016 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:15:32.0906 4016 VolSnap - ok
19:15:32.0937 4016 [ 558CEE3D9C470651F1843D51B42D761B ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
19:15:32.0968 4016 Vsdatant - ok
19:15:33.0015 4016 vsmon - ok
19:15:33.0046 4016 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:15:33.0062 4016 VSS - ok
19:15:33.0078 4016 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:15:33.0093 4016 W32Time - ok
19:15:33.0109 4016 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:15:33.0125 4016 Wanarp - ok
19:15:33.0125 4016 WDICA - ok
19:15:33.0140 4016 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:15:33.0140 4016 wdmaud - ok
19:15:33.0171 4016 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:15:33.0171 4016 WebClient - ok
19:15:33.0250 4016 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:15:33.0250 4016 winmgmt - ok
19:15:33.0296 4016 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:15:33.0296 4016 WmdmPmSN - ok
19:15:33.0328 4016 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:15:33.0328 4016 WmiApSrv - ok
19:15:33.0390 4016 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:15:33.0437 4016 WMPNetworkSvc - ok
19:15:33.0484 4016 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:15:33.0515 4016 wscsvc - ok
19:15:33.0562 4016 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:15:33.0562 4016 wuauserv - ok
19:15:33.0593 4016 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:15:33.0593 4016 WudfPf - ok
19:15:33.0625 4016 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:15:33.0640 4016 WudfRd - ok
19:15:33.0671 4016 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:15:33.0671 4016 WudfSvc - ok
19:15:33.0718 4016 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:15:33.0812 4016 WZCSVC - ok
19:15:33.0843 4016 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:15:33.0859 4016 xmlprov - ok
19:15:33.0859 4016 ================ Scan global ===============================
19:15:33.0890 4016 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:15:33.0937 4016 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:15:33.0984 4016 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:15:33.0984 4016 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:15:34.0000 4016 [Global] - ok
19:15:34.0000 4016 ================ Scan MBR ==================================
19:15:34.0000 4016 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:15:34.0203 4016 \Device\Harddisk0\DR0 - ok
19:15:34.0218 4016 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:15:34.0468 4016 \Device\Harddisk1\DR1 - ok
19:15:34.0468 4016 ================ Scan VBR ==================================
19:15:34.0468 4016 [ 7B628B17F603DC4FAA61FA0006DFCEF6 ] \Device\Harddisk0\DR0\Partition1
19:15:34.0468 4016 \Device\Harddisk0\DR0\Partition1 - ok
19:15:34.0468 4016 [ 329774653EAD2D1B1A8F1F93B16F0408 ] \Device\Harddisk1\DR1\Partition1
19:15:34.0468 4016 \Device\Harddisk1\DR1\Partition1 - ok
19:15:34.0484 4016 ============================================================
19:15:34.0484 4016 Scan finished
19:15:34.0484 4016 ============================================================
19:15:34.0484 4008 Detected object count: 0
19:15:34.0484 4008 Actual detected object count: 0
19:15:39.0359 3904 Deinitialize success





Adware Cleaner Text Scan:



# AdwCleaner v2.006 - Logfile created 11/04/2012 at 19:17:49
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Janina Joy - JANINA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Janina Joy\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Janina Joy\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Joshua\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Joshua\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Joshua\Start Menu\Programs\Wajam
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Janina Joy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://www.google.com", "hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={AECEFC3F-3CA2-4D96-8340-F265F4BA87CA}", "hxxp://www.claro-search.com/?affID=116690&tt=4312_2&babsrc=HP_ss&mntrId=ec7e131f000000000000001e8c6b4004" ]
Deleted [l.2164] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://www.google.com", "hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={AECEFC3F-3CA2-4D96-8340-F265F4BA87CA}", "hxxp://www.claro-search.com/?affID=116690&tt=4312_2&babsrc=HP_ss&mntrId=ec7e131f000000000000001e8c6b4004" ]

*************************

AdwCleaner[S1].txt - [291 octets] - [11/08/2012 23:26:57]
AdwCleaner[S2].txt - [4822 octets] - [11/08/2012 23:28:40]
AdwCleaner[S3].txt - [3756 octets] - [04/11/2012 19:17:49]

########## EOF - C:\AdwCleaner[S3].txt - [3816 octets] ##########







Junkware Removal Tool Scan Results:




Junkware Removal Tool (JRT) by Thisisu
Version: 2.6.5 (11.04.2012)
OS: Microsoft Windows XP x86
Ran by Janina Joy on Sun 11/04/2012 at 19:25:41.59
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}



*** Files: 0 Detections



*** Folders:

Successfully deleted: [FOLDER] "C:\Documents and Settings\Janina Joy\Application Data\dvdvideosoft"
Successfully deleted: [FOLDER] "C:\Documents and Settings\Janina Joy\Application Data\dvdvideosoftiehelpers"
Successfully deleted: [FOLDER] "C:\Program Files\Common Files\dvdvideosoft"
Successfully deleted: [FOLDER] "C:\Program Files\coupons"
Successfully deleted: [FOLDER] "C:\Program Files\dvdvideosoft"



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Sun 11/04/2012 at 19:32:53.56
End of Report








MiniTool Box Scan Results:





MiniToolBox by Farbar Version: 23-07-2012
Ran by Janina Joy (administrator) on 04-11-2012 at 19:44:47
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net 127.0.0.1 ads.active.com 127.0.0.1 am1.activemeter.com

There are 12610 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Atheros L2 Fast Ethernet 10/100 Base-T Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : JANINA

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : sd.cox.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : sd.cox.net

Description . . . . . . . . . . . : Atheros L2 Fast Ethernet 10/100 Base-T Controller

Physical Address. . . . . . . . . : 00-1E-8C-6B-40-04

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.105.28.11

68.105.29.11

68.105.28.12

Lease Obtained. . . . . . . . . . : Sunday, November 04, 2012 7:19:54 PM

Lease Expires . . . . . . . . . . : Monday, November 05, 2012 7:19:54 PM

Server: cdns1.cox.net
Address: 68.105.28.11

Name: google.com
Addresses: 74.125.239.7, 74.125.239.8, 74.125.239.9, 74.125.239.14
74.125.239.0, 74.125.239.1, 74.125.239.2, 74.125.239.3, 74.125.239.4
74.125.239.5, 74.125.239.6



Pinging google.com [74.125.224.174] with 32 bytes of data:



Reply from 74.125.224.174: bytes=32 time=33ms TTL=55

Reply from 74.125.224.174: bytes=32 time=36ms TTL=55



Ping statistics for 74.125.224.174:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 36ms, Average = 34ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=45ms TTL=54

Reply from 72.30.38.140: bytes=32 time=49ms TTL=54



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 49ms, Average = 47ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e 8c 6b 40 04 ...... Atheros L2 Fast Ethernet 10/100 Base-T Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.100 192.168.1.100 20
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/13/2012 07:07:56 PM) (Source: Application Error) (User: )
Description: Fault bucket -1257027967.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (09/13/2012 07:07:30 PM) (Source: Application Error) (User: )
Description: Faulting application iTunes.exe, version 10.6.3.25, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iTunes.exe!ws!]

Error: (08/26/2012 00:51:31 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19298, fault address 0x000b9ed8.
Processing media-specific event for [iexplore.exe!ws!]

Error: (08/09/2012 05:07:41 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (08/09/2012 05:07:41 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (08/09/2012 10:41:52 AM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 21.0.1180.60, faulting module chrome.dll, version 21.0.1180.60, fault address 0x0052c336.
Processing media-specific event for [chrome.exe!ws!]

Error: (08/09/2012 10:32:18 AM) (Source: nview_info) (User: )
Description: NVIEW : regsvr32: Shared heap exhausted or damaged, process ID fe0, total alloc:0...

Error: (08/09/2012 10:32:18 AM) (Source: nview_info) (User: )
Description: NVIEW : regsvr32: Shared heap exhausted or damaged, process ID fe0, total alloc:0...

Error: (08/09/2012 10:32:18 AM) (Source: nview_info) (User: )
Description: NVIEW : regsvr32: Shared heap exhausted or damaged, process ID fe0, total alloc:0...

Error: (08/08/2012 10:08:54 PM) (Source: Application Error) (User: )
Description: Faulting application iTunes.exe, version 10.6.3.25, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iTunes.exe!ws!]


System errors:
=============
Error: (11/03/2012 05:28:42 PM) (Source: Service Control Manager) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).

Error: (11/03/2012 05:28:42 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (11/03/2012 05:28:42 PM) (Source: Service Control Manager) (User: )
Description: The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

Error: (11/03/2012 05:28:42 PM) (Source: Service Control Manager) (User: )
Description: The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

Error: (11/03/2012 05:28:42 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/03/2012 05:28:42 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/03/2012 05:28:42 PM) (Source: Service Control Manager) (User: )
Description: The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/03/2012 05:28:42 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/03/2012 05:28:42 PM) (Source: Service Control Manager) (User: )
Description: The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (10/06/2012 10:20:16 AM) (Source: DCOM) (User: JANINA)
Description: Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The error:
"%%1314"
Happened while starting this command:
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -Embedding


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 2.6.0.19140)
Adobe Community Help (Version: 3.4.980)
Adobe Download Assistant (Version: 1.0.3)
Adobe Download Manager (Version: 1.6.2.102)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player (Version: 11)
AIM 6
AiO_Scan_CDA (Version: 70.0.231.000)
AiOSoftwareNPI (Version: 70.0.231.000)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® L2 Fast Ethernet Driver (Version: 1.0.11.1)
Avira Free Antivirus (Version: 12.0.0.1199)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 70.0.170.000)
Call of Duty: Modern Warfare 2 - Multiplayer
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 4.0)
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder (Version: 1.00.0000)
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
EPSON Printer Software
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
F300 (Version: 70.0.231.000)
F300_Help (Version: 70.0.231.000)
Fax_CDA (Version: 70.0.231.000)
Free Studio version 5.0.9
GearDrvs (Version: 1.00.0000)
Google Chrome (Version: 22.0.1229.94)
Google Update Helper (Version: 1.3.21.123)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Customer Participation Program 7.0 (Version: 7.0)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart Essential (Version: 1.9.1.3)
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant (Version: 100.000.001.000)
HP Solution Center 7.0 (Version: 7.0)
HP Update (Version: 5.002.008.001)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
HPSSupply (Version: 100.0.172.000)
ieSpell (Version: 2.5.1 (build 106))
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel® Graphics Media Accelerator Driver
iPhone Configuration Utility (Version: 2.1.0.163)
iTunes (Version: 10.7.0.21)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 33 (Version: 6.0.330)
JavaFX 2.1.1 (Version: 2.1.1)
KeyScrambler (Version: 2.9.3.0)
LightScribe System Software 1.10.13.1 (Version: 1.10.13.1)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MarketResearch (Version: 70.0.170.000)
Media converter
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Encarta Encyclopedia Standard 2003 (Version: 2003)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003 (Version: 11.0.50)
Microsoft Money 2003 System Pack (Version: 11.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Picture It! Photo 7.0 (Version: 7.0.0.0000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Streets and Trips 2002 (Version: 9.00.17.0200)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word 2002 (Version: 10.0.6626.0)
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0 (Version: 07.02.0710.1)
Microsoft Works Suite Add-in for Microsoft Word (Version: 2.0.0.0000)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.8.0)
Move Media Player
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Musicnotes Player V1.23.1 and Viewer (Version: 1.23.1)
My.Freeze.com NetAssistant (Version: 3.6.0)
neroxml (Version: 1.0.0)
Netscape (7.2)
NewCopy_CDA (Version: 70.0.231.000)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA nView 136.27 (Version: 136.27)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
PowerDVD (Version: 7.0.2414.0)
ProductContextNPI (Version: 70.0.231.000)
QuickTime (Version: 7.72.80.56)
Readme (Version: 70.0.231.000)
Realm of the Mad God
Realtek High Definition Audio Driver (Version: 5.10.0.5397)
Rhapsody Player Engine (Version: 1.1.0)
Safari (Version: 5.34.54.16)
Scan (Version: 7.0.0.0)
ScannerCopy (Version: 7.0.0.0)
Shop for HP Supplies (Version: 10.0)
Sibelius Scorch (ActiveX Only) (Version: 5.2.1)
SolutionCenter (Version: 70.0.170.000)
SpiralFrog Download Manager 0.8.25 (Version: 0.8.25.2761)
SpywareBlaster 4.6 (Version: 4.6.0)
Status (Version: 70.0.170.000)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 4.48.1000)
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
TuxGuitar 1.2
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
Works Suite OS Pack (Version: 3.0.0.0000)
WOT for Internet Explorer (Version: 10.12.20.0)
ZoneAlarm Firewall (Version: 10.1.065.000)
ZoneAlarm Free (Version: 10.1.065.000)
ZoneAlarm Security (Version: 10.1.065.000)
ZoneAlarm Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 1023.17 MB
Available physical RAM: 529.89 MB
Total Pagefile: 2460.63 MB
Available Pagefile: 1849.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.8 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.05 GB) (Free:20.04 GB) NTFS
3 Drive e: () (Fixed) (Total:28.63 GB) (Free:15.31 GB) NTFS

========================= Users: ========================================

User accounts for \\JANINA

Administrator ASPNET Guest
HelpAssistant Janina Joy Jenna
Joshua SUPPORT_388945a0 UpdatusUser
William


**** End of log ****


Thanks again for your help and I will be back on tomorrow evening to proceed with the next step of instructions.
hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

#5 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 05 November 2012 - 08:02 PM

Just got home today. I turned on the infected computer, and it boots up normally, except when I get to choose the user at the Welcome screen. After I select the user, the applicable user wallpaper for that user comes up, but no icons on desktop. I have no ability to select the start/menu button on the bottom of the screen. All I have now is the wall paper for the user but Windows XP is totally inoperable. I rebooted into safe mode and all seemed to work well. Then, I tried for the 3rd time to see if I could boot normally all the way and select the user from the welcome screen. And, now everything seems to work again. All the icons are back up and I have access to start/menu, task bar etc. Weird, I don't recall ever seeing this type of computer behavior before, but perhaps it is related to my current infection, or this may be something totally different, unrelated and coincidental.
hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:37 AM

Posted 05 November 2012 - 08:32 PM

Are you ysing a custom Hosys file?

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.



You may need to run SFC to fix the icon issue.
Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 05 November 2012 - 08:42 PM

What is a "custom Hosys file"?

I will go ahead and d/l and run the aswMBR file and post the results in the next reply.

The icon issue seems to have fixed itself. I have turned off and rebooted the infected computer several times now and it does not appear to have any of the aforementioned problems.
hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:37 AM

Posted 05 November 2012 - 08:50 PM

Yikes!!! Hosts file
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 05 November 2012 - 09:00 PM

Here is the aswMBR scan results:




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-05 17:45:06
-----------------------------
17:45:06.390 OS Version: Windows 5.1.2600 Service Pack 3
17:45:06.390 Number of processors: 2 586 0xF0D
17:45:06.390 ComputerName: JANINA UserName:
17:45:07.015 Initialize success
17:48:40.796 AVAST engine defs: 12110600
17:49:28.328 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
17:49:28.328 Disk 0 Vendor: Maxtor_6E030L0 NAR61590 Size: 29325MB BusType: 3
17:49:28.328 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17
17:49:28.328 Disk 1 Vendor: WDC_WD1600AAJS-00WAA0 58.01D58 Size: 152627MB BusType: 3
17:49:28.343 Disk 1 MBR read successfully
17:49:28.343 Disk 1 MBR scan
17:49:28.468 Disk 1 Windows XP default MBR code
17:49:28.468 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
17:49:28.484 Disk 1 scanning sectors +312576705
17:49:28.562 Disk 1 scanning C:\WINDOWS\system32\drivers
17:49:46.281 Service scanning
17:49:50.125 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
17:49:53.437 Service MSICPL D:\install4\MSICPL.sys **LOCKED** 21
17:49:55.125 Service NTACCESS D:\NTACCESS.sys **LOCKED** 21
17:49:58.984 Service SetupNTGLM7X D:\NTGLM7X.sys **LOCKED** 21
17:50:03.031 Modules scanning
17:50:08.968 Disk 1 trace - called modules:
17:50:08.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:50:08.984 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x871d4ab8]
17:50:08.984 3 CLASSPNP.SYS[f761cfd7] -> nt!IofCallDriver -> \Device\00000068[0x871e2e00]
17:50:08.984 5 ACPI.sys[f74b3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x8717a030]
17:50:09.875 AVAST engine scan C:\WINDOWS
17:50:33.156 AVAST engine scan C:\WINDOWS\system32
17:54:38.343 AVAST engine scan C:\WINDOWS\system32\drivers
17:54:57.968 AVAST engine scan C:\Documents and Settings\Janina Joy
17:58:25.515 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Janina Joy\Desktop\MBR.dat"
17:58:25.515 The log file has been saved successfully to "C:\Documents and Settings\Janina Joy\Desktop\aswMBR.txt"
hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:37 AM

Posted 05 November 2012 - 09:45 PM

Good ,I take it as you did not know the Hosts file then obviously you did not change it.

Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the prompts in the Fix it wizard.


How is it now?



To learn about The Hosts File
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 05 November 2012 - 10:03 PM

I ran the automatic fix it version from the second option you provided me. Right after it completed, the Avira Free Antivirus warning popped up and stated, "Host file blocked" under the Module realtime protection and then it closed.

I am a bit nervous to reboot now because of the Avira warning block notification. But, according to the fix it, I need to reboot in order for the fix to complete. Is it safe to reboot now?
hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:37 AM

Posted 05 November 2012 - 10:20 PM

If you haven't create a new restore point first. Then we have something to fall back to.

http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 05 November 2012 - 10:54 PM

Ok,

Newly created restore point completed. Based on the Avira reports, the unauthorized files infected my system on 10-25-2012. So, any restore points prior to this date would be valid also. It sure would be nice if my family could inform me when these warnings pop up or if they could tell me when things are running slow so I could ensure that any possible infections don't get too out of hand. At any rate, the system does appear to run like normal again.

So, are there any further scans or things to work on? Or, do you think this computer now has a clean bill of health?

Thank you so much for your help!
hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:37 AM

Posted 06 November 2012 - 02:21 PM

You're very welcome... Looks good to me.... If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:? Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

? Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 09 November 2012 - 01:59 AM

boopme,

Thank you again for all your help. I am all patched up and back in the saddle again! I have had a couple chats with the young folks in the household to remind them to stay clear of the sites where we most likely got this nasty infection (some peer to peer file sharing for pirated mp3's-musinc). I just advised them that if they want to download music, then to simply pay for it on Itunes from now on, simple as that.

Anyways, go ahead and close this ticket.

You rock!
hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users